IE closes and re-opens..screen goes black

March 11, 2018, 1:40 pm

Hi there :)

I came here last year for a similar problem and Chemist helped me out. Basically, for the past while and its been steadily getting worse, IE randomly closes and then re-opens for no reason.

Everything seems to be up to date on here. I have tried a few times to download DDS from the given link but it will not run as it says it can't run in compatability mode.

Last year when I downloaded it to the desktop, it worked fine.

Sorry, I cannot post any logs until I can get DDS to run...:blush:

↧

very, very slow

March 17, 2018, 8:35 am

≫ Next: Windows 7 suddenly slow, hangs in every app

≪ Previous: IE closes and re-opens..screen goes black

The su«ystem has fgon extremely slow. I trued to download dds from your link but I get nothing on the new page...

Wk«hat should I do?

Thank you

qim

↧

Windows 7 suddenly slow, hangs in every app

March 19, 2018, 7:28 am

≫ Next: Big Time HELP

≪ Previous: very, very slow

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18939
Run by Sophie at 10:18:33 on 2018-03-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8111.4755 [GMT -4:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon-x64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EF0DE353-D50E-4C6A-A6EE-C63EA259F3D8} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ajanklf9.default-1513809574451\
FF - prefs.js: browser.startup.homepage - hxxps://yourvibration.com/reclaim/forums/forum/participants-2
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\nppdf.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Sophie\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_29_0_0_113.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\Windows\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2016-6-20 348376]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-6-20 57024]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2016-5-31 45488]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2016-5-17 75696]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2016-6-2 135904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2016-6-14 199640]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Everything;Everything;C:\Program Files\Everything\Everything.exe [2016-11-1 2197608]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2017-8-16 5261584]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2016-3-18 248840]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 70168]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2016-10-31 195288]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2016-5-19 52144]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-3-13 116224]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-4-4 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-4-4 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2017-4-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2017-3-9 1255736]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\NotePro.exe="C:\Program Files (x86)\NoteTab 7\NotePro.exe" "%1" [UserChoice]
ShellExec: EDITPLUS.EXE: open=EDITPLUS.EXE
ShellExec: EDITPLUS.EXE: print=EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2018-03-16 06:10:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F65AD16E-8A6D-4C34-B5B0-8F3E1DBF6430}\offreg.4512.dll
2018-03-16 06:08:01 14453336 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F65AD16E-8A6D-4C34-B5B0-8F3E1DBF6430}\mpengine.dll
2018-03-13 20:59:59 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-05 22:44:58 -------- d-----w- C:\Users\Sophie\AppData\Roaming\obs-studio
2018-03-05 22:43:12 -------- d-----w- C:\Program Files (x86)\obs-studio
2018-03-03 17:23:20 -------- d-----w- C:\Program Files\CCleaner
2018-02-21 18:29:57 -------- d-----w- C:\Program Files\The Bat!
.
==================== Find3M ====================
.
2018-03-13 21:04:00 130364688 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-03-13 11:05:06 804352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-03-13 11:05:06 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-03-09 03:39:08 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-09 03:39:08 5580992 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-09 03:39:06 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-09 03:18:13 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-09 03:14:21 4044992 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-09 03:14:21 4025536 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-09 03:09:10 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-09 02:47:00 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-09 02:38:24 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-09 02:38:19 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-09 02:38:18 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-09 02:37:37 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-09 02:34:38 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-09 02:34:09 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-09 02:33:50 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-09 02:31:07 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-09 02:30:33 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-09 02:30:31 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-09 02:29:48 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-09 02:29:45 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-09 02:26:09 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-09 02:22:48 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-09 02:22:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-09 02:22:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-09 02:22:46 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-09 02:22:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-09 02:21:55 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-09 02:21:55 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-09 02:21:55 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-09 02:21:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-01 08:36:18 3226112 ----a-w- C:\Windows\System32\win32k.sys
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 03:06:40 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-21 09:59:57 57024 ----a-w- C:\Windows\System32\drivers\klim6.sys
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-16 14:37:51 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-02-16 14:37:03 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-02-15 15:15:49 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-02-15 14:57:08 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-02-13 18:17:21 136384 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2018-02-13 18:10:15 655872 ----a-w- C:\Windows\System32\aeinv.dll
2018-02-13 14:05:17 740864 ----a-w- C:\Windows\System32\generaltel.dll
2018-02-13 14:05:17 600576 ----a-w- C:\Windows\System32\devinv.dll
2018-02-13 14:05:17 451072 ----a-w- C:\Windows\System32\centel.dll
2018-02-13 14:05:17 380928 ----a-w- C:\Windows\System32\invagent.dll
2018-02-13 14:05:17 262144 ----a-w- C:\Windows\System32\acmigration.dll
2018-02-13 14:05:17 237568 ----a-w- C:\Windows\System32\aepic.dll
2018-02-13 14:05:17 1994752 ----a-w- C:\Windows\System32\aitstatic.exe
2018-02-13 14:05:17 1560064 ----a-w- C:\Windows\System32\appraiser.dll
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
2018-02-10 18:23:37 111616 ----a-w- C:\Windows\SysWow64\racpldlg.dll
2018-02-10 18:23:27 2292224 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
2018-02-10 18:11:38 369664 ----a-w- C:\Windows\System32\zipfldr.dll
2018-02-10 18:11:21 119296 ----a-w- C:\Windows\System32\racpldlg.dll
2018-02-10 18:11:14 3665920 ----a-w- C:\Windows\System32\MSVidCtl.dll
2018-02-10 18:11:13 133120 ----a-w- C:\Windows\System32\msrahc.dll
2018-02-10 17:55:30 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-02-10 17:55:16 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-02-10 17:40:55 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-02-10 17:40:08 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-02-10 17:40:07 577536 ----a-w- C:\Windows\System32\vbscript.dll
2018-02-10 17:40:02 417280 ----a-w- C:\Windows\System32\html.iec
2018-02-10 17:37:20 5779968 ----a-w- C:\Windows\System32\jscript9.dll
2018-02-10 17:36:39 40960 ----a-w- C:\Windows\SysWow64\sdchange.exe
2018-02-10 17:36:38 108032 ----a-w- C:\Windows\SysWow64\msra.exe
2018-02-10 17:36:31 7168 ----a-w- C:\Windows\SysWow64\MsraLegacy.tlb
2018-02-10 17:28:04 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-02-10 17:28:03 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-02-10 17:27:40 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-02-10 17:26:05 653312 ----a-w- C:\Windows\System32\msra.exe
2018-02-10 17:26:03 51712 ----a-w- C:\Windows\System32\sdchange.exe
2018-02-10 17:25:56 7168 ----a-w- C:\Windows\System32\MsraLegacy.tlb
2018-02-10 17:25:26 9728 ----a-w- C:\Windows\System32\drivers\errdev.sys
2018-02-10 17:25:26 14336 ----a-w- C:\Windows\System32\drivers\wmiacpi.sys
2018-02-10 17:22:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-02-10 17:20:10 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-02-10 17:10:36 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-02-10 17:10:28 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-02-10 17:10:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-02-10 17:09:59 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-02-10 17:09:45 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-02-10 17:09:34 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-02-10 17:00:29 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-02-10 17:00:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-02-10 16:47:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-02-10 16:47:38 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-02-10 16:47:29 2134016 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-02-10 16:47:13 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-02-10 16:40:50 4496384 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-02-10 16:33:45 2058240 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-02-10 16:33:11 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-02-02 18:40:54 114368 ----a-w- C:\Windows\System32\consent.exe
2018-02-02 18:29:11 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2018-02-02 18:29:11 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2018-02-02 18:29:11 2365952 ----a-w- C:\Windows\SysWow64\msi.dll
2018-02-02 18:28:30 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2018-02-02 18:16:17 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-07 12:12:48 1017792 --shatr- C:\Windows\SysWOW64\ActionCenterForms.dll
.
============= FINISH: 10:19:27.75 ===============

I installed Windows 7 professional myself, so I think I still have access to the disk.

↧

Big Time HELP

March 21, 2018, 1:06 pm

≫ Next: [SOLVED] Can't remove cmdsrvs.exe/secrypt

≪ Previous: Windows 7 suddenly slow, hangs in every app

All of a sudden, after a scan I did NOT ask for up comes the following:
Win32/Hoax.Renos.HX
TrojanIRC/Backdor.SdBot4.FRV
Adware.Win32.Look2me.ab
Trojan.Qoologic-Key Logger
Trojan.Fakealert.356
I don't know what to do. I've been scammed 3 times to the tune of $667.00++ and now, aside from the above "click.adservinganalytics.com" keeps popping up all the time EVERYWHERE. What to do?? HELP! Bob Walters

↧

[SOLVED] Can't remove cmdsrvs.exe/secrypt

March 24, 2018, 6:22 am

≫ Next: Possible Ransomware infection

≪ Previous: Big Time HELP

Hi. My machine got infected today. New folders popped up under my C: folder, things like "Browse" and "Applications." Some executables popped up in the Task Manager, things I have never seen before. My browser opened up some websites on its own.

I got rid of nearly all of them using Malwarebytes, but I can't get rid of the last one.

It is cmdsrvs.exe. I'm guessing it's a cryptocurrency mining virus?

I ran RKill, right after that I ran Malwarebytes. Didn't even detect it.
I ran AdwCleaner, didn't even detect it.
I ran Malwarebytes Anti-Rootkit Tool, didn't detect it.
I ran ComboFix, didn't remove it.
I scanned the cmdsrvs.exe on Malwarebytes manually, didn't even see it as a virus.

Please help. I don't know how else to try and remove it.
I have attached the DDS log. But for some reason, cmdsrvs.exe is not showing up on it, but I can see on the Task Manager that it's running.

Attached Files

dds.txt (21.4 KB)

↧

Possible Ransomware infection

March 27, 2018, 10:37 am

≫ Next: Possible stealth crypto miner?

≪ Previous: [SOLVED] Can't remove cmdsrvs.exe/secrypt

My friend asked me to look at his computer. He was online and a ransomware screen popped up demanding $500 in bitcoin. I told him to power it down right away, and I went and picked it up. I do not have it hooked up to the internet right now, as I don't want it infect my computers, and nothing pops up on the desktop. I ran dds.scr, and the logs are attached per the instructions. The OS is Windows 10 Home, 64 bit. I do not have an original install disk, as it was upgraded from Windows 7 during their free upgrade program, although I could probably download an ISO if needed. Any assistance would be greatly appreciated, and thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.91.2
Run by James Sauntry at 12:25:16 on 2018-03-27
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.3980.2214 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Enabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: AVG Antivirus *Enabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\mqsvc.exe
c:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\dashost.exe
svchost.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k appreadiness -p -s AppReadiness
svchost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\syswow64\backgroundTaskHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\James Sauntry\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\cscript.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={26391393-B8B2-4991-A98E-223480F8C40E}&mid=23dbb10526ce47d0a3173909b4430320-807516eab5b7ac43caabd1280f9033136779f16c&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2012-09-27%2021:20:16&v=19.4.0.508&pid=avg&sg=0&sap=hp
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [OneDrive] "C:\Users\James Sauntry\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [Conime] C:\WINDOWS\System32\conime.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 64.126.4.212 64.126.4.216
TCP: Interfaces\{a6cc4417-26fa-4d7e-a795-aae0f342c841} : DHCPNameServer = 64.126.4.212 64.126.4.216
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James Sauntry\AppData\Roaming\Mozilla\Firefox\Profiles\iyjz3pu9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.pogo.com/|https://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\James Sauntry\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - plugin: C:\WINDOWS\SysWOW64\NPSM.dll
FF - plugin: C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 HPTouchpointAnalyticsService;HP Touchpoint Analytics;C:\Program Files\hp\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [2017-11-21 332216]
R?2 OneSyncSvc_38442;OneSyncSvc_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R0 avgbidsh;avgbidsh;C:\WINDOWS\System32\drivers\avgbidsha.sys [2017-5-23 193024]
R0 avgblog;avgblog;C:\WINDOWS\System32\drivers\avgbloga.sys [2017-5-23 337344]
R0 avgbuniv;avgbuniv;C:\WINDOWS\System32\drivers\avgbuniva.sys [2017-5-23 51272]
R0 avgRvrt;avgRvrt;C:\WINDOWS\System32\drivers\avgRvrt.sys [2017-5-23 76760]
R0 avgVmm;avgVmm;C:\WINDOWS\System32\drivers\avgVmm.sys [2017-5-23 372920]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 avgArPot;avgArPot;C:\WINDOWS\System32\drivers\avgArPot.sys [2017-11-27 189032]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgbdiska.sys [2017-5-23 166552]
R1 avgbidsdriver;avgbidsdriver;C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [2017-5-23 221096]
R1 avgRdr;avgRdr;C:\WINDOWS\System32\drivers\avgRdr2.sys [2017-5-23 102720]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgSnx.sys [2017-5-23 1019088]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-5-23 452904]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-3-13 59800]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2018-3-13 304776]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\avgMonFlt.sys [2017-5-23 139040]
R2 avgStm;avgStm;C:\WINDOWS\System32\drivers\avgStm.sys [2017-5-23 198368]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_38442;CDPUserSvc_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-3-13 385536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 332144]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-4-9 161560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-6-14 1128952]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-12-2 1248256]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-1 246488]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-13 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 vToolbarUpdater40.3.8;vToolbarUpdater40.3.8;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [2017-6-13 1371136]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-13 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_38442;WpnUserService_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2016-6-22 811520]
R3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2018-3-13 7607288]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-5-14 169752]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2017-9-29 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-14 363800]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwid.sys [2017-5-23 39352]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 DevicesFlowUserSvc_38442;DevicesFlowUserSvc_38442;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2012-2-21 158976]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_38442;MessagingService_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-13 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_38442;PimIndexMaintenanceSvc_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_38442;PrintWorkflowUserSvc_38442;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-13 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-13 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-13 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-1-29 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-13 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_38442;UnistoreSvc_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-1-29 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_38442;UserDataSvc_38442;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-13 75264]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-13 770048]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-3-13 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-03-13 22:39:11 381816 ----a-w- C:\WINDOWS\System32\avgBoot.exe
2018-03-13 22:36:57 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-13 22:36:57 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-13 20:19:59 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-03-13 20:18:59 915968 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2018-03-04 23:54:22 -------- d-----w- C:\ProgramData\REGUtilities
2018-03-04 23:54:01 -------- d-----w- C:\Program Files (x86)\REGUtilities
.
==================== Find3M ====================
.
2018-03-13 22:38:31 198368 ----a-w- C:\WINDOWS\System32\drivers\avgStm.sys
2018-03-13 22:38:29 452904 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2018-03-13 22:38:29 372920 ----a-w- C:\WINDOWS\System32\drivers\avgVmm.sys
2018-03-13 22:38:28 76760 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2018-03-13 22:38:28 139040 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2018-03-13 22:38:27 39352 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2018-03-13 22:38:26 189032 ----a-w- C:\WINDOWS\System32\drivers\avgArPot.sys
2018-03-13 22:38:24 102720 ----a-w- C:\WINDOWS\System32\drivers\avgRdr2.sys
2018-03-13 22:37:52 1019088 ----a-w- C:\WINDOWS\System32\drivers\avgSnx.sys
2018-03-13 22:37:25 51272 ----a-w- C:\WINDOWS\System32\drivers\avgbuniva.sys
2018-03-13 22:37:24 337344 ----a-w- C:\WINDOWS\System32\drivers\avgbloga.sys
2018-03-13 22:37:24 221096 ----a-w- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2018-03-13 22:37:24 193024 ----a-w- C:\WINDOWS\System32\drivers\avgbidsha.sys
2018-03-13 22:37:24 166552 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2018-03-13 20:32:27 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-13 20:24:43 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-13 20:24:33 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
2018-03-01 07:11:44 93600 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2018-03-01 07:10:56 75168 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-03-01 07:10:40 1779936 ----a-w- C:\WINDOWS\System32\mfplat.dll
2018-03-01 07:10:27 22936 ----a-w- C:\WINDOWS\System32\drivers\isapnp.sys
2018-03-01 07:09:14 1054272 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-03-01 06:51:03 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-03-01 06:48:05 1930736 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-03-01 06:39:42 213400 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-03-01 06:30:09 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-03-01 06:29:50 574960 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-03-01 06:29:08 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-03-01 06:28:27 115096 ----a-w- C:\WINDOWS\SysWow64\offlinelsa.dll
2018-03-01 06:28:20 6480616 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-03-01 06:27:39 284112 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2018-03-01 06:27:39 221592 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2018-03-01 06:26:41 1524776 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2018-03-01 06:26:41 1057816 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-03-01 06:23:01 5105664 ----a-w- C:\WINDOWS\SysWow64\AuthFWSnapin.dll
2018-03-01 06:21:25 1558856 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2018-03-01 06:09:58 25251840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-03-01 06:03:58 2902528 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-03-01 06:03:29 344576 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2018-03-01 06:03:26 471552 ----a-w- C:\WINDOWS\SysWow64\AcSpecfc.dll
2018-03-01 06:03:24 162304 ----a-w- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
2018-03-01 06:03:17 65536 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2018-03-01 06:01:55 6575616 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-03-01 06:01:29 155648 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
2018-03-01 06:01:21 19456 ----a-w- C:\WINDOWS\SysWow64\credssp.dll
2018-03-01 06:00:29 98304 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2018-03-01 05:59:03 220672 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
2018-03-01 05:58:50 368128 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2018-03-01 05:58:48 459776 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2018-03-01 05:58:43 4839424 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2018-03-01 05:58:28 405504 ----a-w- C:\WINDOWS\SysWow64\Windows.Payments.dll
2018-03-01 05:57:55 369152 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2018-03-01 05:56:13 559104 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2018-03-01 05:56:08 18922496 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-03-01 05:55:40 346112 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-03-01 05:54:52 1296896 ----a-w- C:\WINDOWS\System32\usocore.dll
.
============= FINISH: 12:27:04.66 ===============

