Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all 2798 articles
Browse latest View live

"App Explorer Updated" on Startup

$
0
0
Whenever I migrate my files to any new pc, I get the attached screenshot showing up on startup - obviously one of my old files is infected with something, but no amount of scanning with any program I'm aware of has located any infection, nor do I see any suspicious startup entries anywhere. I've noticed the message content seems to be randomized (on some new PCs it'll say something like "Windows Startup Menu Updated" instead of "App Explorer Updated" for example.

Anyone run across this one before?

Thanks in advance!

Attached Thumbnails
Click image for larger version

Name:	malware.jpg
Views:	N/A
Size:	26.7 KB
ID:	299353  

Malware on Friends computer

$
0
0
My friend was using Facebook in Firefox when she had a new tab open appearing to be from Microsoft telling her to call them. She was unable to close the window, or Firefox. I had her end the process and shut the computer down, and it has not been on since then except for to run DDS. The requested logs follow, and are attached. Thanks in advance!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.101.2
Run by Roberta Bird at 12:34:01 on 2017-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7918.6260 [GMT -6:00]
.
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Roberta Bird\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google+ Auto Backup] "C:\Users\Roberta Bird\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ROBERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1B63D4AB-9A0D-4041-9A9F-E78E99F4A9A2} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{438CD666-04EA-4BBC-B4D2-3FE79BD8A5A2} : DHCPNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roberta Bird\AppData\Roaming\Mozilla\Firefox\Profiles\hywhj9cm.default-1447903078887\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|https://mg.mail.yahoo.com/neo/launch...=8b8th1riot5u8
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-24 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswvmm.sys [2013-11-24 293352]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-3-22 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-11-24 969184]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-24 513632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-24 108816]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-8-31 197128]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-16 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-16 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-16 171416]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-1-9 995800]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-10-13 16248]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-11-15 27760]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-15 677480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-11-15 2182768]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-14 163416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 InstallerService;Service Installer TrueKey;C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S3 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-9 37656]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-13 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 329480]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-10-24 16152]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-1-9 86864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-15 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-11-30 04:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-27 15:33:31 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-10-27 15:20:17 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 12:34:11.15 ===============

Attached Files
File Type: txt attach.txt (5.3 KB)

Unauthorised email sending & Unwanted emails

$
0
0
Hi there,
I'm using Outlook Express and it is sending unauthorised emails. I am also receiving unwanted emails - mostly they end up in junkmail - but I still have to block some addresses. These emails are the root of the unauthorised sending. I can't stop the highly inappropriate and offensive emails - please help.

Thank you in advance!!:rofl:

Osiris ransomware question

$
0
0
Hello! My mate's laptop is infected with Osiris ransomware and it is complete mess. I've tried to use different antiviruses, antimalware tools, shadow copies recovery tools like ShadowExplorer, Recuva - but the result is 0 files decrypted :facepalm:. I found a lot of guides in Google like this that promote SpyHuter tool and swear it will help to recover all files. So I want to ask you can this tool help me to remove Osiris ransomware or it is another fraud?
And it is a way to recover files without paying hackers?

AdWare (continued)

$
0
0
Please reference: http://www.techsupportforum.com/foru...e-1174737.html

I had less than 24 hours to respond,... sorry

Here's what was requested:
# AdwCleaner v6.042 - Logfile created 13/01/2017 at 21:11:32
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Steve - STEVESCOMPUTER
# Running from : D:\downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [761 Bytes] - [13/01/2017 21:11:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [1153 Bytes] - [13/01/2017 21:08:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [906 Bytes] ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Steve (administrator) on STEVESCOMPUTER (13-01-2017 21:28:00)
Running from D:\downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google, Inc) C:\Users\Steve\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2616650606-20550562-3801480240-1000\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.)
HKU\S-1-5-21-2616650606-20550562-3801480240-1000\...\Run: [Google Photos Backup] => C:\Users\Steve\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-2616650606-20550562-3801480240-1000\...\Run: [Spotify Web Helper] => C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-23] (Spotify Ltd)
HKU\S-1-5-21-2616650606-20550562-3801480240-1000\...\MountPoints2: {24511ea3-2209-11e6-bc7f-fcaa14c78ac6} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-2616650606-20550562-3801480240-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-07]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11312726-2811-493A-94BF-947DB1908C61}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3868A159-2B54-4F78-A3E7-21682EEB7004}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF DefaultProfile: a3t35o34.default
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\a3t35o34.default [2017-01-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\a3t35o34.default -> Google
FF Extension: (FireShot) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\a3t35o34.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-09-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2616650606-20550562-3801480240-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2616650606-20550562-3801480240-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2616650606-20550562-3801480240-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Steve\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-04-03] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-2616650606-20550562-3801480240-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Steve\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-04-03] (Epic Privacy Browser)

Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-06]
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-06]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-07]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-06]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2017-01-06]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2017-01-13] (ESET)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586872 2015-09-18] (Hauppauge Computer Works) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2017-01-13] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2017-01-13] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2017-01-13] (ESET)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1771904 2015-01-06] (Hauppauge Computer Works, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-23] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 21:27 - 2017-01-13 21:28 - 00000000 ____D C:\FRST
2017-01-13 21:07 - 2017-01-13 21:11 - 00000000 ____D C:\AdwCleaner
2017-01-13 21:05 - 2017-01-13 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-01-13 21:05 - 2017-01-13 21:05 - 00000000 ____D C:\ProgramData\ESET
2017-01-11 21:50 - 2017-01-11 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 15:49 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 15:49 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 15:49 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 15:49 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 15:49 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 15:49 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 15:49 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 15:49 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 15:49 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 15:49 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 15:49 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 15:49 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 15:49 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-07 12:30 - 2017-01-07 12:34 - 00011689 _____ C:\Users\Steve\Desktop\attach.txt
2017-01-07 12:30 - 2017-01-07 12:30 - 00022922 _____ C:\Users\Steve\Desktop\dds.txt
2017-01-06 18:30 - 2017-01-06 18:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 18:30 - 2017-01-06 18:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-06 18:29 - 2017-01-06 18:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-06 18:29 - 2017-01-06 18:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-23 22:26 - 2017-01-13 21:28 - 00050553 _____ C:\Windows\ZAM.krnl.trace
2016-12-23 22:26 - 2017-01-13 21:28 - 00021566 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-23 22:25 - 2016-12-23 22:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-23 22:25 - 2016-12-23 22:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-23 22:25 - 2016-12-23 22:25 - 00000000 ____D C:\Users\Steve\AppData\Local\Zemana
2016-12-23 22:16 - 2016-12-23 22:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-14 02:30 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 02:30 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 02:30 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 02:30 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 02:30 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-14 02:30 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 02:30 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-14 02:30 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 02:30 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-14 02:30 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-14 02:30 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-14 02:30 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 02:30 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-14 02:30 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-14 02:30 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-14 02:30 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-14 02:30 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-14 02:30 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 02:30 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-14 02:30 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-14 02:30 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 02:30 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-14 02:30 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 02:30 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 02:30 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-14 02:30 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 02:30 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 02:30 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-14 02:30 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-14 02:30 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-14 02:30 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-14 02:30 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-14 02:30 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 02:30 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-14 02:30 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 02:30 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-14 02:30 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 02:30 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-14 02:30 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 02:30 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-14 02:30 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 02:30 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-14 02:30 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 02:30 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 02:30 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-14 02:30 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 02:30 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-14 02:30 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 02:30 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-14 02:30 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-14 02:30 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 02:30 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 02:30 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-14 02:30 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-14 02:30 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 02:30 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 02:30 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-14 02:30 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 02:30 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-14 02:30 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 02:30 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 02:30 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 02:30 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 02:30 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 02:30 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 02:30 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 02:30 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 02:30 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 02:30 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 02:30 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 02:30 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 02:30 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 02:30 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 02:30 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 02:30 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 02:30 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 02:30 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 02:30 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 02:30 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 02:30 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 02:30 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 02:30 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 02:30 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 02:30 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 02:30 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 02:30 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 02:30 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 02:30 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 02:30 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 02:30 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 02:30 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 02:30 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 02:30 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 02:30 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 02:30 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 02:30 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 02:30 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 02:30 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 02:30 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 02:30 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 02:30 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 02:30 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 02:30 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 02:30 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 02:30 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 02:30 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 02:30 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 02:30 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 02:30 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 02:30 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 02:30 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 02:30 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 02:30 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 02:30 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 02:30 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 02:30 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 02:30 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 02:30 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 02:30 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 02:30 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 21:20 - 2009-07-13 23:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-13 21:20 - 2009-07-13 23:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-13 21:17 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-13 21:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-13 21:13 - 2015-10-07 21:00 - 00000000 ___RD C:\Users\Steve\Dropbox
2017-01-13 21:13 - 2015-10-07 20:56 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-13 21:13 - 2015-10-07 20:56 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-13 21:12 - 2015-10-08 21:02 - 00000000 ____D C:\ProgramData\Hauppauge
2017-01-13 21:12 - 2015-10-07 00:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-13 21:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 21:11 - 2015-07-13 06:14 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-01-13 21:11 - 2015-07-13 06:14 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-01-13 21:11 - 2015-07-13 06:14 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2017-01-13 21:00 - 2015-10-07 19:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 20:57 - 2016-09-17 18:31 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-11 22:38 - 2016-09-10 08:34 - 00000000 ____D C:\Users\Steve\AppData\Local\Spotify
2017-01-11 22:38 - 2016-09-10 08:33 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Spotify
2017-01-11 21:50 - 2015-10-07 20:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-11 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 03:18 - 2016-11-22 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-11 03:18 - 2015-10-07 22:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\KeePass
2017-01-11 03:18 - 2015-10-07 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-11 03:03 - 2015-10-07 00:50 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:00 - 2016-09-17 18:31 - 00003898 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-11 03:00 - 2015-10-07 19:33 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 03:00 - 2015-10-07 19:33 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 03:00 - 2015-10-07 19:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 03:00 - 2015-10-07 19:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 03:00 - 2015-10-07 19:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 03:00 - 2015-10-07 00:50 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 08:31 - 2016-11-25 17:15 - 00002379 _____ C:\Users\Steve\Desktop\Epic Privacy Browser.lnk
2017-01-08 08:31 - 2016-04-03 14:04 - 00000000 ____D C:\Users\Steve\AppData\Local\Epic Privacy Browser
2017-01-06 21:11 - 2016-02-04 19:35 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-06 18:30 - 2015-10-07 06:33 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2017-01-06 18:29 - 2015-10-07 06:33 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-06 18:25 - 2016-11-20 18:49 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2016-12-23 22:26 - 2015-10-07 03:07 - 00000000 ____D C:\Users\Steve
2016-12-20 21:24 - 2016-04-09 15:35 - 00000000 ____D C:\Program Files (x86)\Quicken
2016-12-18 18:22 - 2015-10-25 19:41 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2616650606-20550562-3801480240-1000UA
2016-12-18 18:22 - 2015-10-25 19:41 - 00003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2616650606-20550562-3801480240-1000Core
2016-12-18 18:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Tasks
2016-12-14 03:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\assembly
2016-12-14 03:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-14 03:25 - 2009-07-13 23:45 - 02349096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 03:25 - 2009-07-13 21:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-14 03:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-14 03:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-14 03:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-14 03:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-14 03:09 - 2015-10-13 20:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 03:03 - 2015-10-08 21:01 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-10-14 20:41 - 2015-10-14 20:56 - 0000624 _____ () C:\Users\Steve\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-04-28 21:06 - 2016-07-08 22:32 - 0000600 _____ () C:\Users\Steve\AppData\Roaming\winscp.rnd
2015-11-30 20:08 - 2016-06-15 21:02 - 0000600 _____ () C:\Users\Steve\AppData\Local\PUTTY.RND
2015-10-07 03:18 - 2015-10-07 03:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-27 11:02 - 2016-03-11 21:27 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\dotNetFx40_Full_x86_x64.exe
C:\Users\Steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsy7wd.dll
C:\Users\Steve\AppData\Local\Temp\Fix-Hauppauge-Permissions.exe
C:\Users\Steve\AppData\Local\Temp\InstHelper.exe
C:\Users\Steve\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
C:\Users\Steve\AppData\Local\Temp\uninstall.exe
C:\Users\Steve\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-11 03:49

