I have a problem with pop up ads where when a pop up sometimes occurs it redirects to unwanted ads not where it supposed to pop up to. I know this came from a free download I did and even though I realized fairly quickly what it was it got on my system and infected it. It has installed something somewhere that causes redirection of pop ups.
I have done all normal advertised steps and repeated:
AdwCleaner
Malwarebytes Anti-Malware Free
HitmanPro
Reset browsers to default and rebooted.
I think these programs and steps have done something but something is still present as sometimes when a pop up occurs it redirects to unwanted ads. Probably making a new user would solve I think but would be good to solve it on this user. I know if the right file was deleted it would be gone but I do not know where it is and I am running out of steps to follow.
Anyone have some experience with where it might be and how to remove it? Thank you in advance.
Here is what I was advised to provide to you:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by theun at 2:44:34 on 2016-11-27
Microsoft Windows 10 Pro 10.0.14393.0.1252.44.1033.18.3918.1000 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG\Av\avgrsa.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skdh8821.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [EE Prosumer ModemListener] C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ModemListener.exe start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0E13DCB2-D079-49C7-AD08-DB4B89350786} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{12c77793-624f-40c6-98fb-26cdf5780080} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ed23349-6bc2-4068-805c-2c152fc1ab09} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94eafdf7-98ab-42b6-84cc-2dbd2e4bf9cd} : DHCPNameServer = 172.20.10.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} -
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Skd8821] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913\
FF - prefs.js: browser.startup.homepage - outlook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2016-6-1 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2016-6-1 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-6-1 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-9-10 46368]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-9-10 27008]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-2-23 65408]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-25 54736]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
.
=============== Created Last 30 ================
.
2016-11-26 03:34:41 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys
2016-11-26 03:34:38 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2016-11-26 03:34:36 -------- d-----w- C:\Users\theun\AppData\Local\Zemana
2016-11-25 23:53:18 -------- d-----w- C:\Users\theun\AppData\Roaming\TeamViewer
2016-11-25 04:18:20 -------- d--h--w- C:\OneDriveTemp
2016-11-25 03:35:23 54736 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
2016-11-25 03:35:00 -------- d-----w- C:\ProgramData\HitmanPro
2016-11-25 03:31:04 -------- d-----w- C:\AdwCleaner
2016-11-25 01:28:25 -------- d-----w- C:\Users\theun\AppData\Local\Programs
2016-11-23 23:41:33 -------- d-----w- C:\Users\theun\AppData\Local\LogMeIn Rescue Applet
2016-11-18 14:31:22 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-11-10 16:10:07 -------- d-----w- C:\Program Files\iPod
2016-11-10 16:09:42 -------- d---a-w- C:\Program Files\iTunes
2016-11-08 21:45:55 65536 ----a-w- C:\WINDOWS\SysWow64\wininetlui.dll
2016-11-08 21:44:59 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-11-08 21:33:09 2104320 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-11-08 21:31:59 659968 ----a-w- C:\Program Files\Windows NT\TableTextService\TableTextService.dll
2016-11-08 21:30:57 4130432 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-11-08 21:28:55 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-11-08 21:27:57 714592 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2016-10-30 07:28:00 29432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-10-30 07:25:36 380192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-10-30 07:18:24 209104 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-10-28 14:17:08 498952 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2016-10-28 14:17:08 1557808 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2016-10-28 14:17:08 1472536 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-10-28 14:17:07 1990648 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-10-28 14:17:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-28 14:17:04 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-28 14:17:03 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-10-28 14:15:58 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
.
==================== Find3M ====================
.