Attached Files

attach.txt (5.8 KB)

↧

Possible stealth crypto miner?

March 28, 2018, 6:53 pm

≫ Next: diskdriver.exe trojan keeps reinstalling itself

≪ Previous: Possible Ransomware infection

Hello, having issues with GPU utilization, I'll be cruising along just fine and then suddenly my computer will grind to a halt. I'll take a look at task manager and see 70-99% GPU usage from (real) client server runtime process. If I reboot it usually calms down for a bit. When it's happening, my temp spikes up. This just started a few days ago, when some other silliness started happening with windows sticky corners...

Also noticed through msinfo I'm only showing 10gb available ram out of the 16 installed

Win 10, 64 bit, nvidia titan x hybrid, drivers up to date, clean uninstall and reinstall. Ive checked for viruses but haven't been able to find anything (malwarebytes and roguekiller)

Any insight would be much appreciated

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.111.2
Run by Silent Hill at 21:44:52 on 2018-03-28
Microsoft Windows 10 Pro 10.0.16299.0.1252.1.1033.18.16329.10575 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k networkservice -s TermService
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s UmRdpService
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SessionEnv
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\SysWOW64\atashost.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe
C:\WINDOWS\SysWOW64\vmnat.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\SysWOW64\vmnetdhcp.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\WINDOWS\system32\SettingSyncHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Silent Hill\AppData\Local\Take Control Viewer\TakeControlRDLdr.exe
C:\Users\Silent Hill\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Silent Hill\AppData\Local\Take Control Viewer\TakeControlRDViewer.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mspaint.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uSearch Bar = Google
uSearch Page = Google
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Discord] C:\Users\Silent Hill\AppData\Local\Discord\app-0.0.300\Discord.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoToAssist Remote Support Expert] "C:\Users\Silent Hill\AppData\Local\GoToAssist Remote Support Expert\1575\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [TakeControlViewerPreLoad] "C:\Users\Silent Hill\AppData\Local\Take Control Viewer\TakeControlRDLdr.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
uRun: [com.squirrel.Teams.Teams] C:\Users\Silent Hill\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
uRun: [OneDrive] "C:\Users\Silent Hill\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Silent Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b} : NameServer = 8.8.8.8
TCP: Interfaces\{341c9155-40b1-4797-a397-7627f1cf46c7} : NameServer = 8.8.8.8
TCP: Interfaces\{3d1f375e-0e5e-4a72-b85d-4701d7f8c2c3} : NameServer = 8.8.8.8
TCP: Interfaces\{de9dd525-6bd2-4e99-8aef-8abb7805dd13} : NameServer = 8.8.8.8
TCP: Interfaces\{de9dd525-6bd2-4e99-8aef-8abb7805dd13} : DHCPNameServer = 209.18.47.62 209.18.47.61
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = "" msoidssp
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-9-29 293272]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 vsock;vSockets Driver;C:\WINDOWS\System32\drivers\vsock.sys [2017-8-3 75512]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-24 59800]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2018-3-18 76200]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 MpKsl00597ba9;MpKsl00597ba9;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A693F506-99B1-48ED-824C-2B23B7512198}\MpKsl00597ba9.sys [2018-3-28 58120]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2018-2-13 159288]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_59548;Connected Devices Platform User Service_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2018-3-6 7761584]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2017-6-29 3418024]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-5-27 419248]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2017-10-19 225400]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2018-3-18 193248]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-3-18 6440736]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-2 522688]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-6-22 464272]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-27 469952]
R2 OneSyncSvc_59548;Sync Host_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2017-8-10 1776864]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2017-8-10 2131760]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2017-8-10 233936]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-14 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe [2016-6-29 10885360]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2016-3-10 907968]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2016-4-14 12471368]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-14 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_59548;Windows Push Notifications User Service_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 ladfGSS;Logitech USB Surround Filter Driver (LGS);C:\WINDOWS\System32\drivers\ladfGSS.sys [2016-9-29 45192]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\LGBusEnum.sys [2016-9-29 36496]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\WINDOWS\System32\drivers\LGJoyXlCore.sys [2016-9-29 67736]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2018-3-18 109800]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2018-3-28 45960]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2018-3-18 253664]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2018-3-26 101600]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-11-4 59240]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2018-1-18 58816]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-3-1 129568]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe [2018-3-1 356152]
S1 SRepairDrv;SRepairDrv;C:\Windows\GJFix\SRepairDrv [2016-2-7 151864]
S1 XQHDrv;BigNox Service;C:\WINDOWS\System32\drivers\XQHDrv.sys [2017-1-16 253384]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 QQRepair38a;QQRepair38a;C:\Windows\GJFix\QQRepair38a [2018-3-28 129504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-9-29 126872]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-9-29 158616]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-9-29 143768]
S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\WINDOWS\System32\svchost.exe -k AssignedAccessManagerSvc [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2018-1-8 1467912]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_59548;DevicesFlow_59548;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-7 122160]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EasyAntiCheat;EasyAntiCheat;C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2018-3-23 774784]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 gfiark;gfiark;C:\WINDOWS\System32\drivers\gfiark.sys [2017-7-19 40584]
S3 gfiutil;gfiutil;C:\WINDOWS\System32\drivers\gfiutil.sys [2017-7-19 32400]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\WINDOWS\System32\drivers\LGVirHid.sys [2016-9-29 26008]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_59548;MessagingService_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-14 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-2 522688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-3-28 31168]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_59548;Contact Data_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_59548;PrintWorkflow_59548;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2018-1-24 4329952]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-14 956416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-7 214832]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-1-24 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_59548;User Data Storage_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-1-24 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_59548;User Data Access_59548;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-14 75264]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-2-14 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-9-29 25088]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xhunter1;xhunter1;C:\Windows\xhunter1.sys [2016-3-3 47096]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-2-27 2257016]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2018-2-14 819096]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-9-29 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-9-29 1190400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-03-29 00:25:20 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A693F506-99B1-48ED-824C-2B23B7512198}\MpKsl00597ba9.sys
2018-03-29 00:18:26 14453336 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A693F506-99B1-48ED-824C-2B23B7512198}\mpengine.dll
2018-03-29 00:14:36 -------- d--h--w- C:\OneDriveTemp
2018-03-29 00:14:21 45960 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2018-03-29 00:14:10 -------- d-----w- C:\ProgramData\TXQMPC
2018-03-28 23:21:12 -------- d-----w- C:\Users\Silent Hill\AppData\Roaming\Process Hacker 2
2018-03-28 23:17:23 28272 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
2018-03-28 23:15:47 -------- d-----w- C:\ProgramData\RogueKiller
2018-03-28 23:13:10 -------- d-----w- C:\Program Files\RogueKiller
2018-03-28 23:00:17 -------- d-----w- C:\Program Files\Process Hacker 2
2018-03-28 20:45:36 138120 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2018-03-28 20:45:28 -------- d-----w- C:\Program Files (x86)\VulkanRT
2018-03-28 18:16:02 14453336 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-03-26 18:31:50 101600 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2018-03-23 17:09:09 -------- d-----w- C:\Users\Silent Hill\AppData\Roaming\EasyAntiCheat
2018-03-23 17:08:32 -------- d-----w- C:\Users\Silent Hill\AppData\Roaming\Fatshark
2018-03-23 17:08:32 -------- d-----w- C:\Program Files (x86)\EasyAntiCheat
2018-03-21 22:59:00 1094320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8592C00-2F1A-4B6D-A7F0-6F090FE7EBC0}\gapaengine.dll
2018-03-20 22:45:11 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2018-03-18 14:10:24 193248 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2018-03-18 14:10:24 109800 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2018-03-18 14:10:18 253664 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-03-18 14:10:09 76200 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-03-06 15:36:29 -------- d-----w- C:\Program Files\Microsoft Office 15
2018-03-03 12:12:52 455856 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-03-03 12:10:48 28336 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2018-03-03 12:03:10 213680 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
==================== Find3M ====================
.
2018-03-25 16:15:34 625504 ----a-w- C:\WINDOWS\System32\NvIFROpenGL.dll
2018-03-25 16:15:32 516024 ----a-w- C:\WINDOWS\SysWow64\NvIFROpenGL.dll
2018-03-25 16:15:30 998424 ----a-w- C:\WINDOWS\System32\NvIFR64.dll
2018-03-25 16:15:26 950016 ----a-w- C:\WINDOWS\SysWow64\NvIFR.dll
2018-03-25 16:14:42 1138720 ----a-w- C:\WINDOWS\System32\NvFBC64.dll
2018-03-25 16:14:38 1065888 ----a-w- C:\WINDOWS\SysWow64\NvFBC.dll
2018-03-25 16:14:36 1683712 ----a-w- C:\WINDOWS\System32\nvdispgenco6439135.dll
2018-03-25 16:14:34 1985112 ----a-w- C:\WINDOWS\System32\nvdispco6439135.dll
2018-03-25 16:14:24 749312 ----a-w- C:\WINDOWS\System32\nvDecMFTMjpeg.dll
2018-03-25 16:14:22 608344 ----a-w- C:\WINDOWS\SysWow64\nvDecMFTMjpeg.dll
2018-03-25 16:14:16 4318112 ----a-w- C:\WINDOWS\System32\nvcuvid.dll
2018-03-25 16:14:14 3719096 ----a-w- C:\WINDOWS\SysWow64\nvcuvid.dll
2018-03-25 16:13:58 40278608 ----a-w- C:\WINDOWS\System32\nvcompiler.dll
2018-03-25 16:13:50 35188992 ----a-w- C:\WINDOWS\SysWow64\nvcompiler.dll
2018-03-25 16:12:56 473960 ----a-w- C:\WINDOWS\System32\drivers\NVIDIA Corporation\Drs\dbInstaller.exe
2018-03-25 16:10:06 13571520 ----a-w- C:\WINDOWS\System32\nvptxJitCompiler.dll
2018-03-25 16:10:00 11132384 ----a-w- C:\WINDOWS\SysWow64\nvptxJitCompiler.dll
2018-03-25 16:09:54 19855144 ----a-w- C:\WINDOWS\System32\nvopencl.dll
2018-03-25 16:09:48 16496776 ----a-w- C:\WINDOWS\SysWow64\nvopencl.dll
2018-03-25 16:09:40 633040 ----a-w- C:\WINDOWS\System32\nvmcumd.dll
2018-03-25 16:09:28 1153744 ----a-w- C:\WINDOWS\System32\nvfatbinaryLoader.dll
2018-03-25 16:09:24 902096 ----a-w- C:\WINDOWS\SysWow64\nvfatbinaryLoader.dll
2018-03-25 16:09:22 811808 ----a-w- C:\WINDOWS\System32\nvEncodeAPI64.dll
2018-03-25 16:09:18 650232 ----a-w- C:\WINDOWS\SysWow64\nvEncodeAPI.dll
2018-03-25 16:09:16 1355216 ----a-w- C:\WINDOWS\System32\nvEncMFThevc.dll
2018-03-25 16:09:14 1067560 ----a-w- C:\WINDOWS\SysWow64\nvEncMFThevc.dll
2018-03-25 16:09:10 1346128 ----a-w- C:\WINDOWS\System32\nvEncMFTH264.dll
2018-03-25 16:09:08 1061352 ----a-w- C:\WINDOWS\SysWow64\nvEncMFTH264.dll
2018-03-25 16:08:28 12967056 ----a-w- C:\WINDOWS\System32\nvcuda.dll
2018-03-25 16:08:24 11001504 ----a-w- C:\WINDOWS\SysWow64\nvcuda.dll
2018-03-25 16:08:20 4633920 ----a-w- C:\WINDOWS\System32\nvapi64.dll
2018-03-25 16:08:16 3939624 ----a-w- C:\WINDOWS\SysWow64\nvapi.dll
2018-03-24 01:19:20 58816 ----a-w- C:\WINDOWS\System32\drivers\nvvhci.sys
2018-03-23 23:50:31 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2018-03-23 23:02:21 5952392 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2018-03-23 23:02:21 2596320 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2018-03-23 23:02:19 83072 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2018-03-23 23:02:19 633224 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2018-03-23 23:02:19 451040 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2018-03-23 23:02:19 1767824 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2018-03-23 23:02:19 123840 ----a-w- C:\WINDOWS\System32\nvshext.dll
2018-03-21 11:22:32 8114212 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2018-03-14 13:05:49 2480064 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2018-03-14 13:05:49 2137024 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2018-03-14 13:05:48 1310144 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2018-03-14 12:44:54 1951 ----a-w- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-03-14 04:19:24 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-14 04:18:38 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-14 04:18:38 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-05 06:18:28 189784 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2018-03-05 06:18:28 152408 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2018-03-02 21:09:11 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-02 21:09:11 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 11:22:41 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-03-01 11:22:41 288296 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-03-01 11:22:41 129568 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
.
============= FINISH: 21:45:19.11 ===============

Attached Files

attach.txt (9.6 KB)

↧

diskdriver.exe trojan keeps reinstalling itself

April 3, 2018, 9:42 am

≫ Next: help please

≪ Previous: Possible stealth crypto miner?