==================== End of FRST.txt ============================

Attached Files
File Type: txt Addition.txt (37.0 KB)

Malware/Spyware on my sons computer

$
0
0
My son stated he downloaded a program (Clipgrab) and it installed other programs, change browse home page, tried to install chrome ex., installed Advanced-PC-Care, and Chromium. Got "Attention 1311 system issues found" warning box. I also believe there are other issues as he does not know/understand computer security threats.

Thx
______________________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.111.2
Run by Bobs at 9:01:28 on 2017-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12227.9544 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ByteFence\ByteFence.exe
C:\Program Files\ByteFence\ByteFenceService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Bobs\AppData\Local\Akamai\netsession_win.exe"
uRun: [ApowersoftScreenRecorder] C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleChromeAutoLaunch_79FDE7476D2035E204915C9A44029ADF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRun: [Chromium] c:\users\bobs\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Bobs\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEGAsync.lnk - C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30D7C005-E93B-47E2-A73A-1B1A7FF882B9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.86.5.247 apowersoft.com
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bobs\AppData\Roaming\Mozilla\Firefox\Profiles\fed5q4yd.default-1481328372243\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bobs\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Bobs\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-17 644968]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-17 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-9-17 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2015-9-1 56336]
R2 AdobeActiveFileMonitor13.0;Adobe Active File Monitor V13;C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [2014-8-31 231120]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-2-14 693440]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2218712]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-17 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-9-17 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-9-17 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-9-17 149120]
R2 ByteFenceService;ByteFence Anti-Malware Service;C:\Program Files\ByteFence\ByteFenceService.exe [2016-12-18 146400]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2013-7-9 195336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-8-3 169432]
R2 rtop;ByteFence Security Real-time Protection;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2017-1-14 254280]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-6-28 754784]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2016-8-16 98984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\windows\System32\drivers\e1d62x64.sys [2013-9-17 495376]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\windows\System32\drivers\ICCWDT.sys [2016-11-2 38680]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-9-17 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-9-17 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2013-9-17 218456]
S2 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2016-6-28 120416]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-12-27 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-9-17 449528]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2013-9-17 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2013-9-17 42192]
S3 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2013-9-1 293416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-17 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2016-6-28 213088]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2013-9-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2015-8-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-9-17 30208]
S3 wampapache64;wampapache64;C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [2016-12-27 29696]
S3 wampmysqld64;wampmysqld64;c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 --> c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-8-3 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
.
=============== Created Last 30 ================
.
2017-01-14 13:22:09 -------- d-----w- C:\ProgramData\ByteFence
2017-01-14 13:12:38 -------- d-----w- C:\Users\Bobs\AppData\Local\chromium
2017-01-14 13:11:48 -------- d-----w- C:\Users\Bobs\AppData\Local\{7D254B79-598D-27C1-3415-0229107DFEB1}
2017-01-14 13:11:38 -------- d-----w- C:\Users\Bobs\AppData\Roaming\Advancedpccare.net
2017-01-14 13:11:33 -------- d-----w- C:\Users\Bobs\AppData\Roaming\efo
2017-01-14 13:11:33 -------- d-----w- C:\ProgramData\advancedpccare.net
2017-01-14 13:11:32 -------- d-----w- C:\Program Files\Advanced-PC-Care
2017-01-14 13:11:31 -------- d-----w- C:\Program Files\ByteFence
2017-01-14 13:11:23 -------- d-----w- C:\Program Files (x86)\ClipGrab
2017-01-14 03:08:15 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDBABA1D-33A7-4616-8E6E-43BDD36B09D4}\mpengine.dll
2017-01-13 22:54:55 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-01-04 18:55:52 -------- d-----r- C:\Program Files (x86)\Skype
2017-01-02 17:44:31 -------- d-----w- C:\Program Files (x86)\SpinnerChief 4 Ultimate v9.0.2
2017-01-02 17:42:30 -------- d-----w- C:\Program Files (x86)\WhiteHatBox
2016-12-27 22:57:49 -------- d-----w- C:\wamp64
2016-12-21 11:07:26 -------- d-----w- C:\Users\Bobs\AppData\Local\Blurb
2016-12-21 11:07:17 -------- d-----w- C:\Program Files (x86)\BookWright
.
==================== Find3M ====================
.
2017-01-10 17:04:11 802904 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 17:04:11 144472 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-30 03:34:16 28352 ----a-w- C:\windows\SysWow64\aspnet_counters.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 03:27:48 30400 ----a-w- C:\windows\System32\aspnet_counters.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr110_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\windows\SysWow64\authui.dll
2016-11-09 16:07:26 1382240 ----a-w- C:\windows\System32\tosade.dll
2016-11-09 16:07:24 75544 ----a-w- C:\windows\System32\tepeqapo64.dll
2016-11-09 16:07:22 873464 ----a-w- C:\windows\System32\tadefxapo264.dll
2016-11-09 16:07:20 158704 ----a-w- C:\windows\System32\tadefxapo.dll
2016-11-09 16:07:18 166208 ----a-w- C:\windows\System32\SRSWOW64.dll
2016-11-09 16:07:14 532384 ----a-w- C:\windows\System32\SRSTSX64.dll
2016-11-09 16:07:12 221968 ----a-w- C:\windows\System32\SRSTSH64.dll
2016-11-09 16:07:10 209536 ----a-w- C:\windows\System32\SRSHP64.dll
2016-11-09 16:05:58 965032 ----a-w- C:\windows\System32\SFSS_APO.dll
2016-11-09 16:05:50 231920 ----a-w- C:\windows\System32\SFNHK64.dll
2016-11-09 16:05:42 90920 ----a-w- C:\windows\System32\SFCOM64.dll
2016-11-09 16:05:42 83632 ----a-w- C:\windows\SysWow64\SFCOM.dll
2016-11-09 16:05:40 88328 ----a-w- C:\windows\System32\SFAPO64.dll
2016-11-09 16:05:04 343712 ----a-w- C:\windows\System32\RtlCPAPI64.dll
2016-11-09 16:05:00 192984 ----a-w- C:\windows\System32\RtkCfg64.dll
2016-11-09 16:04:54 3283248 ----a-w- C:\windows\System32\RtkApi64.dll
2016-11-09 16:04:48 387320 ----a-w- C:\windows\System32\RTEEP64A.dll
2016-11-09 16:04:46 88352 ----a-w- C:\windows\System32\RTEEG64A.dll
2016-11-09 16:04:46 110984 ----a-w- C:\windows\System32\RTEEL64A.dll
.
============= FINISH: 9:02:12.94 ===============