2016-11-27 00:55:52 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-11-02 12:01:41 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-11-02 12:01:37 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2016-11-02 11:22:59 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2016-11-02 11:22:59 1570672 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-11-02 11:20:37 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-11-02 11:20:36 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-11-02 11:15:35 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-11-02 11:15:33 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-11-02 11:14:00 7816544 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-11-02 11:13:51 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-11-02 11:13:51 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-11-02 11:13:47 1883784 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-11-02 11:13:43 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2016-11-02 11:13:36 423776 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-11-02 11:12:57 341344 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-11-02 11:12:35 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2016-11-02 11:12:07 376672 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-11-02 11:10:44 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-11-02 11:08:52 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-11-02 11:08:43 186424 ----a-w- C:\WINDOWS\SysWow64\weretw.dll
2016-11-02 11:08:01 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-11-02 11:08:00 602464 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-11-02 11:05:53 6657176 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:05:40 951904 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-11-02 11:05:29 405856 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-11-02 11:05:13 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-11-02 11:04:46 596832 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
2016-11-02 11:04:36 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-11-02 11:04:08 2678056 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-11-02 11:02:55 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2016-11-02 11:02:53 238056 ----a-w- C:\WINDOWS\System32\weretw.dll
2016-11-02 11:02:31 848736 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-11-02 11:02:31 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-11-02 11:01:37 1425000 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-11-02 11:01:31 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2016-11-02 11:01:30 1415744 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-11-02 11:01:28 545936 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-11-02 11:01:20 1263856 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-11-02 11:01:00 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-11-02 11:00:30 8156080 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:00:17 534096 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2016-11-02 11:00:17 1061968 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-11-02 11:00:06 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-11-02 10:59:45 4673304 ----a-w- C:\WINDOWS\explorer.exe
2016-11-02 10:56:52 1609920 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-11-02 10:56:50 322912 ----a-w- C:\WINDOWS\System32\input.dll
2016-11-02 10:56:42 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-11-02 10:56:39 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-11-02 10:56:38 1418312 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-11-02 10:55:52 48992 ----a-w- C:\WINDOWS\System32\drivers\iorate.sys
2016-11-02 10:50:35 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-11-02 10:49:47 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-11-02 10:49:42 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-11-02 10:49:20 32768 ----a-w- C:\WINDOWS\apppatch\AcWinRT.dll
2016-11-02 10:48:56 32768 ----a-w- C:\WINDOWS\SysWow64\efsext.dll
2016-11-02 10:48:24 88064 ----a-w- C:\WINDOWS\apppatch\AcXtrnal.dll
2016-11-02 10:48:00 95232 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2016-11-02 10:47:36 156672 ----a-w- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
2016-11-02 10:47:26 47104 ----a-w- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
2016-11-02 10:47:04 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-11-02 10:46:26 140288 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2016-11-02 10:45:49 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-11-02 10:45:37 331776 ----a-w- C:\WINDOWS\apppatch\AcLayers.dll
2016-11-02 10:45:17 492032 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.exe
2016-11-02 10:45:09 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-11-02 10:44:50 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-11-02 10:44:45 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-11-02 10:44:34 89088 ----a-w- C:\WINDOWS\SysWow64\AuthExt.dll
2016-11-02 10:43:53 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-11-02 10:43:43 198144 ----a-w- C:\WINDOWS\SysWow64\FSClient.dll
2016-11-02 10:43:29 731136 ----a-w- C:\WINDOWS\SysWow64\d3d8.dll
2016-11-02 10:42:55 549376 ----a-w- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
2016-11-02 10:42:48 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-11-02 10:42:44 306176 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2016-11-02 10:42:35 202752 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-02 10:42:32 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-11-02 10:42:22 506880 ----a-w- C:\WINDOWS\SysWow64\DevicePairing.dll
2016-11-02 10:42:19 632832 ----a-w- C:\WINDOWS\SysWow64\sud.dll
2016-11-02 10:41:26 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-11-02 10:40:36 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-02 10:40:34 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-11-02 10:40:21 548352 ----a-w- C:\WINDOWS\SysWow64\ddraw.dll
2016-11-02 10:39:53 236544 ----a-w- C:\WINDOWS\SysWow64\UIAnimation.dll
2016-11-02 10:39:24 348672 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2016-11-02 10:39:06 465920 ----a-w- C:\WINDOWS\SysWow64\LockAppBroker.dll
2016-11-02 10:38:52 760832 ----a-w- C:\WINDOWS\SysWow64\appwiz.cpl
2016-11-02 10:38:35 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-11-02 10:37:46 19415040 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-11-02 10:37:08 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2016-11-02 10:36:53 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2016-11-02 10:36:34 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-11-02 10:36:05 63488 ----a-w- C:\WINDOWS\SysWow64\ErrorDetailsUpdate.dll
2016-11-02 10:35:13 336896 ----a-w- C:\WINDOWS\SysWow64\msinfo32.exe
2016-11-02 10:34:44 327168 ----a-w- C:\WINDOWS\System32\microsoft-windows-system-events.dll
2016-11-02 10:34:23 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-11-02 10:34:11 15360 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcXtrnal.dll
2016-11-02 10:33:56 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-11-02 10:33:48 3307520 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-11-02 10:33:42 32768 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcWinRT.dll
.