Hello!

english isnt my first language,so my apologies in advance.

i just found a trojan under windows\system32 named diskdriver.exe

the programm i used to find it was spyhunter4.

any antivirus i used didnt find it at all. but as soon as i uploaded the exe to hxxps://www.virustotal.com/
(with the SHA-256 being:
726462d82647e8134a35265d5f79f3a7f38cb108c61849a529969e16954f6a65
)

it got flagged as a trojan/miner by 32/56 programs

I used the Farbar's Recovery Scan Tool and Malwarebytes Anti-Rootkit to remove it at first,

which ended up in the exe installing itself again after a reboot.

Spyhunter seems to have found another path to this trojan in:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::diskdriver.

now my question is, what can i do about that and how to prevent this from happening in the future?

thank you in advance :)

i have the logs of the Farbar's Recovery Scan Tool and Malwarebytes Anti-Rootkit if needed.

the attach.txt is here as well (attached)
heres the log of dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.161.2
Run by Jakub at 18:40:09 on 2018-04-03
Microsoft Windows 10 Home 10.0.16299.0.1252.49.1031.18.8158.4814 [GMT 2:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\WLANExt.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\diskdriver.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Jakub\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Discord] C:\Users\Jakub\AppData\Local\Discord\app-0.0.300\Discord.exe
uRun: [Spotify] C:\Users\Jakub\AppData\Roaming\Spotify\Spotify.exe --autostart
uRun: [Spotify Web Helper] C:\Users\Jakub\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRunOnce: [Application Restart #2] C:\Program Files\pia_manager\nwjs\pia_nw.exe --disable-gpu --disable-transparency --no-first-run --disable-features=NativeNotifications --user-data-dir="C:\Users\Jakub\AppData\Local\PrivateInternetAccess\User Data" --no-sandbox --no-zygote --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files\pia_manager\frontend" --restore-last-session "C:\Program Files\pia_manager\frontend"
mRun: [LEDBarController] C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
mRun: [SilentFanControl] C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
mRun: [RoccatKoneXTD] "C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ROCCAT~1.LNK - C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{24f2031b-21dc-4116-9d71-63faaa653369} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6a3400c9-746e-4469-8fbf-5a3bdb3b916b} : DHCPNameServer = 209.222.18.222 209.222.18.218
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [diskdriver] C:\WINDOWS\System32\diskdriver.exe
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\WINDOWS\System32\drivers\avdevprot.sys [2018-1-31 60920]
R0 avusbflt;avusbflt;C:\WINDOWS\System32\drivers\avusbflt.sys [2018-1-31 38048]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-10-6 1455552]
R0 intelpep;Treiber für Intel(R)-Energiemodul-Plug-In;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Treiber für den Filter der Datenträger-E/A-Rate;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 volume;Volumetreiber;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Sicherer Dienst;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2018-4-3 44488]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-31 59800]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2018-4-3 492560]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2018-4-3 492560]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2018-4-3 178840]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-3-28 449240]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2018-1-31 88488]
R2 CDPSvc;Plattformdienst für verbundene Geräte;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_44da4;CDPUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Benutzererfahrung und Telemetrie im verbundenen Modus;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Datennutzung;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-24 18856]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 inpoutx64;inpoutx64;C:\WINDOWS\System32\drivers\inpoutx64.sys [2015-10-6 15008]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-9-5 207648]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-12-8 193656]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 518080]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-6-7 462920]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2016-12-17 460736]
R2 OneSyncSvc_44da4;OneSyncSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 storqosflt;QoS-Filter für Speicher Treiber;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 UserManager;Benutzer-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-14 147872]
R2 WMI_Hook_Service;WMI_Hook_Service;C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [2015-9-22 155696]
R2 WpnService;Windows-Pushbenachrichtigungssystemdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_44da4;WpnUserService_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-6-12 3831200]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [2015-6-3 172376]
R3 bthl2cap;Supporttreiber für Microsoft Bluetooth-Protokoll;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 iaLPSS2_UART2;Intel(R) Serial IO UART Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [2015-5-29 281896]
R3 iaLPSS2i_GPIO2;Intel(R)-GPIO-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
R3 iaLPSS2i_I2C;Intel(R)-I2C-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-4-13 244744]
R3 ladfGSS;Logitech USB Surround Filter Driver (LGS);C:\WINDOWS\System32\drivers\ladfGSS.sys [2016-12-8 45208]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\LGBusEnum.sys [2016-12-8 36496]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\WINDOWS\System32\drivers\LGJoyXlCore.sys [2016-12-8 67736]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\WINDOWS\System32\drivers\LGVirHid.sys [2016-12-8 26008]
R3 NcbService;Netzwerkverbindungsbroker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Enumerator für virtuelle Microsoft-Netzwerkadapter;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2017-9-29 7689728]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2018-1-30 50624]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2018-1-30 57928]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-6 886528]
R3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
R3 StateRepository;StateRepository-Dienst;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Kacheldaten-Modellserver;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Zeitbroker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UEFI;UEFI-Treiber von Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
R3 xinputhid;XINPUT-HID-Filtertreiber;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2018-4-3 1136744]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2018-4-3 1533608]
S2 MapsBroker;Manager für heruntergeladene Karten;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 WinDefendSecurity;Windows Defender Security Service;C:\WINDOWS\System32\windfn.exe [2018-3-30 2036736]
S3 AcpiDev;ACPI-Gerätetreiber;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn-Routerdienst;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker-Filtertreiber;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App-Vorbereitung;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX-Bereitstellungsdienst (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-6-13 6971400]
S3 BthHFSrv;Bluetooth-Freisprechdienst;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT-Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Dienst für PDC (Portable Device Control)-Geräte;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;CAD (Charging Arbitration Driver);C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Manager-Dienst für den Funktionszugriff;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID-Treiber für CapImg-Touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio virtueller Bustreiber;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Clientlizenzdienst (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_44da4;DevicesFlowUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;Broker für DevQuery-Hintergrundermittlung;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Standardsammlungsdienst des Microsoft(R)-Diagnose-Hubs;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Registrierungsdienst für die Geräteverwaltung;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DoSvc;Übermittlungsoptimierung;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 DsSvc;Datenfreigabedienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EasyAntiCheat;EasyAntiCheat;C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe --> C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [?]
S3 embeddedmode;Eingebetteter Modus;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Verwaltungsdienst für Unternehmens-Apps;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows-Kamera-FrameServer;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Allgemeine Funktionsklasse (USB);C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Allgemeiner Treiber für HID-Tasten mit Interruptimplementierung;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV-Hostdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel-GPIO-Controllertreiber für serielle E/A;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R)-I2C-Hostcontroller für serielle E/A;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R)-GPIO-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C_BXT_P;Intel(R)-I2C-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO-Controllertreiber;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R)-I2C-Controllertreiber für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA-RAID-Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filtertreiber);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows-Dienst für mobile Hotspots;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays-Kernelmodustreiber;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store-Installationsdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S3 invdimm;Microsoft iNVDIMM-Gerätetreiber;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;Konfigurationsdienst für die IP-Übersetzung;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 lfsvc;Geolocation-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 LicenseManager;Windows-Lizenz-Manager-Dienst;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB-Hostcontrollertreiber;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB-IP-Filtertreiber;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_44da4;MessagingService_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX-Busenumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-6-12 268192]
S3 NaturalAuthentication;Natürliche Authentifizierung;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect-Dienst;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Netzwerkeinrichtungsdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-14 192512]
S3 NgcCtnrSvc;Microsoft Passport-Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 518080]
S3 nvdimmn;Microsoft NVDIMM-N-Gerätetreiber;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-1-30 30144]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Telefondienst;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_44da4;PimIndexMaintenanceSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Speichermodultreiber;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_44da4;PrintWorkflowUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Dienst für Einzelhandelsdemos;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Ressourcenhub-Proxytreiber;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smartcard-Geräteaufzählungsdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft-Treiber für Speicherklassen-Speicherbus;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF-Reflektor;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Zahlungs- und NFC/SE-Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 SensorDataService;Sensordatendienst;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensordienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SharedRealitySvc;Dienst für räumliche Daten;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft-SMP für Speicherplätze;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS-Routerdienst.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-14 956416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Standardmäßiger NVM Express-Treiber von Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS)-Treiber;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-1-31 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB-Connector-Manager-UCSI-Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;Chipidea-Controller (USB);C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;Synopsys-Controller (USB);C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_44da4;UnistoreSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-1-31 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_44da4;UserDataSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF)-Treiber;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V-Gastinfrastrukturtreiber;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V-Gastdienstschnittstelle;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct-Dienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Virtueller Microsoft-Gerätetreiber für NVDIMMs;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-14 75264]
S3 WdNisDrv;WdNisDrv;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;WdNisSvc;"C:\Program Files\Windows Defender\NisSrv.exe" --> C:\Program Files\Windows Defender\NisSrv.exe [?]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Hostdienst für Windows Encryption Provider;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Verbindungs-Manager-Dienst von Wi-Fi Direct Services;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad-Dienst;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows-NAT-Treiber;C:\WINDOWS\System32\drivers\winnat.sys [2018-2-14 225792]
S3 WinVerbs;WinVerbs-Dienst;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows-Insider-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Dienst "Assistent für lokale Profile";C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Arbeitsordner;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Authentifizierungs-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live-Spiele speichern;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Eingabeprotokolltreiber für Xbox-Spiele;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live-Netzwerkservice;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;C:\WINDOWS\System32\drivers\xusb22.sys [2017-9-29 99328]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Automatische Zeitzonenaktualisierung;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-03 16:13:12 1885696 ----a-w- C:\WINDOWS\System32\diskdriver.exe
2018-04-03 16:09:54 44488 ----a-w- C:\WINDOWS\System32\drivers\avkmgr.sys
2018-04-03 16:09:54 178840 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2018-04-03 16:09:11 -------- d-----w- C:\Program Files (x86)\Avira
2018-04-03 15:58:07 255928 ----a-w- C:\WINDOWS\System32\drivers\52257650.sys
2018-04-03 15:24:59 255928 ----a-w- C:\WINDOWS\System32\drivers\1226659A.sys
2018-04-03 15:19:30 255928 ----a-w- C:\WINDOWS\System32\drivers\4324F5BF.sys
2018-04-03 13:58:15 -------- d-----w- C:\ProgramData\Malwarebytes
2018-04-03 13:58:13 255928 ----a-w- C:\WINDOWS\System32\drivers\294231DA.sys
2018-04-03 13:57:16 192952 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2018-04-03 13:57:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-03 13:23:06 -------- d-----w- C:\FRST
2018-04-03 00:38:03 -------- d-----w- C:\ProgramData\SecuritySuite
2018-04-02 23:58:08 -------- d--h--w- C:\$AV_ASW
2018-04-02 23:56:56 61304 ----a-w- C:\WINDOWS\System32\drivers\lpsport.sys
2018-04-02 23:56:47 -------- d-----w- C:\Program Files\Common Files\AVAST Software
2018-04-02 23:56:03 -------- d-----w- C:\ProgramData\AVAST Software
2018-03-31 23:49:14 -------- d-----w- C:\Users\Jakub\AppData\Local\PrivateInternetAccess
2018-03-31 23:48:46 27136 ----a-w- C:\WINDOWS\System32\drivers\tap0901.sys
2018-03-31 23:48:45 -------- d-----w- C:\Program Files\pia_manager
2018-03-30 13:04:21 2036736 ----a-w- C:\WINDOWS\System32\windfn.exe
2018-03-29 20:39:34 -------- d-----w- C:\WINDOWS\SysWow64\directx
2018-03-29 17:10:05 -------- d-----w- C:\Users\Jakub\AppData\Local\DBFighterZ
2018-03-29 17:09:46 -------- d-----w- C:\Users\Jakub\AppData\Roaming\EasyAntiCheat
2018-03-25 08:27:51 -------- d-----w- C:\Program Files (x86)\WinCDEmu
2018-03-25 08:24:18 8576 ----a-w- C:\WINDOWS\SysWow64\drivers\VCdRom.sys
2018-03-17 12:06:29 -------- d-----w- C:\Users\Jakub\AppData\Roaming\.minecraft
2018-03-17 12:06:24 -------- d-----w- C:\Program Files (x86)\Minecraft
2018-03-09 19:38:52 -------- d-----w- C:\Users\Jakub\AppData\Roaming\Battlerite
.
==================== Find3M ====================
.
2018-03-25 08:51:05 830704 ----a-w- C:\WINDOWS\System32\drivers\EasyAntiCheat.sys
2018-03-14 15:57:38 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-14 15:56:41 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-14 15:56:40 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-05 12:42:42 208 ----a-w- C:\WINDOWS\System32\setup4.1.5.tmp
2018-03-02 21:09:11 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-02 21:09:11 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
2018-03-01 07:11:44 93600 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2018-03-01 07:10:56 75168 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-03-01 07:10:40 1779936 ----a-w- C:\WINDOWS\System32\mfplat.dll
2018-03-01 07:10:27 22936 ----a-w- C:\WINDOWS\System32\drivers\isapnp.sys
2018-03-01 07:09:14 1054272 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-03-01 06:51:03 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-03-01 06:48:05 1930736 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-03-01 06:39:42 213400 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-03-01 06:30:09 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-03-01 06:29:50 574960 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-03-01 06:29:08 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-03-01 06:28:27 115096 ----a-w- C:\WINDOWS\SysWow64\offlinelsa.dll
2018-03-01 06:28:20 6480616 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-03-01 06:27:39 284112 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2018-03-01 06:27:39 221592 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2018-03-01 06:26:41 1524776 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2018-03-01 06:26:41 1057816 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-03-01 06:23:01 5105664 ----a-w- C:\WINDOWS\SysWow64\AuthFWSnapin.dll
2018-03-01 06:21:25 1558856 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2018-03-01 06:09:58 25251840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-03-01 06:03:58 2902528 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-03-01 06:03:29 344576 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2018-03-01 06:03:26 471552 ----a-w- C:\WINDOWS\SysWow64\AcSpecfc.dll
2018-03-01 06:03:24 162304 ----a-w- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
2018-03-01 06:03:17 65536 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2018-03-01 06:01:55 6575616 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-03-01 06:01:29 155648 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
2018-03-01 06:01:21 19456 ----a-w- C:\WINDOWS\SysWow64\credssp.dll
2018-03-01 06:00:29 98304 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2018-03-01 05:59:03 220672 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
2018-03-01 05:58:50 368128 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2018-03-01 05:58:48 459776 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2018-03-01 05:58:43 4839424 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2018-03-01 05:58:28 405504 ----a-w- C:\WINDOWS\SysWow64\Windows.Payments.dll
2018-03-01 05:57:55 369152 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2018-03-01 05:56:13 559104 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2018-03-01 05:56:08 18922496 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-03-01 05:55:40 346112 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-03-01 05:54:52 1296896 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-03-01 05:54:44 3181568 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2018-03-01 05:54:28 463360 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2018-03-01 05:54:23 496128 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-03-01 05:54:22 3664384 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-03-01 05:53:46 863232 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-03-01 05:53:45 536576 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2018-03-01 05:53:41 246272 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-03-01 05:53:40 206848 ----a-w- C:\WINDOWS\System32\IndexedDbLegacy.dll
2018-03-01 05:53:37 56320 ----a-w- C:\WINDOWS\System32\AcSpecfc.dll
2018-03-01 05:53:37 399872 ----a-w- C:\WINDOWS\System32\MusNotification.exe
.
============= FINISH: 18:40:18,24 ===============

Attached Files

attach.txt (5.8 KB)

↧

help please

April 6, 2018, 2:50 am

≫ Next: Infected?