Attached Files
File Type: txt attach.txt (17.6 KB)

Possible Malware on Win 7 Home 64 bit

$
0
0
Have I got malware or was this event caused by a disk check gone wrong?

Toshiba Satellite L770 laptop - 64 bit
Windows 7 Home
Kaspersky anti-virus
Using Mozilla exclusively as IB
Noticed that SolidWorks was taking 10 minutes to open
Disk clean up
Defrag
Loading MBAM and scanned - found PUP Slimware Utilities driver only
Disk check with no bad sectors found

Upon restart, serious changes:
appear to have lost internet connection
half of the desktop shortcuts disappeared including all Microsoft Office for example and all desktop files
Mozilla shortcut has been corrupted
Thunderbird is functional but there is no data including email accounts - appears like a fresh program download.

Ideas please?

Help with possible Virus/Malware - DDS couldn't run

$
0
0
Hello,

First, thank you for any help you can provide.

I believe there is something wrong with at least one, if not more, computers in my home. I haven't been very safe recently, and did download some files from p2p sites. I noticed after a couple months that my computer started to run a little slower. Then suddenly, every once in a while the screen would change and it would have some weird block green pattern laid over top whatever was on my screen. I'd have to restart to clear that. I haven't seen that in a while, but now my internet is significantly slower. Today, my computer took about 5 minutes to boot. Typically it's done in less than 20 seconds. So it's progressively getting worse and changing which is weird.

My computer is running Windows 8.1 Pro x64.

I also have concern about my network in general. I run a Synology NAS and QNAP NAS as well. One is used for personal file sharing across devices on the network and the other is for work documents. I worry that since the majority of my files are on the NAS devices and accessed by other computers that numerous devices might be infected. I noticed some problems with my Surface Pro 4 as well. I reformatted that, but still have some issues, especially with internet speed. Let me know if I should post information on any of these systems as well.

I tried to run the DDS scan, but it seemed to not be compatible with Win 8.1. After looking around on the forum I saw people saying to run FRST. So I posted that log here instead. If there is something else that you'd like me to post please let me know.

Thanks again for any help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by Russell (administrator) on RUSSELL (14-01-2017 17:53:21)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-29] (CyberLink Corp.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr [688992 2017-01-14] (Swearware)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170113.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:53 - 2017-01-14 17:53 - 00036831 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-14 17:52 - 2017-01-14 17:53 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-14 17:52 - 02419200 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 17:46 - 2017-01-14 17:46 - 00688992 _____ (Swearware) C:\Users\Russell\Desktop\dds.scr
2017-01-14 17:24 - 2017-01-14 17:24 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007 (1).pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:46 - 2015-12-17 11:56 - 00000000 ___DO C:\Users\Russell\OneDrive
2017-01-14 17:41 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-14 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-14 17:37 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-14 17:35 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-14 17:34 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-14 17:34 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 17:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 17:29 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:24 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:51 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-14 12:38 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-14 12:28 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 11:50 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:15 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:25 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-10 23:22 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:20 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-10 22:59 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-02 03:06 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-02 01:12 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links
2016-12-22 17:42 - 2014-11-21 11:23 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:42 - 2014-11-21 11:23 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 06:19 - 2013-08-22 09:44 - 00482536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 16:56 - 2016-03-11 20:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Holotable
2016-12-16 14:58 - 2016-03-08 09:21 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 14:58 - 2016-03-08 09:21 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 14:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-15 06:59 - 2016-03-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 11:46

==================== End of FRST.txt ============================

Something Randomly Deletes Files and Emails

$
0
0
I am running windows 10, and every few days when either in windows explorer or in any email client (including OWA) files and emails will start deleting
If I remote desktop to another PC it will attempt to delete files there as well.

I have reinstalled win 10 recently, yet this issue persists

Please advise

Thanks

Attached Files
File Type: txt attach.txt (12.0 KB)
File Type: txt dds.txt (52.0 KB)

'Urgent Chrome Update' Malware

$
0
0
Hello, occasionally I am getting pop-ups urging me to 'upgrade' my Chrome browser. The links all look pretty phishy! Can you help me fix this? Thank you!

~Jason

---

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.40.2
Run by Jason at 14:28:43 on 2017-01-16
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8143.6006 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\M-Audio\Fast Track C400\AudioDevMon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1b625d39
mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1b625d39
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [Dropbox Update] "C:\Users\Jason\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [VideoDownloaderUltimate] C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WTClient] WTClient.exe
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300
mRunOnce: [Bebafeta] C:\WINDOWS\SysWoW64\wscript.exe /E:vbscript /B "C:\Users\Jason\AppData\Roaming\Nanamegab"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4d1eafe3-dbda-4eba-9d36-a99c4b3b6ae2} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8f0dbeab-dca7-4564-b97b-4306c9d4971c} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8f0dbeab-dca7-4564-b97b-4306c9d4971c}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1b625d39
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-5-28 672104]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-23 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-3 227328]
R1 AsrAppCharger;AsrAppCharger;C:\WINDOWS\System32\drivers\AsrAppCharger.sys [2014-11-6 17192]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPUserSvc_abe23;CDPUserSvc_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 FastTrackC400AudioDevMon;Fast Track C400 Audio Device Monitor;C:\Program Files (x86)\M-Audio\Fast Track C400\AudioDevMon.exe [2014-8-19 574184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-5-28 16232]
R2 Intel(R) ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-20 131544]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\WINDOWS\System32\IPROSetMonitor.exe [2014-2-5 259848]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2015-4-27 14624]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-20 154584]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-11 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-8-6 2521024]
R2 OneSyncSvc_abe23;Sync Host_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-8-31 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-6 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\WINDOWS\System32\drivers\BrSerIb.sys [2014-10-23 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\WINDOWS\System32\drivers\BrUsbSib.sys [2014-10-23 21872]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-10-6 168448]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-7-16 37376]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-10-6 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ElcMouLFlt;ELECOM USB Mouse Lower Filter Driver;C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [2015-9-10 28648]
R3 ElcMouUFlt;ELECOM USB Mouse Upper Filter Driver;C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [2015-9-10 27624]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\WINDOWS\System32\drivers\ikbevent.sys [2014-5-27 22216]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\WINDOWS\System32\drivers\imsevent.sys [2014-5-27 22728]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD.sys [2014-5-27 44744]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-11 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-4-29 3632576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-5-13 56384]
R3 PimIndexMaintenanceSvc_abe23;Contact Data_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 PTSimBus;PenTablet Bus Enumerator;C:\WINDOWS\System32\drivers\PTSimBus.sys [2015-10-14 32128]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 t_mouse.sys;HID-compliand device;C:\WINDOWS\System32\drivers\t_mouse.sys [2013-4-9 6144]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_abe23;User Data Storage_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_abe23;User Data Access_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-3 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [2016-10-19 276256]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2017-1-9 1038864]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_abe23;MessagingService_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MONEYPENNY;Service for M-Audio Fast Track C400;C:\WINDOWS\System32\drivers\MAudioFastTrackC400.sys [2014-8-19 527592]
S3 MONEYPENNYDFU;Service for M-Audio Fast Track C400 DFU;C:\WINDOWS\System32\drivers\MAudioFastTrackC400_DFU.sys [2014-8-19 31464]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-23 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-6 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-10-6 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_abe23;Windows Push Notifications User Service_abe23;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-23 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-01-16 08:51:32 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5B8F3F0-06D4-4B67-85AA-FBA3E9763453}\mpengine.dll
2017-01-15 09:12:37 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2017-01-14 02:13:09 276256 ----a-w- C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
.
============= FINISH: 14:28:55.61 ===============

Attached Files
File Type: txt attach.txt (6.1 KB)

Possible Malware/Adware

$
0
0
I'm running Windows 8.1, and primarily use Google Chrome to access the internet. Sometimes my browser will redirect to a random survey site out of nowhere. I've run a virus scan using AVG and a malware scan using MalwareBytes, but neither have detected or removed the problem.