============= FINISH: 2:47:21.16 ===============
I have done all normal advertised steps and repeated:
AdwCleaner
Malwarebytes Anti-Malware Free
HitmanPro
Reset browsers to default and rebooted.
I think these programs and steps have done something but something is still present as sometimes when a pop up occurs it redirects to unwanted ads. Probably making a new user would solve I think but would be good to solve it on this user. I know if the right file was deleted it would be gone but I do not know where it is and I am running out of steps to follow.
Anyone have some experience with where it might be and how to remove it? Thank you in advance.
Here is what I was advised to provide to you:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by theun at 2:44:34 on 2016-11-27
Microsoft Windows 10 Pro 10.0.14393.0.1252.44.1033.18.3918.1000 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG\Av\avgrsa.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skdh8821.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [EE Prosumer ModemListener] C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ModemListener.exe start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0E13DCB2-D079-49C7-AD08-DB4B89350786} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{12c77793-624f-40c6-98fb-26cdf5780080} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ed23349-6bc2-4068-805c-2c152fc1ab09} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94eafdf7-98ab-42b6-84cc-2dbd2e4bf9cd} : DHCPNameServer = 172.20.10.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} -
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Skd8821] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913\
FF - prefs.js: browser.startup.homepage - outlook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2016-6-1 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2016-6-1 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-6-1 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-9-10 46368]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-9-10 27008]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-2-23 65408]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-25 54736]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
.
=============== Created Last 30 ================
.
2016-11-26 03:34:41 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys
2016-11-26 03:34:38 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2016-11-26 03:34:36 -------- d-----w- C:\Users\theun\AppData\Local\Zemana
2016-11-25 23:53:18 -------- d-----w- C:\Users\theun\AppData\Roaming\TeamViewer
2016-11-25 04:18:20 -------- d--h--w- C:\OneDriveTemp
2016-11-25 03:35:23 54736 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
2016-11-25 03:35:00 -------- d-----w- C:\ProgramData\HitmanPro
2016-11-25 03:31:04 -------- d-----w- C:\AdwCleaner
2016-11-25 01:28:25 -------- d-----w- C:\Users\theun\AppData\Local\Programs
2016-11-23 23:41:33 -------- d-----w- C:\Users\theun\AppData\Local\LogMeIn Rescue Applet
2016-11-18 14:31:22 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-11-10 16:10:07 -------- d-----w- C:\Program Files\iPod
2016-11-10 16:09:42 -------- d---a-w- C:\Program Files\iTunes
2016-11-08 21:45:55 65536 ----a-w- C:\WINDOWS\SysWow64\wininetlui.dll
2016-11-08 21:44:59 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-11-08 21:33:09 2104320 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-11-08 21:31:59 659968 ----a-w- C:\Program Files\Windows NT\TableTextService\TableTextService.dll
2016-11-08 21:30:57 4130432 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-11-08 21:28:55 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-11-08 21:27:57 714592 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2016-10-30 07:28:00 29432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-10-30 07:25:36 380192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-10-30 07:18:24 209104 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-10-28 14:17:08 498952 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2016-10-28 14:17:08 1557808 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2016-10-28 14:17:08 1472536 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-10-28 14:17:07 1990648 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-10-28 14:17:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-28 14:17:04 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-28 14:17:03 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-10-28 14:15:58 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
.
==================== Find3M ====================
.