≪ Previous: diskdriver.exe trojan keeps reinstalling itself

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15
Run by Jack at 12:23:17 on 2018-04-06
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7814.2253 [GMT 3:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SEMgrSvc
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\windows\system32\sihost.exe
C:\Program Files\Elantech\ETDCtrl.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Program Files\Elantech\ETDTouch.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\WINDOWS\system32\igfxext.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Jack\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\WINDOWS\system32\osk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s DoSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\syswow64\backgroundTaskHost.exe
svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uLocal Page = %11%\blank.htm
uDefault_Page_URL = hxxp://samsung13.msn.com
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [ycAutoLaunch_822802423B0C1A64BCAACA67C9B682DB] "C:\Users\Jack\AppData\Local\yc\Application\yc.exe" /prefetch:5
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
dRunOnce: [Application Restart #1] C:\WINDOWS\System32\osk.exe
dRunOnce: [Application Restart #0] C:\WINDOWS\System32\osk.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2a0411c8-4b11-46d8-987b-41b116d52d13} : NameServer = ,,
TCP: Interfaces\{41542e40-c020-4170-a980-ebf2a10f9a82} : NameServer = ,,
TCP: Interfaces\{a9f55109-d9de-4ba7-b3b8-f2285cbf2a9d} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\34F435D4F44554D2936454131403 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\357756564784F6573756 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\7596C6C6461697 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\85D26496C6560234F6D6075747562737 : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [RtHDVBg_SRSSA] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2013-1-7 56336]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-4 59800]
R1 cbfs3;cbfs3;C:\WINDOWS\System32\drivers\cbfs3.sys [2013-1-7 352456]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 MpKsl15463fab;MpKsl15463fab;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\MpKsl15463fab.sys [2018-4-5 58120]
R1 MpKsl537549bc;MpKsl537549bc;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F031E7-AB80-4D23-951C-041CA749921D}\MpKsl537549bc.sys [2018-3-27 58120]
R1 MpKslaade24fe;MpKslaade24fe;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8109FE7-A0FD-4C06-A048-6181337652B6}\MpKslaade24fe.sys [2018-3-23 58120]
R1 MpKslad0077f9;MpKslad0077f9;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A87F319D-70CC-4012-B5BF-6E8EF373C7C1}\MpKslad0077f9.sys [2018-3-28 58120]
R1 MpKslb0231e50;MpKslb0231e50;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93B69CBE-C2A5-49D6-B436-C66FBAAA5C32}\MpKslb0231e50.sys [2018-3-26 58120]
R1 MpKslc45df63f;MpKslc45df63f;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{079C9383-74FC-4564-A60D-2D1F3C51D46C}\MpKslc45df63f.sys [2018-3-24 58120]
R1 MpKsldff02c52;MpKsldff02c52;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF4C1803-CC14-4FAF-BE15-569D4005B6AE}\MpKsldff02c52.sys [2018-3-25 58120]
R1 SDiskWindows10;SDiskWindows10;C:\WINDOWS\System32\drivers\SDiskWindows10.sys [2016-10-4 111320]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-11-6 171664]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [2016-10-4 403264]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_130e830b;Connected Devices Platform User Service_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2015-6-19 1593664]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2016-11-11 129952]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-6 223008]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2018-4-2 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-2 6479136]
R2 Oasis2Service (Smart Advisor);Oasis2Service (Smart Advisor);C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe [2017-12-11 72000]
R2 OneSyncSvc_130e830b;Sync Host_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SamsungLinkService;SamsungLinkService;C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [2016-10-4 25017064]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2015-7-15 16216]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2015-7-15 143656]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-14 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2017-10-11 3298208]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-14 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_130e830b;Windows Push Notifications User Service_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 acpials;ALS Sensor Filter;C:\WINDOWS\System32\drivers\acpials.sys [2017-9-29 11776]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-4-11 165344]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 ETD;Samsung TouchPad Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2016-11-11 444504]
R3 ETDSMBus;ETDSMBus;C:\WINDOWS\System32\drivers\ETDSMBus.sys [2015-9-23 31832]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2018-4-2 253664]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2017-9-29 3343872]
R3 PimIndexMaintenanceSvc_130e830b;Contact Data_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 RadioHIDMini;Radio HID Mini-driver;C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-7-27 23408]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-30 895256]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UnistoreSvc_130e830b;User Data Storage_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-10-10 47072]
R3 UserDataSvc_130e830b;User Data Access_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-3-2 129568]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe [2018-3-2 356152]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-10-10 188896]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2017-3-23 729048]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 icacl;icacl;C:\WINDOWS\System32\icacl.exe --> C:\WINDOWS\System32\icacl.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 DevicesFlowUserSvc_130e830b;DevicesFlow_130e830b;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-21 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_130e830b;MessagingService_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-14 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_130e830b;PrintWorkflow_130e830b;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-14 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-1 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-1 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-14 75264]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-2-14 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-9-29 25088]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-05 15:32:54 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\MpKsl15463fab.sys
2018-04-05 15:32:42 14558320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\mpengine.dll
2018-04-04 10:56:40 14558320 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-02 18:31:13 -------- d--h--w- C:\$SysReset
2018-04-02 17:37:02 193768 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2018-04-02 17:35:36 253664 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-04-02 17:35:28 76192 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-03-28 05:46:37 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A87F319D-70CC-4012-B5BF-6E8EF373C7C1}\MpKslad0077f9.sys
2018-03-27 05:05:40 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F031E7-AB80-4D23-951C-041CA749921D}\MpKsl537549bc.sys
2018-03-26 06:17:24 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93B69CBE-C2A5-49D6-B436-C66FBAAA5C32}\MpKslb0231e50.sys
2018-03-25 07:53:19 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF4C1803-CC14-4FAF-BE15-569D4005B6AE}\MpKsldff02c52.sys
2018-03-24 06:01:50 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{079C9383-74FC-4564-A60D-2D1F3C51D46C}\MpKslc45df63f.sys
2018-03-23 06:06:48 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8109FE7-A0FD-4C06-A048-6181337652B6}\MpKslaade24fe.sys
2018-03-22 06:06:40 1094320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA9519F-C9D6-4E31-A0E6-0CD97E10FF2A}\gapaengine.dll
2018-03-21 12:33:07 -------- d-----w- C:\Users\Jack\AppData\Local\PlaceholderTileLogoFolder
2018-03-14 07:45:00 75168 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-03-14 07:45:00 65536 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2018-03-14 07:45:00 344576 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2018-03-14 07:45:00 162304 ----a-w- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
2018-03-14 07:45:00 155648 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
.
==================== Find3M ====================
.
2018-03-14 08:00:48 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-14 07:46:09 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-14 07:46:08 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-02 21:09:11 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-02 21:09:11 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-02 14:40:55 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-03-02 14:40:55 288296 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-03-02 14:40:55 129568 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
2018-03-01 07:11:44 93600 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2018-03-01 07:10:40 1779936 ----a-w- C:\WINDOWS\System32\mfplat.dll
2018-03-01 07:10:27 22936 ----a-w- C:\WINDOWS\System32\drivers\isapnp.sys
2018-03-01 07:09:14 1054272 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-03-01 06:51:03 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-03-01 06:48:05 1930736 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-03-01 06:39:42 213400 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-03-01 06:30:09 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-03-01 06:29:50 574960 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-03-01 06:29:08 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-03-01 06:28:27 115096 ----a-w- C:\WINDOWS\SysWow64\offlinelsa.dll
2018-03-01 06:28:20 6480616 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-03-01 06:27:39 284112 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2018-03-01 06:27:39 221592 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2018-03-01 06:26:41 1524776 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2018-03-01 06:26:41 1057816 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-03-01 06:23:01 5105664 ----a-w- C:\WINDOWS\SysWow64\AuthFWSnapin.dll
2018-03-01 06:21:25 1558856 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2018-03-01 06:09:58 25251840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-03-01 06:03:58 2902528 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-03-01 06:03:26 471552 ----a-w- C:\WINDOWS\SysWow64\AcSpecfc.dll
2018-03-01 06:01:55 6575616 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-03-01 06:01:21 19456 ----a-w- C:\WINDOWS\SysWow64\credssp.dll
2018-03-01 06:00:29 98304 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2018-03-01 05:59:03 220672 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
2018-03-01 05:58:50 368128 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2018-03-01 05:58:48 459776 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2018-03-01 05:58:43 4839424 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2018-03-01 05:58:28 405504 ----a-w- C:\WINDOWS\SysWow64\Windows.Payments.dll
2018-03-01 05:57:55 369152 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2018-03-01 05:56:13 559104 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2018-03-01 05:56:08 18922496 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-03-01 05:55:40 346112 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-03-01 05:54:52 1296896 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-03-01 05:54:44 3181568 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2018-03-01 05:54:28 463360 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2018-03-01 05:54:23 496128 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-03-01 05:54:22 3664384 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-03-01 05:53:46 863232 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-03-01 05:53:45 536576 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2018-03-01 05:53:41 246272 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-03-01 05:53:40 206848 ----a-w- C:\WINDOWS\System32\IndexedDbLegacy.dll
2018-03-01 05:53:37 56320 ----a-w- C:\WINDOWS\System32\AcSpecfc.dll
2018-03-01 05:53:37 399872 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2018-03-01 05:53:37 107520 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2018-03-01 05:53:31 97792 ----a-w- C:\WINDOWS\System32\updatecsp.dll
2018-03-01 05:53:31 92160 ----a-w- C:\WINDOWS\System32\usoapi.dll
2018-03-01 05:53:30 39424 ----a-w- C:\WINDOWS\System32\UsoClient.exe
.
============= FINISH: 12:23:37.12 ===============

Attached Files

attach.zip (3.0 KB)

↧

Infected?

April 14, 2018, 7:53 am

≫ Next: ClipConverter Malware

≪ Previous: help please

Hello,

I sometimes stream football matches and my computer has been running very slowly of late. It also seems to do things by itself, like close windows or type. I suspect I have a virus...

I do not have a copy of the windows disk to hand.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.2007
Run by PKA at 17:39:08 on 2018-04-14
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.6034.2928 [GMT 2:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\GFNEXSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hola\app\hola_updater.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\WINDOWS\system32\svchost.exe -k osrss
C:\windows\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\smartscreen.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Hola\app\hola.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Users\PKA\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files\Hola\app\hola_svc.exe
C:\WINDOWS\system32\wermgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\System32\ATBroker.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\atbroker.exe
C:\WINDOWS\System32\ATBroker.exe
C:\WINDOWS\System32\ATBroker.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={4E22E165-2005-4A4A-BBCD-311972D89E3F}&mid=eabf3a88e70947cfbdcd3909b40eb674-173e1646107ee1e12fde840c2003dfc065c30b07&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2016-11-22 21:39:07&v=4.3.6.255&pid=wtu&sg=&sap=hp
uSearch Bar = Preserve
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify] "C:\Users\PKA\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [OneDrive] "C:\Users\PKA\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify Web Helper] "C:\Users\PKA\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe -update pepperplugin
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRunOnce: [SBrowserCheck] "C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101
StartupFolder: C:\Users\PKA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: hola.org
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{4ba099e9-a8fc-40d0-b3f6-6a82e93fd407} : DHCPNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{4ba099e9-a8fc-40d0-b3f6-6a82e93fd407}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{93800ea6-89d3-4444-b503-be36a18dfca1} : NameServer = 10.203.128.1 10.203.128.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - LocalServer32 - <no file>
x64-BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [hola] C:\Program Files\Hola\app\hola.exe --silent
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\WINDOWS\System32\drivers\aswbidsha.sys [2017-7-9 199440]
R0 aswblog;aswblog;C:\WINDOWS\System32\drivers\aswbloga.sys [2017-7-9 343752]
R0 aswbuniv;aswbuniv;C:\WINDOWS\System32\drivers\aswbuniva.sys [2017-7-9 57680]
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\drivers\aswRvrt.sys [2017-7-9 84368]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\drivers\aswVmm.sys [2017-7-9 380528]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\WINDOWS\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-1-20 199000]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 aswArPot;aswArPot;C:\WINDOWS\System32\drivers\aswArPot.sys [2017-11-22 196640]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-7-9 227504]
R1 aswHdsKe;aswHdsKe;C:\WINDOWS\System32\drivers\aswHdsKe.sys [2018-1-6 227784]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2017-7-9 41832]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2017-7-9 1026696]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2017-7-9 460520]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 RDPDISPM;RDPDISPM;C:\WINDOWS\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2017-7-9 147224]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2017-7-9 205976]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-4-14 313640]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_3d85a;CDPUserSvc_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 GFNEXSrv;GFNEX Service;C:\WINDOWS\System32\GFNEXSrv.exe [2014-5-13 162824]
R2 hola_svc;Hola Better Internet Engine;C:\Program Files\Hola\app\hola_svc.exe [2017-1-28 20147160]
R2 hola_updater;Hola Better Internet Updater;C:\Program Files\Hola\app\hola_updater.exe [2017-1-28 5622368]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-5-13 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-5-13 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 OneSyncSvc_3d85a;Sync Host_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 osrss;OS Remediation System Service;C:\WINDOWS\System32\svchost.exe -k osrss [2016-7-16 44496]
R2 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-1-20 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-10-8 278616]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-7-7 1001920]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-12-26 16928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-5-13 363800]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-20 119640]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-4-14 7603408]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2014-6-26 85504]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PGEffect;Pangu effect driver;C:\WINDOWS\System32\drivers\PGEffect.sys [2014-5-13 38096]
R3 PimIndexMaintenanceSvc_3d85a;Contact Data_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2014-5-13 251496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 RtkBtFilter2;Realtek Bluetooth Filter Module;C:\WINDOWS\System32\drivers\RtkBtfilter.sys [2015-5-29 65792]
R3 rtwlane_13;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane_13.sys [2016-7-16 3717120]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 UnistoreSvc_3d85a;User Data Storage_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_3d85a;User Data Access_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 InstallerService;Service Installer TrueKey;C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 MessagingService_3d85a;MessagingService_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2017-7-9 46968]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-18 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2017-9-12 185048]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-1-20 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2018-1-20 124928]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-14 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-10-8 51392]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-20 82272]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-5-13 57216]
S3 TrueKeyServiceHelper;Intel Security True Key Helper Service;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-7-7 87760]
S3 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-1-20 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-1-20 66560]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-1-20 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_3d85a;Windows Push Notifications User Service_3d85a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-14 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-8-31 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-04-14 15:36:14 -------- d-----w- C:\WINDOWS\UpdateAssistant
2018-04-14 15:23:22 -------- d-----w- C:\Users\PKA\AppData\Local\AVAST Software
2018-04-14 15:23:22 -------- d-----w- C:\Program Files (x86)\AVAST Software
2018-04-14 15:16:55 -------- d--h--w- C:\$SysReset
2018-04-14 15:13:12 61304 ----a-w- C:\WINDOWS\System32\drivers\lpsport.sys
.
==================== Find3M ====================
.
2018-04-14 15:20:38 147224 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2018-04-14 15:00:06 205976 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2018-04-14 14:59:57 380528 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2018-04-14 14:59:56 84368 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2018-04-14 14:59:56 46968 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2018-04-14 14:59:55 196640 ----a-w- C:\WINDOWS\System32\drivers\aswArPot.sys
2018-04-14 14:59:53 111352 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2018-04-14 14:55:00 1026696 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2018-04-14 14:54:36 227784 ----a-w- C:\WINDOWS\System32\drivers\aswHdsKe.sys
2018-04-14 14:54:27 57680 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys
2018-04-14 14:54:27 343752 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys
2018-04-14 14:54:27 227504 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys
2018-04-14 14:54:27 199440 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys
2018-04-09 15:39:46 23024 ----a-w- C:\WINDOWS\apppatch\apppatch64\Luadgmgt.dll
2018-02-18 10:26:52 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2018-02-18 10:26:03 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2018-02-18 10:24:56 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2018-02-18 10:23:24 33280 ----a-w- C:\WINDOWS\System32\wuautoappupdate.dll
2018-02-18 10:22:48 165376 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2018-02-18 10:20:08 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2018-02-18 10:19:09 78336 ----a-w- C:\WINDOWS\SysWow64\updatepolicy.dll
2018-02-18 10:16:25 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2018-02-18 10:16:15 299008 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-02-18 10:16:06 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2018-02-18 10:15:15 92672 ----a-w- C:\WINDOWS\System32\updatepolicy.dll
2018-02-18 10:14:25 558080 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-02-18 10:11:55 392192 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2018-02-18 10:11:26 1224704 ----a-w- C:\WINDOWS\System32\dosvc.dll
2018-02-12 21:56:38 51200 ----a-w- C:\WINDOWS\System32\wbem\WUAProvider.dll
2018-02-07 14:31:57 209408 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2018-02-07 14:31:48 231424 ----a-w- C:\WINDOWS\System32\msclmd.dll
2018-02-07 14:24:26 5117440 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2018-02-02 20:18:36 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-02-02 20:18:36 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-01-19 20:07:48 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-01-19 19:22:59 333312 ----a-w- C:\WINDOWS\SysWow64\SensorsApi.dll
2018-01-18 00:05:52 108584 ----a-w- C:\WINDOWS\System32\osrss.dll
.
============= FINISH: 17:43:38.05 ===============