I was unable to download and run DDS so I downloaded and ran Farberware Recovery and Scan Tool instead, and have attached the two txt files the scan produced.

Attached Files
File Type: txt FRST.txt (50.8 KB)
File Type: txt Addition.txt (42.9 KB)

what to do?

$
0
0
okay so here's a bit of a doosy... (wow did i just say that?)

so desktop is infected with a killer virus. first popups started happening, i thought nothing of it. then bing was set to my default engine when it wasn't set to my default engine.... annnnnnd then it hijacked my keyboard so i type random things with button presses..... (this was when i noticed something was wrong) so i ran scans. first with windows defender then with spyhunter. when that found a bunch of things and killed them i thought "okay problem solved." but it wasn't. soooooo.... then it somehow disabled ctr-alt-del.(how is that even possible?) also it's cut the internet to the computer. and finally just now it cut the keyboard entirely. i can no longer type. this presents a problem as i cannot login without typing. so i'm at a total loss for what to do. help?

Sent here by Corday

$
0
0
I was instructed to come here and get checked.
I have been working with Corday on a failure to update issue. Last evening he gave me an update KB3204723 and as soon as it rebooted after install the alert bubble over the updates icon on the taskbar said to look for updates. I postede that and this morning he suggested I come here to get rechecked. I had a check last week after MWB found some virus. I never deleted them from MWB but they were gone when that check here was done.
The way it usually works on my machine is that it auto finds updates and then that icon appears when it finds some. In the last few months the icon is always there and when I click it the updates window tells me to look for updates instead of having updates ready.

I have the system discs I made per instructions when I first booted the machine.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16819 BrowserJavaVersion: 11.111.2
Run by Me at 9:34:29 on 2017-01-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.1902 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Ghostery Plugin: {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86} : DHCPNameServer = 75.75.75.75 75.75.76.76
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\9izno1f1.default-1437064698897\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2015-5-9 504912]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2015-5-9 26624]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2016-8-25 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-8-1 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-8-1 124088]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\Windows\System32\drivers\psmounterex.sys [2015-4-2 169992]
S3 PSVolAcc;PSVolAcc;C:\Windows\System32\drivers\PSVolAcc.sys [2014-7-21 12760]
S3 WIMMount;WIMMount;C:\Program Files\Macrium\Reflect\wimmount.sys [2015-5-14 22096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2016-8-1 25800]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2015-5-10 90776]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-16 40960]
S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2015-5-9 954368]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-12-30 23:49:06 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-12-13 19:04:42 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-13 19:04:42 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-08 15:49:57 2804736 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 16:16:24 383208 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 16:09:14 48128 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 16:06:50 306408 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:59:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-28 01:22:26 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-10-19 17:24:56 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-04 14:41:48 90112 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 9:35:03.20 ===============

Attached Files
File Type: txt attach.txt (15.9 KB)

Possible root kit on my cell phone?

$
0
0
I have a Galaxy S7 Edge with an Android OS on it. I have noticed that when I sometimes go on normal website through the Google app, it will redirect me to those pages where it says either "you have a virus" or "you won a million dollars". I have downloaded normal Antivirus software and ran with nothing there, but how can I check it deeper. It sometimes shows on websites I KNOW for a fact would never ever do that. Maybe hook it up to my laptop and run a scan from my laptop? Any apps you reccomend or things I should try? Anything helps!

Scammer took control of laptop

$
0
0
My sister fell victim to a scammer and I'd like to know if she has anything more to be concerned about.

She is running Windows10 on a Toshiba Satellite L50-C-1XM laptop. She received a pop-up alert that purported to be from Microsoft, telling her to phone a support number, and the laptop gave a very annoying alarm that she couldn't turn off.

She phoned the number and spoke to a guy with a strong Indian accent, who told her to press the Windows key and then the "R" key. She complied.

The guy told her that she had no firewall and offered to sell her a firewall for £300. She told him that she was running Norton Internet Security and he said that it had been breached.

She declined the offer and phoned me. I went over and ran Malwarebytes, but while MB was running, Norton found the infection and eradicated it.

I used my own laptop to change her banking password, and forbade her to access her bank account online until this has been cleared up.

Many thanks for your help.


dds file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Loulou at 15:19:08 on 2017-01-31
Microsoft Windows 10 Home 10.0.14393.0.1252.44.2057.18.8106.5453 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Windows\system32\CxAudMsg64.exe
C:\WINDOWS\system32\ibtsiva.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe
C:\Users\Loulou\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
C:\Users\Loulou\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll
uRun: [OneDrive] "C:\Users\Loulou\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" -startwithoutDA
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRunOnce: [Uninstall C:\Users\Loulou\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Loulou\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
mRun: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6227d309-6267-4286-9276-069d8e766081} : DHCPNameServer = 40.42.1.201 40.42.1.203
TCP: Interfaces\{94ff6e49-5159-40c1-a76c-0435b0d524fa} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{94ff6e49-5159-40c1-a76c-0435b0d524fa}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coieplg.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SACpl.exe" /t
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TCrdMain] C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-6-23 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-10 48992]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\1608010.00E\symefasi64.sys [2016-11-17 1628888]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-24 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20170125.003\BHDrvx64.sys [2017-1-27 1874136]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\1608010.00E\ccsetx64.sys [2016-11-17 174328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20170130.001\IDSviA64.sys [2017-1-31 1038024]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1608010.00E\ironx64.sys [2016-11-17 289520]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\1608010.00E\symnets.sys [2016-11-17 567512]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_3055f6e;CDPUserSvc_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2015-10-12 225496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2016-6-2 144608]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-4-25 373752]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-10 223520]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\nis.exe [2016-11-17 289080]
R2 OneSyncSvc_3055f6e;Sync Host_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2015-7-13 93040]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2015-7-6 331056]
R2 TOSRMService;TOSRMService;C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [2015-6-24 326960]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-6-11 3831200]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2015-5-27 19960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-1-27 156824]
R3 ETD;ELAN Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2016-6-2 580696]
R3 ETDSMBus;ETDSMBus;C:\WINDOWS\System32\drivers\ETDSMBus.sys [2016-5-4 31832]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-7-12 349960]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-6-21 3776792]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 PimIndexMaintenanceSvc_3055f6e;Contact Data_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 QIOMem;Generic IO & Memory Access;C:\WINDOWS\System32\drivers\QIOMem.sys [2015-5-5 14000]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-10-12 301784]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-12 895256]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TemproMonitoringService;TEMPRO Service;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2015-11-17 120392]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-4-3 53896]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_3055f6e;User Data Storage_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_3055f6e;User Data Access_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\1608010.00E\symelam.sys [2016-11-17 24192]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-21 881152]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_3055f6e;MessagingService_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-6-11 268192]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-14 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2015-7-21 973104]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_3055f6e;Windows Push Notifications User Service_3055f6e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-10 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-1 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-01-27 18:08:00 -------- d-----w- C:\ProgramData\Trusteer
2017-01-27 13:09:41 -------- d-----w- C:\Program Files (x86)\Citrix
2017-01-27 13:09:27 -------- d-----w- C:\Users\Loulou\AppData\Local\Citrix
2017-01-25 08:39:42 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 08:39:42 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-11 15:14:59 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
.
==================== Find3M ====================
.
2017-01-30 12:31:02 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-27 15:29:00 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-01-14 18:36:17 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
.
============= FINISH: 15:19:55.36 ===============

Attached Files
File Type: txt attach.txt (4.1 KB)

Unauthorised email sending & Unwanted emails

$
0
0
Hi - thanks for your patience. I have copied and attached the requested files.

It appears that I am sending emails to people possibly companies I don't know and who are not in my address book - I only know it's happened when I get Undelivered mail return to sender notifications.

It started when I began to get unsolicited inappropriate emails - which I block and delete in the junk mail folder - but they keep changing their address so have to keep blocking the new ones.

I am using Microsoft Outlook with Windows 7 Home Premium.