2016-11-27 00:55:52 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-11-02 12:01:41 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-11-02 12:01:37 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2016-11-02 11:22:59 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2016-11-02 11:22:59 1570672 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-11-02 11:20:37 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-11-02 11:20:36 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-11-02 11:15:35 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-11-02 11:15:33 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-11-02 11:14:00 7816544 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-11-02 11:13:51 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-11-02 11:13:51 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-11-02 11:13:47 1883784 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-11-02 11:13:43 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2016-11-02 11:13:36 423776 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-11-02 11:12:57 341344 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-11-02 11:12:35 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2016-11-02 11:12:07 376672 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-11-02 11:10:44 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-11-02 11:08:52 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-11-02 11:08:43 186424 ----a-w- C:\WINDOWS\SysWow64\weretw.dll
2016-11-02 11:08:01 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-11-02 11:08:00 602464 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-11-02 11:05:53 6657176 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:05:40 951904 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-11-02 11:05:29 405856 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-11-02 11:05:13 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-11-02 11:04:46 596832 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
2016-11-02 11:04:36 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-11-02 11:04:08 2678056 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-11-02 11:02:55 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2016-11-02 11:02:53 238056 ----a-w- C:\WINDOWS\System32\weretw.dll
2016-11-02 11:02:31 848736 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-11-02 11:02:31 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-11-02 11:01:37 1425000 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-11-02 11:01:31 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2016-11-02 11:01:30 1415744 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-11-02 11:01:28 545936 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-11-02 11:01:20 1263856 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-11-02 11:01:00 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-11-02 11:00:30 8156080 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:00:17 534096 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2016-11-02 11:00:17 1061968 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-11-02 11:00:06 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-11-02 10:59:45 4673304 ----a-w- C:\WINDOWS\explorer.exe
2016-11-02 10:56:52 1609920 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-11-02 10:56:50 322912 ----a-w- C:\WINDOWS\System32\input.dll
2016-11-02 10:56:42 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-11-02 10:56:39 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-11-02 10:56:38 1418312 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-11-02 10:55:52 48992 ----a-w- C:\WINDOWS\System32\drivers\iorate.sys
2016-11-02 10:50:35 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-11-02 10:49:47 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-11-02 10:49:42 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-11-02 10:49:20 32768 ----a-w- C:\WINDOWS\apppatch\AcWinRT.dll
2016-11-02 10:48:56 32768 ----a-w- C:\WINDOWS\SysWow64\efsext.dll
2016-11-02 10:48:24 88064 ----a-w- C:\WINDOWS\apppatch\AcXtrnal.dll
2016-11-02 10:48:00 95232 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2016-11-02 10:47:36 156672 ----a-w- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
2016-11-02 10:47:26 47104 ----a-w- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
2016-11-02 10:47:04 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-11-02 10:46:26 140288 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2016-11-02 10:45:49 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-11-02 10:45:37 331776 ----a-w- C:\WINDOWS\apppatch\AcLayers.dll
2016-11-02 10:45:17 492032 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.exe
2016-11-02 10:45:09 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-11-02 10:44:50 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-11-02 10:44:45 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-11-02 10:44:34 89088 ----a-w- C:\WINDOWS\SysWow64\AuthExt.dll
2016-11-02 10:43:53 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-11-02 10:43:43 198144 ----a-w- C:\WINDOWS\SysWow64\FSClient.dll
2016-11-02 10:43:29 731136 ----a-w- C:\WINDOWS\SysWow64\d3d8.dll
2016-11-02 10:42:55 549376 ----a-w- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
2016-11-02 10:42:48 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-11-02 10:42:44 306176 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2016-11-02 10:42:35 202752 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-02 10:42:32 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-11-02 10:42:22 506880 ----a-w- C:\WINDOWS\SysWow64\DevicePairing.dll
2016-11-02 10:42:19 632832 ----a-w- C:\WINDOWS\SysWow64\sud.dll
2016-11-02 10:41:26 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-11-02 10:40:36 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-02 10:40:34 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-11-02 10:40:21 548352 ----a-w- C:\WINDOWS\SysWow64\ddraw.dll
2016-11-02 10:39:53 236544 ----a-w- C:\WINDOWS\SysWow64\UIAnimation.dll
2016-11-02 10:39:24 348672 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2016-11-02 10:39:06 465920 ----a-w- C:\WINDOWS\SysWow64\LockAppBroker.dll
2016-11-02 10:38:52 760832 ----a-w- C:\WINDOWS\SysWow64\appwiz.cpl
2016-11-02 10:38:35 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-11-02 10:37:46 19415040 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-11-02 10:37:08 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2016-11-02 10:36:53 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2016-11-02 10:36:34 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-11-02 10:36:05 63488 ----a-w- C:\WINDOWS\SysWow64\ErrorDetailsUpdate.dll
2016-11-02 10:35:13 336896 ----a-w- C:\WINDOWS\SysWow64\msinfo32.exe
2016-11-02 10:34:44 327168 ----a-w- C:\WINDOWS\System32\microsoft-windows-system-events.dll
2016-11-02 10:34:23 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-11-02 10:34:11 15360 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcXtrnal.dll
2016-11-02 10:33:56 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-11-02 10:33:48 3307520 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-11-02 10:33:42 32768 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcWinRT.dll
.
============= FINISH: 2:47:21.16 ===============