Attached Files

attach.txt (13.2 KB)

↧

ClipConverter Malware

April 18, 2018, 1:28 pm

≫ Next: Have viruses

≪ Previous: Infected?

ClipConverter Malware:

Ads appear at bottom right when I bring up Chrome. (Not other browsers) I Tried Malwarebytes, Super antispyware, and Spybot to get rid of it. These failed so I was hoping you folks could help.

PS: If it matters I picked this up when I was trying to find a new site for downloading Youtube vids. Clicked on the wrong link. (Yeah, Stupid) It was from one of the sites recommended by these links:

hXXXs://itube.aimersoft.com/download-youtube/top-website-to-download-youtube-videos.html

OR

hXXXs://www.stacktunnel.com/13-best-websites-to-download-youtube-videos-for-free.html

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18978
Run by owner at 12:33:39 on 2018-04-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4122 [GMT -7:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus *Enabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: AVG Antivirus *Enabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Users\owner\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D5965D2A-D30A-484C-8A7C-609CCC538EAA} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{FE117B29-E2E1-442F-A42E-AB351B172553} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
x64-BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2g4bv4ef.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avgbidsh;avgbidsh;C:\Windows\System32\drivers\avgbidsha.sys [2017-4-5 192536]
R0 avgblog;avgblog;C:\Windows\System32\drivers\avgbloga.sys [2017-4-5 336848]
R0 avgbuniv;avgbuniv;C:\Windows\System32\drivers\avgbuniva.sys [2017-4-5 50776]
R0 avgRvrt;avgRvrt;C:\Windows\System32\drivers\avgRvrt.sys [2017-4-5 76760]
R0 avgVmm;avgVmm;C:\Windows\System32\drivers\avgVmm.sys [2017-4-5 372920]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2018-4-15 253664]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2016-2-12 56208]
R1 avgArPot;avgArPot;C:\Windows\System32\drivers\avgArPot.sys [2017-11-27 189032]
R1 avgbdisk;avgbdisk;C:\Windows\System32\drivers\avgbdiska.sys [2017-4-5 166064]
R1 avgbidsdriver;avgbidsdriver;C:\Windows\System32\drivers\avgbidsdrivera.sys [2017-4-5 220600]
R1 avgRdr;avgRdr;C:\Windows\System32\drivers\avgRdr2.sys [2017-4-5 103744]
R1 avgSnx;avgSnx;C:\Windows\System32\drivers\avgSnx.sys [2017-4-5 1019088]
R1 avgSP;avgSP;C:\Windows\System32\drivers\avgSP.sys [2017-4-5 452904]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2018-4-15 76192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPAntiSpyware\SASCORE64.EXE [2014-7-22 173472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2018-4-13 314688]
R2 avgMonFlt;avgMonFlt;C:\Windows\System32\drivers\avgMonFlt.sys [2017-4-5 139608]
R2 avgStm;avgStm;C:\Windows\System32\drivers\avgStm.sys [2017-4-5 198368]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-16 1148560]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2016-2-12 2751760]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2018-4-15 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-15 6479136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2018-4-6 604312]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-16 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-2-16 21833360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-16 416432]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2017-12-9 778696]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2016-11-8 980552]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2018-4-13 7653992]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2018-4-15 112864]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2018-4-15 44768]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2018-4-15 93816]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2018-4-6 111608]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-16 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-2-16 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2016-1-27 980224]
R3 WacHidRouterPro;Wacom Hid Router Pro;C:\Windows\System32\drivers\wachidrouter.sys [2017-12-9 115192]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2017-12-9 17912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 avgHwid;avgHwid;C:\Windows\System32\drivers\avgHwid.sys [2017-4-5 39352]
S3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88178.sys [2009-10-1 56320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-4-10 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2015-11-5 23040]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-1-23 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-04-15 23:12:19 44768 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-04-15 23:12:16 93816 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-04-15 23:12:15 193768 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2018-04-15 23:12:15 112864 ----a-w- C:\Windows\System32\drivers\farflt.sys
2018-04-15 23:12:08 253664 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2018-04-15 23:11:56 76192 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-04-15 23:11:50 -------- d-----w- C:\ProgramData\Malwarebytes
2018-04-15 23:11:50 -------- d-----w- C:\Program Files\Malwarebytes
2018-04-14 21:31:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2018-04-14 21:31:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-13 09:29:17 377584 ----a-w- C:\Windows\System32\avgBoot.exe
2018-04-07 04:59:57 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2018-04-07 04:59:47 -------- d-----w- C:\Program Files (x86)\McAfee
2018-04-07 04:59:39 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2018-04-07 04:46:23 -------- d-----w- C:\Users\owner\AppData\Roaming\iFunbox_UserCache
.
==================== Find3M ====================
.
2018-04-13 09:29:47 139608 ----a-w- C:\Windows\System32\drivers\avgMonFlt.sys
2018-04-13 02:53:48 136971704 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-03-31 02:09:32 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-31 02:09:32 5583040 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-31 02:09:31 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-31 02:09:31 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-31 01:45:09 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-31 01:39:49 3958464 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-31 01:39:48 4046528 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-31 01:38:02 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-31 01:12:37 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-31 01:06:57 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-31 01:06:53 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-31 01:06:53 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-31 01:06:11 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-31 01:03:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-31 01:02:38 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-31 01:02:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-31 00:59:32 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-31 00:58:57 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-31 00:58:56 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-31 00:58:09 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-31 00:58:06 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-31 00:51:23 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-31 00:47:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-31 00:47:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-31 00:47:54 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-31 00:47:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-31 00:47:08 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-31 00:47:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-31 00:47:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-31 00:47:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-31 00:47:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-28 07:30:01 3225600 ----a-w- C:\Windows\System32\win32k.sys
2018-03-22 21:32:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-03-22 21:32:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-03-22 21:18:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-03-22 21:17:45 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-03-22 21:17:42 578048 ----a-w- C:\Windows\System32\vbscript.dll
2018-03-22 21:17:40 417280 ----a-w- C:\Windows\System32\html.iec
2018-03-22 21:17:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-03-22 21:15:46 5780480 ----a-w- C:\Windows\System32\jscript9.dll
2018-03-22 21:06:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-03-22 21:06:16 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-03-22 21:05:56 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-03-22 21:04:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-03-22 20:58:51 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-03-22 20:52:24 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-03-22 20:52:19 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-03-22 20:51:37 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-03-22 20:51:25 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-03-22 20:50:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-03-22 20:49:09 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-03-22 20:48:50 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-03-22 20:42:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-03-22 20:41:48 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-03-22 20:29:07 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-03-22 20:28:43 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-03-22 20:27:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-03-22 20:27:21 2135552 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-03-22 20:21:34 4496896 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-03-22 20:15:42 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-03-22 20:14:47 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-03-22 20:14:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-03-22 19:55:02 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-03-14 17:14:44 135360 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2018-03-14 17:09:56 656384 ----a-w- C:\Windows\System32\aeinv.dll
2018-03-14 13:05:15 739840 ----a-w- C:\Windows\System32\generaltel.dll
2018-03-14 13:05:15 599552 ----a-w- C:\Windows\System32\devinv.dll
2018-03-14 13:05:15 450048 ----a-w- C:\Windows\System32\centel.dll
2018-03-14 13:05:15 414720 ----a-w- C:\Windows\System32\invagent.dll
2018-03-14 13:05:15 1559552 ----a-w- C:\Windows\System32\appraiser.dll
2018-03-14 13:05:14 291840 ----a-w- C:\Windows\System32\acmigration.dll
2018-03-14 13:05:14 237056 ----a-w- C:\Windows\System32\aepic.dll
2018-03-14 13:05:14 1993728 ----a-w- C:\Windows\System32\aitstatic.exe
2018-03-10 17:11:45 340480 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2018-03-09 18:18:00 309440 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-03-09 18:12:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2018-03-09 18:12:47 111616 ----a-w- C:\Windows\SysWow64\t2embed.dll
2018-03-09 18:12:12 383680 ----a-w- C:\Windows\System32\atmfd.dll
2018-03-09 18:12:07 71680 ----a-w- C:\Windows\SysWow64\fontsub.dll
2018-03-09 18:11:42 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2018-03-09 18:07:45 152064 ----a-w- C:\Windows\System32\t2embed.dll
2018-03-09 18:07:21 41472 ----a-w- C:\Windows\System32\lpk.dll
2018-03-09 18:07:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2018-03-09 18:06:41 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-03-09 18:06:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
2018-03-09 17:31:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2018-03-06 18:13:57 148160 ----a-w- C:\Windows\SysWow64\basecsp.dll
2018-03-06 18:11:54 52224 ----a-w- C:\Windows\SysWow64\wsnmp32.dll
2018-03-06 18:11:35 184320 ----a-w- C:\Windows\SysWow64\scksp.dll
2018-03-06 18:10:17 170176 ----a-w- C:\Windows\System32\basecsp.dll
2018-03-06 18:07:32 67072 ----a-w- C:\Windows\System32\wsnmp32.dll
2018-03-06 18:07:19 229376 ----a-w- C:\Windows\System32\scksp.dll
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 03:06:40 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-13 23:58:26 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-02-13 23:58:26 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
.
============= FINISH: 12:34:17.17 ===============

Attached Files

	dds.txt (24.8 KB)
	attach.txt (6.1 KB)

↧

Have viruses

April 21, 2018, 10:30 am

≫ Next: Site has been hacked ans possibly infected

≪ Previous: ClipConverter Malware

Hi,

There was a software that was tried to be downloaded on my desktop pc but instead of downloading it install malware and viruses. I tried to use malwarebytes but, it's still there. It's keeping some software from updating and it's popping up a window and playing ads in the background among other stuff. 2 of them are called wonk and vegetative. I have made the scans on the pc and have attached here. You can see them in the list which all started on 4/19/18.

Thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.371
Run by Owner Pc at 12:25:49 on 2018-04-21
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.3543.617 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Disabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: Spybot - Search and Destroy *Disabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
SP: AVG Antivirus *Disabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\sihost.exe
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Laminar\wonk.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Users\Owner Pc\AppData\Local\wonk.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Users\Owner Pc\AppData\Local\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Laminar\wonk.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Users\Owner Pc\AppData\Local\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\wonk.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
C:\WINDOWS\system32\wermgr.exe
C:\Windows\System32\CastSrv.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\narcissists\mariachis.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\WINDOWS\System32\cscript.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} -
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -
uRun: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
uRun: [GoogleChromeAutoLaunch_14399BCFD00E0923DB73716F5BDDCFA3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [unpreparedness] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
uRun: [unpreparednessmercurial] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
uRun: [unpreparednessunpreparedness] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
uRun: [sinks] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
uRun: [sinkspurse] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
uRun: [sinkssinks] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
uRun: [mariachis] "C:\Program Files (x86)\narcissists\mariachis.exe" qlvhrv
uRun: [unrepeatable] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
mRun: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
mRun: [Raptr] C:\Program Files (x86)\RAPTRI~1\Raptr\RAPTRS~1.EXE --startup
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mercurial] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
mRun: [mercurialunpreparedness] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
mRun: [mercurialmercurial] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
StartupFolder: C:\Users\OWNERP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ricci.lnk - C:\Program Files (x86)\Maharajah\Vegetative.exe
StartupFolder: C:\Users\OWNERP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RICCIR~1.LNK - C:\Program Files (x86)\remotely\wonk.exe
uPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{d8ec6137-d87a-414e-b587-e523386f92a5} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [purse] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
x64-Run: [pursesinks] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
x64-Run: [pursepurse] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
x64-mPolicies-Explorer: MemCheckBoxInRunDlg = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-12-12 36608]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\bin\a2ddax64.sys [2018-4-19 26176]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-10 240640]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2016-8-18 49448]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-21 16:20:34 -------- d-----w- C:\Users\Owner Pc\AppData\Local\msahcbo
2018-04-21 04:25:03 -------- d-----w- C:\Users\Owner Pc\AppData\Local\sbcgenx
2018-04-21 01:18:22 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nvcxdsh
2018-04-21 01:10:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2018-04-21 01:10:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-21 01:09:45 -------- d-----w- C:\Users\Owner Pc\AppData\Local\coatghz
2018-04-21 00:57:07 -------- d-----w- C:\Users\Owner Pc\AppData\Local\lmkrcnb
2018-04-21 00:02:09 -------- d-----w- C:\Users\Owner Pc\AppData\Local\zarnhvb
2018-04-20 20:02:14 -------- d-----w- C:\Users\Owner Pc\AppData\Local\zamcruv
2018-04-20 19:14:31 253880 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-04-20 19:14:06 77432 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-04-20 19:12:46 -------- d-----w- C:\ProgramData\MB3CoreBackup
2018-04-20 19:12:23 -------- d-----w- C:\ProgramData\MB2Migration
2018-04-20 19:10:34 -------- d-----w- C:\Users\Owner Pc\AppData\Local\CrashDumps
2018-04-20 19:01:09 -------- d-----w- C:\SUPERDelete
2018-04-20 18:49:11 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nievrlm
2018-04-20 18:38:55 -------- d-----w- C:\Users\Owner Pc\AppData\Local\wdecloh
2018-04-20 14:35:43 35064 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
2018-04-20 14:35:39 -------- d-----w- C:\ProgramData\RogueKiller
2018-04-20 03:42:11 -------- d-----w- C:\EEK
2018-04-20 03:36:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2018-04-20 03:33:56 -------- d-----w- C:\Users\Owner Pc\AppData\Local\exndcso
2018-04-20 03:25:48 -------- d-----w- C:\AdwCleaner
2018-04-20 03:18:12 -------- d-----w- C:\Users\Owner Pc\AppData\Local\rangucv
2018-04-20 03:14:54 -------- d-----w- C:\WINDOWS\pss
2018-04-20 03:01:16 -------- d-----w- C:\Users\Owner Pc\AppData\Local\snovhtd
2018-04-20 01:33:40 -------- d-----w- C:\Users\Owner Pc\AppData\Local\msenogd
2018-04-20 01:21:44 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nvkopir
2018-04-20 00:56:21 -------- d-----w- C:\Users\Owner Pc\AppData\Local\exswkto
2018-04-20 00:56:14 -------- d-----w- C:\Users\Owner Pc\AppData\Local\wmcagent
2018-04-20 00:50:30 -------- d-----w- C:\Users\Owner Pc\AppData\Local\aucnhit
2018-04-20 00:49:33 14558320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{270E034D-CB6E-40CD-BFAD-20AF1C26D2B3}\mpengine.dll
2018-04-20 00:48:43 2888704 ----a-w- C:\WINDOWS\System32\vdcxanisvc.exe
2018-04-20 00:48:35 -------- d-----w- C:\WINDOWS\SysWow64\zahbrgl
2018-04-20 00:48:33 -------- d--h--w- C:\Program Files (x86)\narcissists
2018-04-20 00:48:32 -------- d-----w- C:\Program Files (x86)\explainable
2018-04-20 00:48:31 -------- d--h--w- C:\Program Files (x86)\Laminar
2018-04-20 00:48:31 -------- d-----w- C:\Program Files (x86)\remotely
2018-04-20 00:48:31 -------- d-----w- C:\Program Files (x86)\Maharajah
2018-04-20 00:48:01 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\et
2018-04-19 23:49:06 32768 ----a-w- C:\Users\Owner Pc\AppData\Local\wonk.exe
2018-04-19 23:49:04 32768 ----a-w- C:\WINDOWS\campfire.exe
2018-04-19 23:49:04 32768 ----a-w- C:\Users\Owner Pc\AppData\Local\Vegetative.exe
2018-04-18 22:02:55 14558320 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-16 17:11:17 -------- d-----w- C:\Users\Owner Pc\AppData\Local\Nemex
2018-04-16 17:11:06 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\Mouse Recorder Pro
2018-04-11 03:19:57 835064 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-04-11 03:19:57 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-04-11 00:34:59 80384 ----a-w- C:\WINDOWS\System32\drivers\vmbkmclr.sys
2018-04-11 00:33:58 747416 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2018-04-11 00:32:59 6118400 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2018-04-11 00:31:59 57856 ----a-w- C:\WINDOWS\System32\efssvc.dll
2018-04-11 00:31:59 29184 ----a-w- C:\WINDOWS\System32\wmiprop.dll
2018-04-11 00:31:59 29184 ----a-w- C:\WINDOWS\System32\fdWNet.dll
2018-04-11 00:31:59 25088 ----a-w- C:\WINDOWS\SysWow64\wmiprop.dll
2018-04-11 00:31:59 25088 ----a-w- C:\WINDOWS\SysWow64\fdWNet.dll
2018-04-11 00:31:59 18944 ----a-w- C:\WINDOWS\System32\nrpsrv.dll
2018-04-11 00:05:26 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51373C18-B129-427F-8FC5-82F5AA2DE4B7}\MpKsl383397b0.sys
2018-04-07 23:01:33 -------- d-----w- C:\Program Files (x86)\Botmaster Labs
2018-04-07 23:00:33 -------- d-----w- C:\Users\Owner Pc\AppData\Local\AdvinstAnalytics
2018-04-07 23:00:18 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\Botmaster Labs
2018-04-07 21:38:30 -------- d-----w- C:\extensions
2018-04-07 21:34:06 -------- d-----w- C:\ProgramData\CS-Script
2018-04-07 20:54:02 -------- d-----w- C:\Program Files (x86)\FaucetCollector
2018-04-07 20:18:15 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E4BDC84-31F9-4040-93D3-72CBF436D986}\MpKsl357538c7.sys
2018-04-05 23:31:27 377584 ----a-w- C:\WINDOWS\System32\avgBoot.exe
.
==================== Find3M ====================
.
2018-04-21 16:17:33 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2018-04-13 00:08:26 60456 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-04-13 00:08:26 311848 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-04-13 00:08:25 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-04-12 16:32:43 139608 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2018-04-11 01:40:42 136971704 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-04-11 00:53:16 169472 ----a-w- C:\WINDOWS\System32\wuuhosdeployment.dll
2018-04-05 23:30:22 198368 ----a-w- C:\WINDOWS\System32\drivers\avgStm.sys
2018-04-05 23:30:20 372920 ----a-w- C:\WINDOWS\System32\drivers\avgVmm.sys
2018-04-05 23:30:19 76760 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2018-04-05 23:30:19 452904 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2018-04-05 23:30:18 39352 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2018-04-05 23:30:17 189032 ----a-w- C:\WINDOWS\System32\drivers\avgArPot.sys
2018-04-05 23:30:14 103744 ----a-w- C:\WINDOWS\System32\drivers\avgRdr2.sys
2018-04-05 23:28:58 1019088 ----a-w- C:\WINDOWS\System32\drivers\avgSnx.sys
2018-04-05 23:27:38 50776 ----a-w- C:\WINDOWS\System32\drivers\avgbuniva.sys
2018-04-05 23:27:37 336848 ----a-w- C:\WINDOWS\System32\drivers\avgbloga.sys
2018-04-05 23:27:35 192536 ----a-w- C:\WINDOWS\System32\drivers\avgbidsha.sys
2018-04-05 23:27:34 220600 ----a-w- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2018-04-05 23:27:29 166064 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2018-03-30 12:34:45 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-30 05:18:40 1092008 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-03-30 05:14:12 423320 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-30 05:12:57 75168 ----a-w- C:\WINDOWS\System32\drivers\vpci.sys
2018-03-30 05:12:53 270208 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2018-03-30 05:12:49 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-03-30 05:10:17 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-03-30 05:08:35 1415296 ----a-w- C:\WINDOWS\System32\winload.efi
2018-03-30 05:08:33 137112 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-30 05:08:26 2513920 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-30 05:08:10 1568160 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-30 05:07:38 300448 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-30 05:07:08 69528 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-30 05:06:25 166304 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-03-30 05:06:23 53152 ----a-w- C:\WINDOWS\System32\drivers\pcw.sys
2018-03-30 05:05:37 1056152 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-03-30 05:05:30 1206688 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-03-30 05:05:23 191824 ----a-w- C:\WINDOWS\System32\skci.dll
2018-03-30 05:05:22 73120 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-03-30 05:05:22 66720 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-03-30 05:05:18 20888 ----a-w- C:\WINDOWS\System32\kdhvcom.dll
2018-03-30 05:05:17 748448 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-30 05:05:17 59808 ----a-w- C:\WINDOWS\System32\hvhostsvc.dll
2018-03-30 05:05:17 35744 ----a-w- C:\WINDOWS\System32\SDFHost.dll
2018-03-30 05:05:16 22208 ----a-w- C:\WINDOWS\System32\IumSdk.dll
2018-03-30 05:05:15 22800 ----a-w- C:\WINDOWS\System32\iumbase.dll
2018-03-30 05:05:11 15632 ----a-w- C:\WINDOWS\System32\iumdll.dll
2018-03-30 05:04:47 608160 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-30 05:04:30 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-30 05:04:22 2002336 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-30 05:02:23 128416 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2018-03-30 05:01:49 8600480 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-30 05:01:38 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-03-30 05:01:36 1209760 ----a-w- C:\WINDOWS\System32\winload.exe
2018-03-30 05:01:29 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-03-30 05:01:02 34208 ----a-w- C:\WINDOWS\System32\drivers\fs_rec.sys
2018-03-30 05:00:30 94104 ----a-w- C:\WINDOWS\System32\drivers\disk.sys
2018-03-30 05:00:27 2395040 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-03-30 05:00:10 103320 ----a-w- C:\WINDOWS\System32\drivers\mountmgr.sys
2018-03-30 04:59:13 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-03-30 04:59:12 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-03-30 04:58:44 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-03-30 04:58:42 39328 ----a-w- C:\WINDOWS\System32\drivers\storvsc.sys
2018-03-30 04:58:16 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-03-30 04:57:54 121248 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2018-03-30 04:57:53 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-30 04:57:47 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-30 04:57:44 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-03-30 04:57:23 711944 ----a-w- C:\WINDOWS\System32\ci.dll
2018-03-30 04:57:03 31640 ----a-w- C:\WINDOWS\System32\drivers\winhv.sys
2018-03-30 04:57:02 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-03-30 04:56:15 18680 ----a-w- C:\WINDOWS\System32\wshhyperv.dll
2018-03-30 04:55:50 367344 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-03-30 04:55:43 62880 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-03-30 04:54:22 2574240 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-30 04:54:20 749984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-30 04:54:18 408992 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-30 04:54:04 461728 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-03-30 04:53:57 7676304 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-30 04:53:47 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-03-30 04:53:39 94080 ----a-w- C:\WINDOWS\System32\wwapi.dll
2018-03-30 04:53:29 246176 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2018-03-30 04:53:06 712600 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-03-30 04:53:04 163744 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-03-30 04:52:39 247480 ----a-w- C:\WINDOWS\System32\logoncli.dll
2018-03-30 04:52:37 677280 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-30 04:52:36 2457504 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2018-03-30 04:52:29 54688 ----a-w- C:\WINDOWS\System32\drivers\vdrvroot.sys
2018-03-30 04:52:24 192416 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2018-03-30 04:52:18 28520 ----a-w- C:\WINDOWS\System32\vmbuspipe.dll
2018-03-30 04:52:14 47512 ----a-w- C:\WINDOWS\System32\drivers\vmstorfl.sys
2018-03-30 04:52:05 727456 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-03-30 04:52:04 282528 ----a-w- C:\WINDOWS\System32\drivers\rdyboost.sys
2018-03-30 04:52:01 428960 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-03-30 04:51:59 123800 ----a-w- C:\WINDOWS\System32\drivers\mup.sys
2018-03-30 04:51:43 71208 ----a-w- C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys
2018-03-30 04:51:38 125568 ----a-w- C:\WINDOWS\System32\rmclient.dll
2018-03-30 04:51:33 902928 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-03-30 04:51:27 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-30 04:50:40 57760 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
.
============= FINISH: 12:35:46.51 ===============

Attached Files

attach.txt (8.7 KB)

↧

Site has been hacked ans possibly infected

April 22, 2018, 3:44 pm

≫ Next: My Pc is not working properly Antivirus error

≪ Previous: Have viruses

Hello!

One of the sites I manage (psychiatryQbank.com) has been hacked. It had outdated wordpress, templates and plugins versions and also a weak password.

The hacker added many files and pages in the server, created fake users, etc. I manually remove them all and did a wordpress restore from a backup done before the attack. After that, updated everything and changed the password, revised some folders permissions according to the wordpress docs. Also installed a security plugin called All in One WP Security and it now says the site is secure.

I went to this site: https://sitecheck.sucuri.net and did a scan. It says I still have malware.

Anyway, what worries me the most is that this site: psychiatryQbank.com Book Archive seems to be active and I DO NOT HAVE any page or post called 'download' and I do not have any other wordpress instance installed in my server in the 'download' folder. What is worse, I DON'T EVEN HAVE a 'download' folder at all in my server.

Could anyone please help me?
Thank you!

↧

My Pc is not working properly Antivirus error

April 25, 2018, 3:49 am

≫ Next: opera stable 51.0.2830.55

≪ Previous: Site has been hacked ans possibly infected

Something antivirus error in my pc pls guide

↧

opera stable 51.0.2830.55

April 26, 2018, 2:40 pm

≫ Next: slow boot up and programs

≪ Previous: My Pc is not working properly Antivirus error

Hi All.
Went to remove opera browser from my laptop tonight without any success when I noticed the wording in the thread title ,I suspect this is some sort of virus /malware ? any help on how to remove it would be appreciated , thank in advance.

Ted.
OS Windows 8.1 HP Envy laptop.

↧

slow boot up and programs

May 3, 2018, 10:34 am

≫ Next: Damage Caused by Trojans

≪ Previous: opera stable 51.0.2830.55

Hello, recently I installed secondary harddisk and now my machine is very slow. Security Essential found viruses on it and deleted it, also Antibytes found some malware on primary harddisk. I also ran ESETonline scan but nothing was found. i am attaching DDS' attach.txt,

dds.txt:-

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18698
Run by MoaxxaM at 15:07:27 on 2018-05-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3543.3012 [GMT 5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: EGet Class: {1E871FF8-029C-4732-8AA7-39E3D3872057} - c:\program files\eagleget\eagleSniffer.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with EagleGet - c:\program files\eagleget\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files\eagleget\IEGraberBHO.dll/201
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{091DB5C2-36F9-423B-B070-492FA38509E8} : DHCPNameServer = 192.168.10.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\66.0.3359.139\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\moaxxam\appdata\roaming\mozilla\firefox\profiles\xmntywwz.default-1519943099510\
FF - plugin: c:\program files\eagleget\npEagleget.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.33.7\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_28_0_0_137.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2016-8-25 252808]
R3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-12-20 369416]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2016-8-25 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-11-14 280864]
R3 tapwindscribe0901;Windscribe VPN;c:\windows\system32\drivers\tapwindscribe0901.sys [2018-1-24 41976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 eagleGet;eagleGet;c:\windows\system32\drivers\eagleGet.sys [2017-11-28 62064]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2017-6-17 104960]
S3 MBAMService;Malwarebytes Service;e:\anti-malware\MBAMService.exe [2018-4-17 4707104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-6-21 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2017-6-21 49152]
S3 WindscribeService;WindscribeService;c:\program files\windscribe\WindscribeService.exe [2018-1-24 372328]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2017-6-25 3105144]
S4 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
S4 egGetSvc;egGetSvc;c:\program files\eagleget\EGMonitor.exe [2017-11-28 247992]
.
=============== Created Last 30 ================
.
2018-05-02 16:32:45 11847976 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7f440229-c123-48d9-af8e-2ceaf02ec572}\mpengine.dll
2018-05-01 09:18:00 11847976 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2018-04-17 11:18:29 -------- dc----w- c:\users\moaxxam\appdata\local\Steam
2018-04-17 10:25:49 -------- dc----w- c:\program files\common files\Steam
2018-04-17 09:40:16 58656 ----a-w- c:\windows\system32\drivers\mbae.sys
2018-04-15 05:26:28 1893376 ----a-w- c:\windows\system32\aitstatic.exe
2018-04-15 05:26:27 594944 ----a-w- c:\windows\system32\generaltel.dll
2018-04-15 05:26:27 535040 ----a-w- c:\windows\system32\aeinv.dll
2018-04-15 05:26:27 507392 ----a-w- c:\windows\system32\devinv.dll
2018-04-15 05:26:27 338432 ----a-w- c:\windows\system32\invagent.dll
2018-04-15 05:26:27 338432 ----a-w- c:\windows\system32\centel.dll
2018-04-15 05:26:27 238592 ----a-w- c:\windows\system32\acmigration.dll
2018-04-15 05:26:27 190976 ----a-w- c:\windows\system32\aepic.dll
2018-04-15 05:26:27 1319424 ----a-w- c:\windows\system32\appraiser.dll
2018-04-15 05:26:27 116928 ----a-w- c:\windows\system32\CompatTelRunner.exe
2018-04-07 07:10:37 133987696 -c--a-w- c:\windows\system32\MRT-KB890830.exe
.
==================== Find3M ====================
.
.
============= FINISH: 15:08:50.67 ===============

Thanks.