Thank you for your help.:rofl::rofl:

Sue


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538
Run by Sue at 9:26:55 on 2017-02-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.937 [GMT 2:00]
.
AV: McAfee VirusScan *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
C:\ProgramData\ASCValidator\ASCValidatorService.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Advance-System-Care\adsc.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files (x86)\Cell C\UIExec.exe
C:\Program Files (x86)\Cell C\CancelAutoPlay.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Program Files (x86)\Cell C\AssistantServices.exe
C:\Program Files (x86)\Cell C\UnifiedUi.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Cell C\CMUpdater.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files\Intel Security\True Key\Application\truekey.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\STCServ\STCServ.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Intel Security\True Key\Application\truekey.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
uRun: [GoogleChromeAutoLaunch_39FF5F0A3A3753311386D9B0AA8115FE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
mRun: [UIExec] "C:\Program Files (x86)\Cell C\UIExec.exe"
mRun: [CancelAutoPlay] "C:\Program Files (x86)\Cell C\CancelAutoPlay.exe" run
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~3.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0AC753E3-B644-4073-A34B-09D81A6CA9D1} : NameServer = 41.48.23.61 41.48.23.29
TCP: Interfaces\{ED878BCA-FBBB-4372-B670-01DCE68682FE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{ED878BCA-FBBB-4372-B670-01DCE68682FE}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{ED878BCA-FBBB-4372-B670-01DCE68682FE}\84F6D656 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [GwxControlPanelMonitor] "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
x64-Run: [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
x64-Run: [IntelConnectCenter] C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe /tasktrayonly
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-30 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-30 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-24 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2016-8-2 884792]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2016-9-9 252984]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-24 21584]
R1 Uim_DEVIM;UIM Direct Device Image Plugin;C:\Windows\System32\drivers\uim_devim.sys [2015-8-21 25904]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 404360]
R2 ASCValidator;ASC Validator;C:\ProgramData\ASCValidator\ASCValidatorService.exe [2016-12-9 29696]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2016-10-19 596768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
R2 LyonessBrowserUpdater;LyonessBrowserUpdater;C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe [2015-3-23 180736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2017-1-26 188352]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2016-10-19 998992]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2016-10-19 596768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe [2016-5-31 1910000]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2016-10-19 596768]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2016-10-19 596768]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2016-10-19 596768]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2016-10-19 384016]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [2016-10-19 1454216]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-10-19 1045336]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2016-9-1 623848]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-1-17 754784]
R2 STCServ;Intel(R) Common Connectivity Framework;C:\Program Files\Intel\STCServ\STCServ.exe [2015-3-16 8095456]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-1-26 995800]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-11-2 16248]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Cell C\AssistantServices.exe [2015-8-13 277248]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2016-9-9 88120]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2014-1-29 123392]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2014-1-29 123392]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\System32\drivers\HSPADataCardusbser.sys [2014-1-29 123392]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-24 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-24 786416]
R3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-24 169432]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2016-8-2 477752]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2016-8-2 364088]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2016-10-19 242704]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2016-9-9 512056]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2016-8-1 519456]
R3 mfeplk;McAfee Inc. mfeplk;C:\Windows\System32\drivers\mfeplk.sys [2016-9-9 110136]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2017-1-26 46240]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2016-10-19 331280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-24 769168]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-3-15 102912]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-3-15 220672]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-1-24 21584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2017-1-16 1039376]
S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2015-6-9 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2015-6-9 30424]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2016-10-19 216704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-14 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-2-5 449496]
S3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2015-8-13 11776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 329480]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2016-8-1 100136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-8-24 19456]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-6-9 155520]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-1-26 86864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-8-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-8-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-31 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2017-01-12 10:14:59 -------- d-----w- C:\Program Files (x86)\Advanced Password Manager IE Addon
2017-01-12 09:48:16 -------- d-----w- C:\Users\Sue\AppData\Roaming\AdvancedPasswordManager.com
.
==================== Find3M ====================
.
2017-01-31 13:26:38 5642 --sha-w- C:\ProgramData\KGyGaAvL.sys
2017-01-11 08:15:18 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-01-11 08:15:18 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-05 18:55:50 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-01-05 18:55:50 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-01-05 17:43:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-01-05 17:42:59 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2017-01-05 17:32:02 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-01-05 17:25:29 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-01-05 17:24:54 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-01-05 17:24:53 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-01-05 17:24:11 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-01-05 17:23:20 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-01-05 17:19:03 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-29 20:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-29 20:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 20:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 20:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 20:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-29 20:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-29 20:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-29 20:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-21 18:12:11 109568 ----a-w- C:\Windows\System32\hlink.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2015-12-22 06:52:37 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 9:28:11.57 ===============

Attached Files
File Type: txt attach.txt (9.2 KB)

Bad Performance Issues

$
0
0
Hi :ermm: -- I have recently started having issues with my laptops performance and have no clue what's going on. I did inherit this one from my older brother who is a developer so I know there is a lot installed on here which I don't need...

I've uninstalled all the applications I'm certain I won't be using, but there seems to be a lot of php or .net environment stuff on here that I'm not sure I should touch as I'm uncertain if it's required for something?

Task manager looks like nothing is taking up too much memory or CPU so I'm really puzzled as to why everything is just so slow to respond.

I'm running windows 10 on a 2 year old Alienware laptop (at least I think it's 2 years old), it's a legit copy, there's no CD but I'm pretty sure it doesn't need one - though... I'd love it if I could avoid spending a whole weekend re-installing everything! Thank you in advance for any help or light you can shed.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by James at 23:35:37 on 2017-02-01
Microsoft Windows 10 Home 10.0.14393.0.1252.61.1033.18.16265.13421 [GMT 11:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\InputMethod\CHS\ChsIME.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Ditto\Ditto.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
C:\WINDOWS\SysWoW64\WerFault.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\WINDOWS\system32\wermgr.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\System32\sihclient.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - <orphaned>
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Windows\SysWOW64\F12\F12App.dll
uRun: [Spotify Web Helper] "C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\James\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\James\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [Ditto] C:\Program Files\Ditto\Ditto.exe
uRun: [AdobeBridge] <no file>
mRun: [Alienware Survey] c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe /boot
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IJNetworkScannerSelectorEX2] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe /FORCE
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\aa_patch.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{1e9b6316-f132-4c4a-8c18-0c56445ed39f} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{1e9b6316-f132-4c4a-8c18-0c56445ed39f}\4556C637472716739314834364D25374 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{1e9b6316-f132-4c4a-8c18-0c56445ed39f}\D41627375696C6C656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{45ab9d4c-7cc6-421e-841d-02353b3df55c} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{7aae0c92-fb9d-47c8-8e24-98bb1a677438} : DHCPNameServer = 10.0.0.138
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 192.168.1.225 uws.localhost
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\g45utcq9.default-1480144923764\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\James\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\g45utcq9.default-1480144923764\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 DellDigitalDelivery;Alienware Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-3-16 237448]
R?2 OneSyncSvc_6c64a;Sync Host_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2016-7-1 74544]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswvmm.sys [2016-7-1 293352]
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2012-7-11 17720]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-10-19 653808]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-10 48992]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2014-1-27 56208]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\WINDOWS\System32\drivers\stdcfltn.sys [2016-8-10 22168]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-27 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-3 227328]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2016-7-1 37144]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2016-7-1 969184]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2016-7-1 513632]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013-10-19 92536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-8-4 115648]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2227312]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2013-11-4 15888]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2016-7-1 108816]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2016-7-1 163416]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-9-5 197128]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-7-28 2278152]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_6c64a;CDPUserSvc_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-12-13 2946304]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-6-24 202488]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-11-4 362920]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-14 731648]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-26 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-26 21007192]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-8-4 312056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-7-22 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2016-5-1 339968]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-3 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-1-26 621336]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-7-28 199472]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-11-3 168448]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-7-16 37376]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-11-3 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2015-1-31 23760]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2015-5-23 24240]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2013-10-19 10752]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-10-15 473864]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2014-9-19 27000]
R3 KillerEth;NDIS Miniport Driver for Killer e2200 PCI-E Ehternet Controller;C:\WINDOWS\System32\drivers\e22w10x64.sys [2015-10-1 133192]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-26 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-6-26 40392]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\drivers\RtsPStor.sys [2012-3-29 342632]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2013-10-19 32496]
R3 ST_Accel;STMicroelectronics Accelerometer Service;C:\WINDOWS\System32\drivers\ST_Accel.sys [2013-10-19 91360]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-11 54784]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/10/19 03:13:13;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2013-1-3 245888]
S2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-24 2572024]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-11 15344]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-19 169432]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2013-12-21 1915920]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-9-9 31704]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2016-7-1 37656]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-7-28 214328]
S3 btwpanfl;BTW PAN filter driver;C:\WINDOWS\System32\drivers\btwpanfl.sys [2013-10-19 44912]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-3 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2014-1-26 14136]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-9-19 38264]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-14 820184]
S3 ioloEnergyBooster;ioloEnergyBooster;C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [2012-11-1 6145872]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e22w8x64.sys [2013-10-19 174448]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-3 64352]
S3 MessagingService_6c64a;MessagingService_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2016-7-12 48696]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_6c64a;Contact Data_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-16 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-3 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_6c64a;User Data Storage_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_6c64a;User Data Access_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-9-6 108776]
S3 WacHidRouter;Wacom Hid Router;C:\WINDOWS\System32\drivers\wachidrouter.sys [2014-1-26 90424]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2014-1-26 15160]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-3 719360]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-8-16 159936]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_6c64a;Windows Push Notifications User Service_6c64a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-10 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-4 43520]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2016-7-16 95744]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-01-28 14:08:31 -------- d-----w- C:\Program Files\Common Files\AV
2017-01-28 14:08:31 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2017-01-25 02:35:15 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 02:35:15 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-22 03:59:51 -------- d-----w- C:\ProgramData\ALM
2017-01-22 00:45:33 88752 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6965.2117\vcruntime140.dll
2017-01-22 00:45:33 635040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6965.2117\msvcp140.dll
2017-01-11 00:19:14 1631232 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll
2017-01-11 00:18:59 3134976 ----a-w- C:\WINDOWS\System32\rdpcore.dll
2017-01-11 00:17:57 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2017-01-11 00:16:50 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
.
==================== Find3M ====================
.
2017-02-01 12:31:46 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-01 12:31:21 147728 ------w- C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-02-01 11:37:18 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
.
============= FINISH: 23:38:22.04 ===============

Attached Files
File Type: txt attach.txt (18.9 KB)

Scammer took control of desktop

$
0
0
My mother-in-law had a scammer take "total" control of her computer and asked for iTunes cards she id not pay since the cahier told her it was a scam.

DDR output:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Smith at 17:38:04 on 2017-02-04
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.5887.3379 [GMT -5:00]
.
AV: Norton 360 Premier *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\atashost.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Smith\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Smith\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Microsoft Works\wkssb.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.12200.0_x64__8wekyb3d8bbwe\Solitaire.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7830.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7830.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.xfinity.com/tt2/?cid=mihp03112016
uDefault_Page_URL = hxxp://xfinity.comcast.net/?cid=IE11
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coieplg.dll
BHO: <No Name>: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coieplg.dll
uRun: [BingSvc] C:\Users\Smith\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [OneDrive] "C:\Users\Smith\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Smith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
StartupFolder: C:\Users\Smith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP34-10019/support/ieatgpc1.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{b9f8a158-2391-41e8-b39c-f39f8d506478} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coieplg.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coieplg.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\N360x64\1608010.00E\symefasi64.sys [2016-11-17 1628888]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-27 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\22.8.0.50\Definitions\BASHDefs\20170201.001\BHDrvx64.sys [2017-2-2 1874136]
R1 ccSet_N360;N360 Settings Manager;C:\WINDOWS\System32\drivers\N360x64\1608010.00E\ccsetx64.sys [2016-11-17 174328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\22.8.0.50\Definitions\IPSDefs\20170203.002\IDSviA64.sys [2017-2-4 1038024]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\N360x64\1608010.00E\ironx64.sys [2016-11-17 289520]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\N360x64\1608010.00E\symnets.sys [2016-11-17 567512]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-1-4 118520]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_1c394279;CDPUserSvc_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-8-12 3699904]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2015-4-27 14624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe [2016-11-17 289080]
R2 OneSyncSvc_1c394279;Sync Host_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-12-16 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-11-23 156888]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_1c394279;Contact Data_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_1c394279;User Data Storage_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_1c394279;User Data Access_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\N360x64\1608010.00E\symelam.sys [2016-11-17 24192]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_1c394279;MessagingService_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-27 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2015-12-29 13920]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-29 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_1c394279;Windows Push Notifications User Service_1c394279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-10 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-27 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-01-25 18:41:54 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 18:41:54 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-11 01:27:59 201728 ----a-w- C:\WINDOWS\System32\ScDeviceEnum.dll
2017-01-11 01:26:59 266752 ----a-w- C:\WINDOWS\System32\ConsoleLogon.dll
2017-01-11 01:26:59 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2017-01-11 01:26:58 3733504 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
2017-01-11 01:26:58 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2017-01-11 01:26:57 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2017-01-11 01:26:57 341344 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-01-11 01:26:57 104448 ----a-w- C:\WINDOWS\SysWow64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 01:26:54 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2017-01-11 01:26:54 806400 ----a-w- C:\WINDOWS\SysWow64\D3D12.dll
2017-01-11 01:26:54 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2017-01-11 01:26:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
.
==================== Find3M ====================
.
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:45:10 153952 ----a-w- C:\WINDOWS\System32\mqcmiplugin.dll
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:03:15 136544 ----a-w- C:\WINDOWS\SysWow64\mqmigplugin.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2016-12-14 05:33:30 1356864 ----a-w- C:\WINDOWS\System32\ClipUp.exe
2016-12-14 05:23:03 404832 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-12-14 05:21:13 2206496 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2016-12-14 05:19:34 584544 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-12-14 05:18:59 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
.
============= FINISH: 17:38:37.93 ===============

Attached Files
File Type: txt attach.txt (3.7 KB)

Please help

$
0
0
Hello, lately I've noticed odd files showing up on fresh installs and registry entries which are suspicious. I also see many connection resets and encrypted data over wire shark. Attached are my dds logs. (also, they would not show up on my desktop even though I could see them in file explorer.)

I run solely with user privileges and suspect dll/object injection.

%temp% now has some manifest.json files with: "CRLSet","Sequence":3533,"DeltaFrom":0,"NumParents":55,"BlockedSPKIs"

a windows app called codewriter was installed.

Thank you kindly.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by useless at 12:09:31 on 2017-02-05
Microsoft Windows 10 Enterprise Evaluation 10.0.14393.0.1252.1.1033.18.5943.3568 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\wlms\wlms.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\dwm.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\taskhostw.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\system32\AUDIODG.EXE
svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uRun: [OneDrive] "C:\Users\useless\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879}\542796B616 : DHCPNameServer = 192.168.29.10
TCP: Interfaces\{d214b33f-7338-47b7-86cf-a84c57dad899} : NameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\Windows\System32\drivers\iorate.sys [2017-2-4 48992]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2017-2-4 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2017-2-4 227328]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_3581c9;CDPUserSvc_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\Windows\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 OneSyncSvc_3581c9;Sync Host_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2017-2-4 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WLMS;Windows Licensing Monitoring Service;C:\Windows\System32\wlms\wlms.exe [2016-7-16 23552]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\BthLEEnum.sys [2017-2-4 249856]
R3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppVStrm.sys [2017-2-4 127328]
S3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2017-2-4 118272]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2017-2-4 64352]
S3 MessagingService_3581c9;MessagingService_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\Windows\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_3581c9;Contact Data_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-7-16 589824]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\Windows\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-2-4 2889896]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2017-2-4 1312768]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2017-2-4 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_3581c9;User Data Storage_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_3581c9;User Data Access_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2017-2-4 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_3581c9;Windows Push Notifications User Service_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2017-2-4 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2017-2-4 43520]
S4 AppVClient;Microsoft App-V Client;C:\Windows\System32\AppVClient.exe [2017-2-4 822624]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\Windows\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\Windows\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7356ABA7-12C7-4C95-9220-9AC917EECD68}\gapaengine.dll
2017-02-04 13:50:21 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16D0D9A3-482E-4265-B2B1-7AF4B69EAF80}\mpengine.dll
2017-02-04 13:50:17 485032 ------w- C:\Windows\System32\MpSigStub.exe
2017-02-04 13:49:10 -------- d-----w- C:\Windows\System32\MRT
2017-02-04 13:37:35 -------- d-----w- C:\Users\useless\AppData\Local\Comms
2017-02-04 13:23:33 -------- d-----w- C:\Windows\System32\wbem\Performance
2017-02-04 13:22:46 -------- d-----r- C:\Users\useless\OneDrive
2017-02-04 13:22:35 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-02-04 13:20:33 -------- d-----w- C:\ProgramData\USOShared
2017-02-04 13:11:13 142848 ----a-w- C:\Windows\System32\poqexec.exe
2017-02-04 13:11:13 120320 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-02-04 12:50:18 -------- d-----w- C:\Intel
2017-02-04 12:49:11 -------- d-----w- C:\Program Files\Common Files\Atheros
.
==================== Find3M ====================
.
2016-12-22 23:13:26 835576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\Windows\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\Windows\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\Windows\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\Windows\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\Windows\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\Windows\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\Windows\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\Windows\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\Windows\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\Windows\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\Windows\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\Windows\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\Windows\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\Windows\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\Windows\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\Windows\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\Windows\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\Windows\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\Windows\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\Windows\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\Windows\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\Windows\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\Windows\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\Windows\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\Windows\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\Windows\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\Windows\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\Windows\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\Windows\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\Windows\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\Windows\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\Windows\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\Windows\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\Windows\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\Windows\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\Windows\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\Windows\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\Windows\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\Windows\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\Windows\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\Windows\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\Windows\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\Windows\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\Windows\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\Windows\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\Windows\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\Windows\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\Windows\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\Windows\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\Windows\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\Windows\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\Windows\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\Windows\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\Windows\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\Windows\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\Windows\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\Windows\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\Windows\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\Windows\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\Windows\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\Windows\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\Windows\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\Windows\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\Windows\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\Windows\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\Windows\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\Windows\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\Windows\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\Windows\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\Windows\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\Windows\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\Windows\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\Windows\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\Windows\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\Windows\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\Windows\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2016-12-14 05:26:19 1469792 ----a-w- C:\Windows\SysWow64\AppVEntSubsystems32.dll
.
============= FINISH: 12:09:47.46 ===============

Attached Files
File Type: txt Attach.txt (7.5 KB)

Thought better safe than sorry after random Microsoft Virus Alert last night....