Attached Files

attach.zip (3.4 KB)

↧

Damage Caused by Trojans

May 6, 2018, 9:25 pm

≫ Next: Malware removal help

≪ Previous: slow boot up and programs

Win10 OS: On April 19th I was attempting to register on a (legal) foreign website. As soon as I entered my registration application, the registration process stopped and my computer immediately started acting crazy. I immediately closed the browser and ran a Windows Defender full scan. It quarantined and removed 4 Trojans. After that, the computer went back to performing normally but there appears to be damage to some folders, files & programs, possibly including Windows. I have run several subsequent full scans with WinDefender, all show clear, no threats detected. First thing I want to verify that all malware has been removed. Then I want advice on locating & repairing damage. I am in no hurry and I hope you are not in a big hurry. I am very old, very slow, and vision impaired. Thanks in advance for your patience. Also, my location is in time zone GMT+10 hrs. Therefore I may not see your reply until following day.
I have no access to a Windows Install disc, or a Boot CD
I have the "Attach - Notepad" but I read this on it "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
So, I am waiting for "specific instruction" to attach it.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.371
Run by Jerry at 13:58:05 on 2018-05-07
Microsoft Windows 10 Pro 10.0.16299.0.1252.1.1033.18.16156.12861 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\SysWOW64\DllHost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\shabu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\taskhostw.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\Magnify.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
uRun: [OneDrive] "C:\Users\shabu\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Chromium] "c:\users\shabu\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9b128a91-5cf3-490a-8f8c-6f0a529942f4} : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-9-29 293272]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-4-11 71208]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 59808]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_104cdfd8;Connected Devices Platform User Service_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2018-1-1 8566440]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2018-1-1 1659456]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-10-20 365040]
R2 OneSyncSvc_104cdfd8;Sync Host_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-14 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-11 79872]
R2 TeamViewer;TeamViewer 13;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-4-28 11293936]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_104cdfd8;Windows Push Notifications User Service_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-2-28 231944]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2017-9-29 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2017-9-29 3485696]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-11 75264]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-4-26 61472]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe [2018-4-26 4632736]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-9-29 126872]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-9-29 158616]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-9-29 143768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\WINDOWS\System32\svchost.exe -k AssignedAccessManagerSvc [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_104cdfd8;DevicesFlow_104cdfd8;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_104cdfd8;MessagingService_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 192512]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_104cdfd8;Contact Data_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_104cdfd8;PrintWorkflow_104cdfd8;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-12-13 4329952]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smbdirect;smbdirect;C:\WINDOWS\System32\drivers\smbdirect.sys [2017-9-29 151552]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-4-11 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-11-30 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_104cdfd8;User Data Storage_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-11-30 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_104cdfd8;User Data Access_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-4-11 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-7-15 151184]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-4-11 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2018-4-11 819104]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-9-29 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-9-29 1190400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-05-07 02:12:24 -------- d--h--w- C:\OneDriveTemp
2018-05-06 04:47:00 14575456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B960B235-3B33-425B-ACB3-88ED9D3BD1EF}\mpengine.dll
2018-05-05 09:45:36 14575456 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-28 02:09:12 -------- d-----w- C:\Users\shabu\AppData\Local\TeamViewer
2018-04-27 23:01:08 -------- d-----w- C:\Users\shabu\AppData\Roaming\TeamViewer
2018-04-27 23:00:59 -------- d-----w- C:\Program Files (x86)\TeamViewer
2018-04-23 12:28:50 211632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-04-23 12:18:48 465072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-04-23 12:16:34 29872 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2018-04-23 00:40:53 96152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpCom.dll
2018-04-23 00:40:53 95128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpAsDesc.dll
2018-04-23 00:40:53 463904 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\OfflineScannerShell.exe
2018-04-23 00:40:53 444824 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpRes.dll
2018-04-23 00:40:53 442576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpCmdRun.exe
2018-04-23 00:40:53 349080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpCommu.dll
2018-04-23 00:40:53 2306456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpSvc.dll
2018-04-23 00:40:53 156056 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\EppManifest.dll
2018-04-23 00:40:53 14232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpLics.dll
2018-04-23 00:40:53 1289112 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsAsCui.exe
2018-04-23 00:40:53 1072536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpClient.dll
2018-04-23 00:40:53 105944 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpEng.exe
2018-04-19 17:37:47 -------- d-----w- C:\WINDOWS\Microsoft Antimalware
2018-04-18 20:46:28 -------- d-sh--w- C:\found.000
2018-04-10 22:30:00 956928 ----a-w- C:\WINDOWS\SysWow64\rdpbase.dll
2018-04-10 22:29:59 96256 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
.
==================== Find3M ====================
.
2018-05-07 02:12:06 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-26 09:34:02 61472 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-04-26 09:34:02 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-04-26 09:34:02 313888 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-04-10 22:32:38 136971704 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-04-10 22:30:35 169472 ----a-w- C:\WINDOWS\System32\wuuhosdeployment.dll
2018-04-03 19:37:46 835064 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-04-03 19:37:46 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-30 12:34:45 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-30 05:18:40 1092008 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-03-30 05:14:12 423320 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-30 05:12:57 75168 ----a-w- C:\WINDOWS\System32\drivers\vpci.sys
2018-03-30 05:12:53 270208 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2018-03-30 05:12:49 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-03-30 05:10:17 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-03-30 05:08:35 1415296 ----a-w- C:\WINDOWS\System32\winload.efi
2018-03-30 05:08:33 137112 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-30 05:08:26 2513920 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-30 05:08:10 1568160 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-30 05:07:38 300448 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-30 05:07:08 69528 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-30 05:06:25 166304 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-03-30 05:06:23 53152 ----a-w- C:\WINDOWS\System32\drivers\pcw.sys
2018-03-30 05:05:37 1056152 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-03-30 05:05:30 1206688 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-03-30 05:05:23 191824 ----a-w- C:\WINDOWS\System32\skci.dll
2018-03-30 05:05:22 73120 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-03-30 05:05:22 66720 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-03-30 05:05:18 20888 ----a-w- C:\WINDOWS\System32\kdhvcom.dll
2018-03-30 05:05:17 748448 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-30 05:05:17 59808 ----a-w- C:\WINDOWS\System32\hvhostsvc.dll
2018-03-30 05:05:17 35744 ----a-w- C:\WINDOWS\System32\SDFHost.dll
2018-03-30 05:05:16 22208 ----a-w- C:\WINDOWS\System32\IumSdk.dll
2018-03-30 05:05:15 22800 ----a-w- C:\WINDOWS\System32\iumbase.dll
2018-03-30 05:05:11 15632 ----a-w- C:\WINDOWS\System32\iumdll.dll
2018-03-30 05:04:47 608160 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-30 05:04:30 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-30 05:04:22 2002336 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-30 05:02:23 128416 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2018-03-30 05:01:49 8600480 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-30 05:01:38 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-03-30 05:01:36 1209760 ----a-w- C:\WINDOWS\System32\winload.exe
2018-03-30 05:01:29 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-03-30 05:01:02 34208 ----a-w- C:\WINDOWS\System32\drivers\fs_rec.sys
2018-03-30 05:00:30 94104 ----a-w- C:\WINDOWS\System32\drivers\disk.sys
2018-03-30 05:00:27 2395040 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-03-30 05:00:10 103320 ----a-w- C:\WINDOWS\System32\drivers\mountmgr.sys
2018-03-30 04:59:13 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-03-30 04:59:12 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-03-30 04:58:44 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-03-30 04:58:42 39328 ----a-w- C:\WINDOWS\System32\drivers\storvsc.sys
2018-03-30 04:58:16 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-03-30 04:57:54 121248 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2018-03-30 04:57:53 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-30 04:57:47 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-30 04:57:44 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-03-30 04:57:23 711944 ----a-w- C:\WINDOWS\System32\ci.dll
2018-03-30 04:57:03 31640 ----a-w- C:\WINDOWS\System32\drivers\winhv.sys
2018-03-30 04:57:02 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-03-30 04:56:15 18680 ----a-w- C:\WINDOWS\System32\wshhyperv.dll
2018-03-30 04:55:50 367344 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-03-30 04:55:43 62880 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-03-30 04:54:22 2574240 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-30 04:54:20 749984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-30 04:54:18 408992 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-30 04:54:09 645536 ----a-w- C:\WINDOWS\System32\AppVPublishing.dll
2018-03-30 04:54:08 670112 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2018-03-30 04:54:04 461728 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-03-30 04:53:59 831392 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2018-03-30 04:53:57 7676304 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-30 04:53:57 40352 ----a-w- C:\WINDOWS\System32\AppVClientPS.dll
2018-03-30 04:53:47 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-03-30 04:53:39 94080 ----a-w- C:\WINDOWS\System32\wwapi.dll
2018-03-30 04:53:39 495008 ----a-w- C:\WINDOWS\System32\TransportDSA.dll
2018-03-30 04:53:29 246176 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2018-03-30 04:53:08 2220952 ----a-w- C:\WINDOWS\System32\AppVEntSubsystems64.dll
2018-03-30 04:53:06 712600 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-03-30 04:53:04 163744 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-03-30 04:52:39 247480 ----a-w- C:\WINDOWS\System32\logoncli.dll
2018-03-30 04:52:37 677280 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-30 04:52:36 2457504 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2018-03-30 04:52:29 54688 ----a-w- C:\WINDOWS\System32\drivers\vdrvroot.sys
2018-03-30 04:52:24 192416 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2018-03-30 04:52:18 28520 ----a-w- C:\WINDOWS\System32\vmbuspipe.dll
2018-03-30 04:52:14 47512 ----a-w- C:\WINDOWS\System32\drivers\vmstorfl.sys
2018-03-30 04:52:05 727456 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-03-30 04:52:04 282528 ----a-w- C:\WINDOWS\System32\drivers\rdyboost.sys
2018-03-30 04:52:01 428960 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-03-30 04:51:59 123800 ----a-w- C:\WINDOWS\System32\drivers\mup.sys
2018-03-30 04:51:43 71208 ----a-w- C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys
2018-03-30 04:51:38 125568 ----a-w- C:\WINDOWS\System32\rmclient.dll
2018-03-30 04:51:33 902928 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-03-30 04:51:27 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-30 04:50:40 57760 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-03-30 04:50:19 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-03-30 04:49:34 204184 ----a-w- C:\WINDOWS\System32\basecsp.dll
2018-03-30 04:48:56 1628064 ----a-w- C:\WINDOWS\System32\AppVIntegration.dll
2018-03-30 04:48:52 819104 ----a-w- C:\WINDOWS\System32\AppVClient.exe
2018-03-30 04:48:50 744856 ----a-w- C:\WINDOWS\System32\AppVReporting.dll
2018-03-30 04:48:49 397720 ----a-w- C:\WINDOWS\System32\AppVScripting.dll
.
============= FINISH: 13:58:21.12 ===============

↧

Malware removal help

May 7, 2018, 9:51 am

≫ Next: Need help with MAC Virus.