$
0
0
:ermm:

As per the new instructions I attempted to run DDS but got an error saying "dds is not meant to be run in compatibility mode. The program will now exit" I tried more than a few times then did a random google search about that error and found this super old post:

hxxp://www.techsupportforum.com/forums/f100/dds-is-not-meant-to-run-in-compatibility-mode-892610.html

I realize that its totally outdated but decided rather than post nothing I would post the logs for Farbar and Malware Bytes and hope it helps to determine what is going on.

Basically the night before last I had fallen asleep watching a show on my pc which was streaming from cloudtime which I have done a billion times. I woke up and couldn't fall asleep right away so I thought I would watch another episode. When I went to change from fullscreen to regular in the window that was cloudtime I got this annoying Microsoft warning about a virus which I had to actually force close via task manager cuz that was the only way I could get rid of it. After that it seemed to be back to normal except today when I went to play another episode (this time from vidzi.com which I have also used many times without issue) I got a weird half distorted half light blue screen with some windows error I didn't have a chance to make note of before it rebooted my pc automatically and since then things are back to normal again.

The only issue I have ever had was when I used refresh to fix a computer issue less than a year after I bought it which ended up deactivating the windows which was pre-installed when I bought my PC from Best Buy. I contacted Best Buy and Microsoft to no avail and finally contacted ASUS who said it was because I had Windows 8 initially and had upgraded to windows 8.1 which was why the key embedded into my pc wasn't working because my pc was running 8.1 and not 8 and my only option to get it fixed was to ship my pc to some foreign country so they could have it for who knows how many weeks so I kept it as is and have learned to tolerate that activate windows screen that pops up every 3 or so hours. (usually when I'm gaming and its most likely to kill me lol) . As a result I can not do windows updates cuz if I try it get stuck in a never ending loop of installing updates, updates failed, rolling back updates for literally like 6 hours.

First here is the Farbar Recovery Scan Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Lisa (administrator) on LISAPC (05-02-2017 20:03:56)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Extra)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() E:\scsiaccess.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wargaming.net) E:\WorldofWarships\WargamingGameUpdater.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
(Blizzard Entertainment) E:\Battle.net\Battle.net.8293\Battle.net.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() E:\ROXIO\Roxio 2012\5.0\CPMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() E:\Battle.net\Battle.net.8293\Battle.net Helper.exe
() E:\Battle.net\Battle.net.8293\Battle.net Helper.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [SRSAENotifier] => C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe [570272 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => E:\ROXIO\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => E:\ROXIO\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [LoadQM] => C:\WINDOWS\loadqm.exe [7536 2000-05-03] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [SRSHDAudioLab] => C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe [5446056 2012-06-25] ()
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [uTorrent] => C:\Users\Lisa\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-27] (BitTorrent Inc.)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [MSMSGS] => C:\Program Files (x86)\Messenger\msmsgs.exe [1458448 2002-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [TalkHelper] => E:\TalkHelper Call Recorder for Skype\TalkHelper Call Recorder for Skype\TalkHelper.exe [4619776 2016-09-03] (TalkHelper Team)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [DAEMON Tools Lite Automount] => E:\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [World of Warships] => E:\WorldofWarships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [Battle.net] => E:\Battle.net\Battle.net Launcher.exe [3122152 2016-11-30] (Blizzard Entertainment)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\MountPoints2: {6134864e-c0f8-11e6-8300-e03f49e6a5f5} - "J:\setup.exe"
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\MountPoints2: {d8c8ab4c-aaf5-11e6-82ec-e03f49e6a5f5} - "I:\setup.exe"
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Lisa\Desktop\dds.scr [688992 2017-02-05] (Swearware)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-09-26]
ShortcutTarget: Curse.lnk -> C:\Users\Lisa\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{BB7B3181-CC20-40D9-AE31-2492A17CB806}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BB7B3181-CC20-40D9-AE31-2492A17CB806}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {593938E1-C91D-4060-9064-95BB122DA114} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {F706DB77-44DA-4C8A-95B5-1FD0854416D2} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-17] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: cilej5g4.dev-edition-default
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default [2017-02-05]
FF user.js: detected! => C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\user.js [2016-03-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default -> type", 4
FF Extension: (Grammarly for Firefox) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-12]
FF Extension: (anonymoX) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\client@anonymox.net.xpi [2017-01-29]
FF Extension: (LavaFox V2-Blue) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\djziggy@gmail.com [2016-11-29]
FF Extension: (LavaFox V2-Purple) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\zigboom555@aol.com [2016-11-29]
FF Extension: (BlackFox V2) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\zigboom@hotmail.com [2016-11-29]
FF Extension: (JavaScript on-off applet) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2016-10-04]
FF Extension: (FT DeepDark) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-01-13]
FF Extension: (Adblock Plus) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (WorldIP) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2016-05-17]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\searchplugins\google-avast.xml [2015-08-12]
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\iqkjlxbc.default-1463333953493 [2017-01-17]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2016-04-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2015-07-17] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1929467248-3834011559-1931454703-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1929467248-3834011559-1931454703-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Core 2) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkgipafedkfiijlnmghhendlnidhcene [2016-08-14]
CHR Extension: (AdBlock) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01]
CHR Extension: (Skype) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-04-08]
CHR Extension: (Hide My IP) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekcnopmdcbjdgmpnpkndppflpldnkkp [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-27] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 BITS; C:\WINDOWS\SysWOW64\qmgr.dll [77760 2000-05-03] (Microsoft Corporation) [File not signed]
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
S3 Disc Soft Lite Bus Service; E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-28] (IObit)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3254552 2014-07-13] (INCA Internet Co., Ltd.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S3 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 ScsiAccess; E:\ScsiAccess.exe [186760 2016-03-29] ()
S4 SDScannerService; E:\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; E:\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; E:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SRSHDAudioService; C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-27] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-27] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-08-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-14] (Disc Soft Ltd)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R3 SRS_AE_Service; C:\WINDOWS\system32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 SRS_SSCFilter; C:\WINDOWS\system32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SysCow; C:\WINDOWS\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
S3 tapoas; C:\WINDOWS\system32\DRIVERS\tapoas.sys [30720 2012-07-14] (The OpenVPN Project)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 20:03 - 2017-02-05 20:04 - 00030456 _____ C:\Users\Lisa\Desktop\FRST.txt
2017-02-05 20:03 - 2017-02-05 20:03 - 02421248 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2017-02-05 19:56 - 2017-02-05 19:57 - 00688992 _____ (Swearware) C:\Users\Lisa\Desktop\dds.scr
2017-02-04 19:16 - 2017-02-04 19:16 - 00067072 _____ (Microsoft Corporation) C:\dllhost.exe
2017-02-04 19:14 - 2017-02-04 19:14 - 00281160 _____ C:\WINDOWS\Minidump\020417-15046-01.dmp
2017-01-29 02:14 - 2017-01-29 02:14 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Wondershare Video Converter Ultimate
2017-01-29 02:14 - 2017-01-29 02:14 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-01-27 18:38 - 2017-01-27 18:38 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\uTorrent
2017-01-21 23:40 - 2017-01-21 23:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 19:38 - 2017-01-18 19:38 - 00000000 ____D C:\Users\Lisa\Documents\Rockstar Games
2017-01-18 01:58 - 2017-01-18 01:58 - 00000000 ____D C:\Users\Lisa\AppData\Local\Rockstar Games
2017-01-18 01:50 - 2017-01-18 01:50 - 00000000 __RHD C:\Users\Lisa\AppData\Roaming\SecuROM
2017-01-18 01:25 - 2017-01-18 01:25 - 00000791 _____ C:\Users\Lisa\Desktop\FreeArc.lnk
2017-01-18 01:25 - 2017-01-18 01:25 - 00000791 _____ C:\Users\Extra\Desktop\FreeArc.lnk
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\FreeArc
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
2017-01-12 16:12 - 2017-01-12 16:12 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 10:31 - 2017-01-10 10:31 - 00000881 _____ C:\Users\Lisa\Desktop\City Car Driving.lnk
2017-01-10 10:07 - 2017-01-10 10:07 - 00000000 ____D C:\Users\Lisa\AppData\Local\BorisFX
2017-01-10 10:02 - 2017-01-10 10:06 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-01-10 09:47 - 2017-01-10 10:33 - 00000000 __SHD C:\Users\Lisa\Documents\MSDCSC
2017-01-10 09:46 - 2017-01-10 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire OFX
2017-01-10 09:45 - 2017-01-10 09:45 - 00000103 _____ C:\WINDOWS\MSUTIL.INI
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\ProgramData\GenArts
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\Program Files\Common Files\OFX
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\Program Files (x86)\GenArts
2017-01-10 09:45 - 2010-02-04 07:58 - 00584376 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2017-01-10 09:45 - 2010-02-04 07:40 - 00575672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libiomp5md.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 20:03 - 2015-02-12 04:24 - 00000000 ____D C:\FRST
2017-02-05 19:58 - 2016-03-16 19:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-05 19:58 - 2014-10-01 19:29 - 01073664 ___SH C:\Users\Lisa\Desktop\Thumbs.db
2017-02-05 19:56 - 2016-11-30 18:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\Battle.net
2017-02-05 19:14 - 2013-08-21 22:56 - 00148372 _____ C:\WINDOWS\system32\slmgr.vbs
2017-02-05 19:14 - 2013-08-21 15:52 - 00148372 _____ C:\WINDOWS\SysWOW64\slmgr.vbs
2017-02-05 16:43 - 2016-11-20 02:01 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Mozilla
2017-02-05 03:04 - 2014-09-16 01:10 - 00000000 ___RD C:\Users\Lisa\SkyDrive
2017-02-04 19:16 - 2016-04-08 05:26 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-02-04 19:14 - 2014-10-27 10:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 19:14 - 2014-09-16 00:45 - 596394374 _____ C:\WINDOWS\MEMORY.DMP
2017-02-04 19:14 - 2013-12-09 01:24 - 00000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini
2017-02-04 19:14 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-04 19:13 - 2015-07-24 07:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-04 19:12 - 2016-01-08 06:22 - 00000000 ____D C:\ProgramData\ProductData
2017-02-04 19:12 - 2013-08-22 05:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-04 09:32 - 2016-04-07 17:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-02 12:07 - 2014-10-02 00:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 12:07 - 2014-10-02 00:20 - 00000000 ____D C:\ProgramData\Skype
2017-01-30 09:52 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Cursors
2017-01-29 18:29 - 2015-10-15 23:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-29 15:40 - 2016-11-17 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 15:40 - 2014-09-16 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 02:21 - 2014-09-29 16:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\DVD Flick
2017-01-28 10:44 - 2014-09-28 21:27 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\uTorrent
2017-01-27 04:41 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-26 00:27 - 2014-09-16 01:12 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1929467248-3834011559-1931454703-1002
2017-01-25 03:56 - 2016-01-13 01:19 - 00000000 ____D C:\Program Files\KMSpico
2017-01-25 03:11 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\registration
2017-01-25 02:45 - 2014-10-31 17:58 - 00213504 ___SH C:\Users\Lisa\Downloads\Thumbs.db
2017-01-25 01:21 - 2014-09-27 20:16 - 00809326 _____ C:\WINDOWS\system32\perfh00C.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00807752 _____ C:\WINDOWS\system32\perfh00A.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00805344 _____ C:\WINDOWS\system32\perfh013.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00801092 _____ C:\WINDOWS\system32\perfh010.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00796688 _____ C:\WINDOWS\system32\prfh0816.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00762180 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00457804 _____ C:\WINDOWS\system32\prfh0404.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00166140 _____ C:\WINDOWS\system32\perfc00A.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00163756 _____ C:\WINDOWS\system32\prfc0816.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00161920 _____ C:\WINDOWS\system32\perfc013.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00158828 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00158774 _____ C:\WINDOWS\system32\perfc00C.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00156010 _____ C:\WINDOWS\system32\perfc010.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00135458 _____ C:\WINDOWS\system32\prfc0404.dat
2017-01-25 01:21 - 2013-12-09 01:04 - 07167462 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-19 02:33 - 2015-09-06 12:01 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Fishing Planet LLC
2017-01-19 02:05 - 2016-02-21 18:37 - 00000000 ____D C:\Users\Lisa\AppData\Local\Ubisoft Game Launcher
2017-01-18 23:57 - 2014-10-02 00:21 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2017-01-17 01:24 - 2016-03-16 19:01 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-17 01:24 - 2015-05-13 23:39 - 00000000 ___RD C:\Users\Lisa\OneDrive
2017-01-17 01:24 - 2014-09-16 09:13 - 00000000 ____D C:\Users\Lisa\AppData\Local\Adobe
2017-01-17 01:24 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-17 01:24 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-14 03:06 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 00:58 - 2016-04-07 17:58 - 00003850 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-10 10:31 - 2016-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Car Driving
2017-01-10 10:21 - 2016-05-09 10:52 - 00000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-10 04:02 - 2014-09-28 21:19 - 00000000 ____D C:\ProgramData\F5 Networks
2017-01-10 04:01 - 2013-08-22 07:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-07 22:16 - 2014-11-18 04:51 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2015-03-26 11:14 - 2015-03-26 11:14 - 0005542 _____ () C:\Users\Lisa\AppData\Roaming\JDWLIJ
2015-03-26 11:14 - 2015-03-26 11:14 - 0004185 _____ () C:\Users\Lisa\AppData\Roaming\OYFMLT
2015-02-07 05:46 - 2015-02-07 05:46 - 0000392 _____ () C:\Users\Lisa\AppData\Roaming\Result.txt
2015-07-27 12:07 - 2015-07-27 12:07 - 0099029 _____ () C:\Users\Lisa\AppData\Roaming\Uninstal.exe
2015-01-31 05:14 - 2015-09-06 09:11 - 0006656 _____ () C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-22 08:33 - 2015-06-22 08:33 - 0000036 _____ () C:\Users\Lisa\AppData\Local\housecall.guid.cache
2014-11-30 04:32 - 2016-11-09 03:10 - 0007609 _____ () C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
2016-04-06 08:54 - 2016-07-13 23:40 - 0061248 _____ () C:\Users\Lisa\AppData\Local\rx_audio.Cache
2016-04-06 08:53 - 2016-07-13 23:39 - 1324464 _____ () C:\Users\Lisa\AppData\Local\rx_image32.Cache
2014-10-10 11:22 - 2014-10-10 11:22 - 0000004 _____ () C:\ProgramData\data.00B
2013-12-09 01:10 - 2013-12-09 01:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-10 11:23 - 2014-10-10 11:23 - 0000089 _____ () C:\ProgramData\laucnher.log
2016-07-31 07:44 - 2016-07-31 07:44 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-01-18 01:50 - 2017-01-18 19:33 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Lisa\AppData\Local\Temp\drm_dyndata_7370014.dll
2017-01-10 09:47 - 2017-01-10 09:47 - 0916480 ___SH (Microsoft Corp.) C:\Users\Lisa\AppData\Local\Temp\PATCHER.EXE
2017-01-25 03:05 - 2017-01-25 03:05 - 1042784 _____ (Microsoft Corporation) C:\Users\Lisa\AppData\Local\Temp\PidGenX.dll
2017-01-10 09:47 - 2017-01-10 09:48 - 0124416 _____ () C:\Users\Lisa\AppData\Local\Temp\PLUGININSTALLER.EXE
2017-01-10 09:47 - 2017-01-10 09:48 - 2230784 _____ () C:\Users\Lisa\AppData\Local\Temp\SAPPHIRE OFX PATCH 64BIT.EXE
2017-01-10 09:47 - 2017-01-10 09:48 - 1017856 _____ () C:\Users\Lisa\AppData\Local\Temp\SAPPHIRE.OFX.6.10-PATCH64.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-03 02:46

==================== End of FRST.txt ============================

the addition.txt will be added as attachment.


And Malware bytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2017-02-05
Scan Time: 8:15 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.05.06
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lisa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 461755
Time Elapsed: 46 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, , [0951336c5a4ecb6b7499d532f70dc937],
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, , [0951336c5a4ecb6b7499d532f70dc937],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.HeuristicsReservedWordExploit, C:\dllhost.exe, , [0951336c5a4ecb6b7499d532f70dc937],

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files
File Type: txt Addition.txt (63.4 KB)
Viewing all 2798 articles
Browse latest View live