≪ Previous: Damage Caused by Trojans

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18978
Run by Administrator at 11:27:00 on 2018-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2090 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\3456E647572797C496E6B673334323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\3456E647572797C496E6B673334323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\77164736864767 : DHCPNameServer = 192.168.3.1 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\77164736864767D27657563747 : DHCPNameServer = 192.168.3.1 192.168.33.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\A4563737 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\A4563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656 : DHCPNameServer = 192.168.3.1 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656D27657563747 : DHCPNameServer = 192.168.3.1 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-10 55856]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2018-4-3 76192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-6-3 737984]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-10 98208]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2319848]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2018-4-3 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-3 6479136]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-12-11 292568]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2016-4-11 153616]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2018-4-3 253664]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-5-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-5-10 181248]
R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [2018-3-11 49336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2017-12-14 41608]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2017-12-14 41208]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-3-4 196440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-4-12 116224]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-10 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-10 317440]
S3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2018-4-3 112864]
S3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2018-4-3 44768]
S3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2018-4-3 93816]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2013-12-31 11264]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-5 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-10 250984]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-15 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-4 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-10 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2018-05-07 16:26:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31D0AA2D-F37B-45A8-B2ED-33F339897155}\offreg.928.dll
2018-05-06 20:48:49 14575456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31D0AA2D-F37B-45A8-B2ED-33F339897155}\mpengine.dll
2018-05-06 16:38:38 -------- d-----w- C:\Users\Administrator\AppData\Local\{13494F51-436D-4212-83E9-659BE99B505D}
2018-05-05 20:26:21 14575456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-05-05 16:33:18 -------- d-----w- C:\Users\Administrator\AppData\Local\{59DADED3-2A6F-42CD-8301-8851D0EDBB6F}
2018-05-02 18:54:50 -------- d-----w- C:\Users\Administrator\AppData\Local\{A800D406-928B-4499-A5FC-DD1B4381DF20}
2018-04-26 22:35:20 -------- d-----w- C:\Users\Administrator\AppData\Local\{25A911BB-58CC-485D-B20A-7BEAEFBE06D4}
2018-04-24 15:26:35 -------- d-----w- C:\Users\Administrator\AppData\Local\{1F880E7D-6F50-4973-BEE0-E8635BF26B88}
2018-04-21 17:13:22 -------- d-----w- C:\Users\Administrator\AppData\Local\{7B72FCE4-0DB4-4A0C-8266-17CBA8E4A9B1}
2018-04-16 19:53:26 -------- d-----w- C:\Users\Administrator\AppData\Local\{B6092212-C69D-484F-9D80-4A0922BE1742}
2018-04-12 16:09:48 995272 ----a-w- C:\Windows\System32\ucrtbase.dll
2018-04-12 15:50:01 -------- d-----w- C:\Users\Administrator\AppData\Local\{E1F1010D-8577-4B94-8017-F0206A0BF204}
2018-04-12 02:59:01 -------- d-----w- C:\Users\Administrator\AppData\Local\{1BACD88F-C175-434A-8442-9D5C94CA7E22}
2018-04-11 01:26:52 -------- d-----w- C:\Users\Administrator\AppData\Local\{971E8156-12AB-4F1C-8956-5A9DE2679FF2}
2018-04-09 22:10:47 -------- d-----w- C:\Users\Administrator\AppData\Local\{FD507808-97B4-418A-A6E2-DE8A3D81F7D7}
2018-04-08 20:56:08 -------- d-----w- C:\Users\Administrator\AppData\Local\{B9782BAD-64B2-4E17-B427-66D1461F6D59}
2018-04-07 18:06:00 -------- d-----w- C:\ProgramData\Dell Inc
2018-04-07 18:05:52 -------- d-----w- C:\ProgramData\SupportAssist
2018-04-07 17:34:27 1993728 ----a-w- C:\Windows\System32\aitstatic.exe
2018-04-07 17:34:26 739840 ----a-w- C:\Windows\System32\generaltel.dll
2018-04-07 17:34:26 656384 ----a-w- C:\Windows\System32\aeinv.dll
2018-04-07 17:34:26 599552 ----a-w- C:\Windows\System32\devinv.dll
2018-04-07 17:34:26 450048 ----a-w- C:\Windows\System32\centel.dll
2018-04-07 17:34:26 414720 ----a-w- C:\Windows\System32\invagent.dll
2018-04-07 17:34:26 291840 ----a-w- C:\Windows\System32\acmigration.dll
2018-04-07 17:34:26 237056 ----a-w- C:\Windows\System32\aepic.dll
2018-04-07 17:34:26 1559552 ----a-w- C:\Windows\System32\appraiser.dll
2018-04-07 17:34:26 135360 ----a-w- C:\Windows\System32\CompatTelRunner.exe
.
==================== Find3M ====================
.
2018-05-07 14:43:05 253664 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2018-04-12 16:13:18 136971704 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-04-10 21:02:12 804864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-04-10 21:02:12 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-04-06 01:34:44 93816 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-04-05 19:24:18 44768 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-04-05 19:24:02 112864 ----a-w- C:\Windows\System32\drivers\farflt.sys
2018-04-04 00:16:27 193768 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2018-03-31 02:09:32 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-31 02:09:32 5583040 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-31 02:09:31 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-31 02:09:31 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-31 01:45:09 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-31 01:39:49 3958464 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-31 01:39:48 4046528 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-31 01:38:02 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-31 01:12:37 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-31 01:06:57 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-31 01:06:53 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-31 01:06:53 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-31 01:06:11 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-31 01:03:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-31 01:02:38 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-31 01:02:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-31 00:59:32 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-31 00:58:57 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-31 00:58:56 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-31 00:58:09 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-31 00:58:06 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-31 00:51:23 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-31 00:47:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-31 00:47:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-31 00:47:54 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-31 00:47:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-31 00:47:08 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-31 00:47:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-31 00:47:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-31 00:47:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-31 00:47:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-28 07:30:01 3225600 ----a-w- C:\Windows\System32\win32k.sys
2018-03-22 21:32:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-03-22 21:32:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-03-22 21:18:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-03-22 21:17:45 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-03-22 21:17:42 578048 ----a-w- C:\Windows\System32\vbscript.dll
2018-03-22 21:17:40 417280 ----a-w- C:\Windows\System32\html.iec
2018-03-22 21:17:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-03-22 21:15:46 5780480 ----a-w- C:\Windows\System32\jscript9.dll
2018-03-22 21:06:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-03-22 21:06:16 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-03-22 21:05:56 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-03-22 21:04:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-03-22 20:58:51 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-03-22 20:52:24 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-03-22 20:52:19 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-03-22 20:51:37 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-03-22 20:51:25 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-03-22 20:50:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-03-22 20:49:09 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-03-22 20:48:50 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-03-22 20:42:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-03-22 20:41:48 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-03-22 20:29:07 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-03-22 20:28:43 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-03-22 20:27:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-03-22 20:27:21 2135552 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-03-22 20:21:34 4496896 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-03-22 20:15:42 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-03-22 20:14:47 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-03-22 20:14:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-03-22 19:55:02 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-03-19 17:57:14 76192 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-03-12 03:43:48 2160888 ----a-w- C:\Windows\System32\WudfUpdate_01009.dll
2018-03-12 03:43:46 144048 ----a-w- C:\Windows\System32\drivers\UMDF\WirelessDevice.dll
2018-03-12 03:43:42 49336 ----a-w- C:\Windows\System32\drivers\WirelessKeyboardFilter.sys
2018-03-10 17:11:45 340480 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2018-03-09 18:18:00 309440 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-03-09 18:12:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2018-03-09 18:12:47 111616 ----a-w- C:\Windows\SysWow64\t2embed.dll
2018-03-09 18:12:12 383680 ----a-w- C:\Windows\System32\atmfd.dll
2018-03-09 18:12:07 71680 ----a-w- C:\Windows\SysWow64\fontsub.dll
2018-03-09 18:11:42 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2018-03-09 18:07:45 152064 ----a-w- C:\Windows\System32\t2embed.dll
2018-03-09 18:07:21 41472 ----a-w- C:\Windows\System32\lpk.dll
2018-03-09 18:07:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2018-03-09 18:06:41 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-03-09 18:06:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
2018-03-09 17:31:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2018-03-06 18:13:57 148160 ----a-w- C:\Windows\SysWow64\basecsp.dll
2018-03-06 18:11:54 52224 ----a-w- C:\Windows\SysWow64\wsnmp32.dll
2018-03-06 18:11:35 184320 ----a-w- C:\Windows\SysWow64\scksp.dll
2018-03-06 18:10:17 170176 ----a-w- C:\Windows\System32\basecsp.dll
2018-03-06 18:07:32 67072 ----a-w- C:\Windows\System32\wsnmp32.dll
2018-03-06 18:07:19 229376 ----a-w- C:\Windows\System32\scksp.dll
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 03:06:40 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
2018-02-10 18:23:37 111616 ----a-w- C:\Windows\SysWow64\racpldlg.dll
2018-02-10 18:23:27 2292224 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
.
============= FINISH: 11:28:35.83 ===============

I hope this is what you need and that I provided everything. I am wanting to check for any malware since I was hacked in 2016 and never did do a re-install

Attached Files

attach.txt (5.8 KB)

↧

Need help with MAC Virus.

May 12, 2018, 8:10 pm

≫ Next: Recent dramatic slowdown Win 7

≪ Previous: Malware removal help

Hey all. Tried to watch a stream of a sporting event. When clicking on event multiple windows popped up and continue to pop up trying to print something. Gives me some message saying to get Apple Support call this number (1-855-800-4335). I'm unable to restart successfully and kill the processes. I get an error message stating to continue restarting, quit safari (cancel or try again). I can only do a hard reboot, but when the system comes back up, it still has the multiple windows (20+) still open. Is there a way to kill the processes? My Norton Anti-Virus is popping up and stating it detected a vulnerability (Web Attack: JSCoinmir Download 6, Remote Port 80, Remote Address: ip-91-224-58-160.fibtel.net. The others are Attack:JSCoinmir Download 22, Remote Port 443, Remote Address: p16.coinhive.com. also p02, p02, p04, p05, p08, p09, p10, p11, p12, p13, and p14. Is there a way to kill this process (virus)?

↧

Recent dramatic slowdown Win 7

May 27, 2018, 9:41 am

≫ Next: Sudden MS announcement!

≪ Previous: Need help with MAC Virus.

Hi All

Please let me know if this should be moved to another section and I'll keep it brief till then
I'm not sure if this is malware or a software/machine issue
I have a similar post in the Windows 7 area -I have followed or alread had tried their suggestions before I posted here

The issue is speed, recently everything is taking noticeably longer
Open a program that in the past took a few seconds, now it can take 30-45 sec.
Command responses are ling enough I find myself re-clicking , not sure if the 1st (or 2nd ) one worked.

Avira scans show nothing

I'm using A Dell latitude, quad core I5 , 4 GIG RAM running Windows 7 64 bit Office 2007 suite and Avira security software

This is simply a work machine -no gaming, I spend a lot of time in the Office suite & opening a new Word doc, or Excel spreadsheet may take 30 -40 seconds.
I'm noticing similar speed issues online, a fair amount of "timed out" requests when opening web pages/documents.
We use an online customer management suite "Asana" & the speed issue is noticed.
Note - others running similar Dell laptops ( I bought several for work a few years back) are not having these issues

I've read the STICKY and run the DDS scan and requested, the 2 logs are inserted and attached here

Thank you for your help

Bob
DDS Text below
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.19003 BrowserJavaVersion: 11.151.2
Run by User at 12:24:12 on 2018-05-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1663 [GMT -4:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.dell.com
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL
BHO: AviraBrowserSafety.BrowserSafety: {c3c77255-42c0-499f-b664-6e981a0b1647} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office16\lync.exe" /fromrunkey
uRun: [AutoStartVMA] C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} -
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9DD21924-B53B-40C3-BDE3-980EC2D759A0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DD21924-B53B-40C3-BDE3-980EC2D759A0}\2656C6B696E6E2037373 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9DD21924-B53B-40C3-BDE3-980EC2D759A0}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B6FC803A-149B-4B33-99C0-70BE4DDF12F8} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} -
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - <orphaned>
x64-Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jlao0ugq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.51\npGatewayNpapi-x64.dll
FF - plugin: C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.51\npGatewayNpapi.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_23_0_0_162.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\Windows\System32\drivers\avdevprot.sys [2017-9-21 64504]
R0 avusbflt;avusbflt;C:\Windows\System32\drivers\avusbflt.sys [2017-9-21 34128]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-6-20 28992]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-6-21 22128]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2017-9-21 35328]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2016-4-7 153784]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-6-20 249152]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2016-4-18 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2017-9-21 224472]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2017-9-21 224472]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2017-9-21 199912]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-5-22 451288]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2017-9-21 78600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2013-3-7 1044872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2013-3-7 37768]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2013-6-21 8192]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2016-4-19 741640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-10 382272]
R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\System32\drivers\UBSBM.sys [2015-8-5 24064]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\System32\drivers\UBUMAPI.sys [2015-8-5 92160]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-21 2595832]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2013-6-21 27760]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-3-7 47752]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-3-23 83560]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\System32\drivers\ubohci.sys [2015-8-5 132608]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2017-9-21 879128]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2017-9-21 1165320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2016-12-17 282112]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2018-2-10 41608]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2018-2-10 41208]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-4-19 110336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-5-9 116224]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-8-15 145736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-8-11 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-4-19 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-8-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2017-8-11 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-21 1255736]
.
=============== Created Last 30 ================
.
2018-05-19 14:02:48 -------- d-----w- C:\ProgramData\Dell Inc
2018-05-19 14:02:44 -------- d-----w- C:\ProgramData\SupportAssist
2018-05-10 23:12:10 244208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2018-05-05 02:11:53 -------- d-----w- C:\Users\User\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2018-05-11 08:05:20 199912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2018-05-09 18:12:07 141696960 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-04-23 00:35:16 708288 ----a-w- C:\Windows\System32\winload.efi
2018-04-23 00:35:15 5583552 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-04-23 00:35:13 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-04-23 00:35:13 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-04-23 00:12:01 4047040 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-04-23 00:12:01 3958464 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-04-23 00:10:11 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-04-23 00:07:13 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-04-22 23:44:08 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-04-22 23:41:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2018-04-22 23:41:01 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2018-04-22 23:41:01 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2018-04-22 23:41:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2018-04-22 23:41:01 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2018-04-22 23:41:00 70144 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2018-04-22 23:41:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2018-04-22 23:41:00 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2018-04-22 23:32:37 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-04-22 23:32:33 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-04-22 23:32:33 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-04-22 23:31:51 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-04-22 23:28:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-04-22 23:28:15 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-04-22 23:27:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-04-22 23:25:10 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-04-22 23:24:41 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2018-04-22 23:24:34 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-04-22 23:24:33 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-04-22 23:23:47 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-04-22 23:23:44 112640 ----a-w- C:\Windows\System32\smss.exe
2018-04-22 23:22:55 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-04-22 23:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-04-22 23:19:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-04-22 23:19:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-04-22 23:19:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-04-22 23:18:32 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-04-22 23:18:26 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-04-22 23:18:26 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-22 23:18:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-22 23:18:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-04-22 07:53:43 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-04-22 07:53:29 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-04-22 07:39:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-04-22 07:38:26 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-04-22 07:38:25 578048 ----a-w- C:\Windows\System32\vbscript.dll
2018-04-22 07:38:18 417280 ----a-w- C:\Windows\System32\html.iec
2018-04-22 07:37:49 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-04-22 07:32:36 5779456 ----a-w- C:\Windows\System32\jscript9.dll
2018-04-22 07:26:33 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-04-22 07:26:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-04-22 07:26:14 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-04-22 07:18:54 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-04-22 07:16:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-04-22 07:08:58 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-04-22 07:08:38 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-04-22 07:04:15 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-04-22 07:04:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-04-22 07:03:27 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-04-22 07:03:16 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-04-22 07:02:24 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-04-22 06:53:58 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-04-22 06:53:34 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-04-22 06:46:57 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-04-22 06:46:47 2135552 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-04-22 06:40:56 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-04-22 06:40:23 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-04-22 06:33:59 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-04-22 06:31:58 4496896 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-04-22 06:26:56 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-04-22 06:26:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-04-22 06:08:25 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-04-18 16:03:32 701952 ----a-w- C:\Windows\System32\hhctrl.ocx
2018-04-18 16:03:32 53248 ----a-w- C:\Windows\System32\hhsetup.dll
2018-04-18 15:51:41 523776 ----a-w- C:\Windows\SysWow64\hhctrl.ocx
2018-04-18 15:51:41 43008 ----a-w- C:\Windows\SysWow64\hhsetup.dll
2018-04-18 15:41:57 16896 ----a-w- C:\Windows\hh.exe
2018-04-18 15:35:36 15360 ----a-w- C:\Windows\SysWow64\hh.exe
2018-04-11 16:38:46 194048 ----a-w- C:\Windows\System32\itircl.dll
2018-04-11 16:38:46 170496 ----a-w- C:\Windows\System32\itss.dll
2018-04-11 16:36:01 158720 ----a-w- C:\Windows\SysWow64\itircl.dll
2018-04-11 16:36:01 142848 ----a-w- C:\Windows\SysWow64\itss.dll
2018-04-10 19:45:06 634272 ----a-w- C:\Windows\System32\winload.exe
2018-04-10 16:36:30 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2018-04-10 16:36:30 13312 ----a-w- C:\Windows\System32\sscore.dll
2018-04-10 16:35:28 1735168 ----a-w- C:\Windows\System32\comsvcs.dll
2018-04-10 16:34:49 525824 ----a-w- C:\Windows\System32\catsrvut.dll
2018-04-10 16:33:04 1241600 ----a-w- C:\Windows\SysWow64\comsvcs.dll
2018-04-10 16:32:58 487936 ----a-w- C:\Windows\SysWow64\catsrvut.dll
2018-04-10 16:00:12 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2018-04-10 15:54:03 3226112 ----a-w- C:\Windows\System32\win32k.sys
2018-04-10 15:48:01 464384 ----a-w- C:\Windows\System32\drivers\srv.sys
2018-04-10 15:47:34 406016 ----a-w- C:\Windows\System32\drivers\srv2.sys
2018-04-10 15:47:17 169984 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2018-04-07 16:41:15 371392 ----a-w- C:\Windows\System32\clfs.sys
2018-03-18 22:16:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2018-03-18 22:11:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2018-03-14 17:16:24 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2018-03-14 17:14:44 135360 ----a-w- C:\Windows\System32\CompatTelRunner.exe
.
============= FINISH: 12:25:30.24 ===============

Attached Files

attach.txt (5.1 KB)

↧