In last couple day, comp start try 2 reach out from my comp out to random IPs (block by peerblock), go thru 1000s of ports from 1 internal IP. Only new thing install is bluestack android emulater. Also new 11-14 msft updates: "nov security monthly rollback..." and "win malicious sfot remove tool -
nov '17". I uninstall bluestack but ip attempt still continue.
Run scans: Norton AV, super antispyware, MBAM and spybot sd - all come bak clean, no infect no rootkit, etc. Unfortunately no hav restore pt (sys restore somhow turn off at some pt in past w/o my know?) to go back to.
Try 2 connect 2 follwing IPs thousands time/minute (but only when internet adapter turn on. when i turn off, attempt stop, duno if important or obvious)
I do no know if some soft is attempt 2 update, or if infection, or what. Try 2 google info about IPs but only find generic amazon info, no hint what this could be
DDS contents as reqwuest:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838 BrowserJavaVersion: 11.151.2
Run by at 4:00:54 on 2017-11-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7112 [GMT -8:00]
.
AV: Norton Security Suite *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\muachost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.alienware.com/
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.2.7\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.2.7\coIEPlg.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Call this number using SideSync - <no file>
IE: Send image to &Bluetooth Device... - <no file>
IE: Send page to &Bluetooth Device... - <no file>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31343272-88BD-4405-B81D-B1ACE866391C} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://www.oracle.com/technetwork/java/index.html
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2017-11-15 193464]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\N360x64\160B020.007\symefasi64.sys [2017-11-15 1938584]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171108.001\BHDrvx64.sys [2017-11-9 1872024]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\160B020.007\ccsetx64.sys [2017-11-15 187544]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2017-7-18 30752]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-11-14 77432]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171115.001\IDSvia64.sys [2017-11-15 1056920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\160B020.007\ironx64.sys [2017-11-15 309984]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\160B020.007\symnets.sys [2017-11-15 566936]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-7-22 173472]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-12-11 98208]
R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2014-2-21 444648]
R2 DbxSvc;DbxSvc;C:\Windows\System32\DbxSvc.exe [2017-11-13 51016]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2014-6-17 28912]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-20 72216]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-11-14 6234056]
R2 N360;Norton 360;C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe [2017-11-15 326144]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-25 518080]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-26 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-10-25 460736]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-8-9 1153368]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-6-16 754784]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-10-23 158360]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2012-12-18 1617328]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-11-15 110016]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-11-15 46008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2017-11-15 253880]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-11-15 84256]
R3 mio;Master IO Filter Driver;C:\Windows\System32\drivers\mio.sys [2011-5-4 7680]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\neo_vpn.sys [2017-1-3 29744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2017-10-25 50624]
R3 nvvhci;NVVHCI Enumerator Service;C:\Windows\System32\drivers\nvvhci.sys [2017-10-26 57792]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-8-9 22600]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-18 14704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-1-3 143144]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2015-3-25 17720]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2017-8-7 36680]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-21 35104]
S3 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [2017-11-2 71512]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-21 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-1-3 143144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 I2cHkBurn;I2cHkBurn;C:\Windows\System32\drivers\I2cHkBurn.sys [2017-10-25 41760]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-11-14 116224]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-21 317480]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2014-7-10 16376]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-25 518080]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-10-25 30144]
S3 PAExec;PAExec;C:\Windows\PAExec.exe -service --> C:\Windows\PAExec.exe -service [?]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2015-9-30 50320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-9-14 19456]
S3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2012-9-20 180544]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2012-9-20 47168]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2017-5-18 166288]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2014-10-24 122368]
S3 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-2 5613328]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-9-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-10 1255736]
.
=============== File Associations ===============
.
FileExt: .js: Applications\atom.exe="C:\Users\\AppData\Local\atom\app-1.17.2\atom.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2017-11-16 06:53:25 566936 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symnets.sys
2017-11-16 06:53:25 468616 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symtdiv.sys
2017-11-16 06:53:25 24608 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symelam.sys
2017-11-16 06:53:25 1938584 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symefasi64.sys
2017-11-16 06:53:24 812696 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\srtsp64.sys
2017-11-16 06:53:24 49304 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\srtspx64.sys
2017-11-16 06:53:24 309984 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\ironx64.sys
2017-11-16 06:53:24 187544 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\ccsetx64.sys
2017-11-16 06:53:06 -------- d-----w- C:\Windows\System32\drivers\N360x64\160B020.007
2017-11-16 00:59:15 136312 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2017-11-16 00:59:04 927544 ----a-w- C:\Windows\System32\vulkan-1.dll
2017-11-16 00:59:04 798008 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2017-11-16 00:59:04 591160 ----a-w- C:\Windows\System32\vulkaninfo.exe
2017-11-16 00:59:04 490296 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2017-11-16 00:59:04 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-11-15 11:28:07 193464 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2017-11-15 11:28:05 110016 ----a-w- C:\Windows\System32\drivers\farflt.sys
2017-11-15 11:28:02 84256 ----a-w- C:\Windows\System32\drivers\mwac.sys
2017-11-15 11:28:02 46008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2017-11-15 11:28:02 253880 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2017-11-14 21:35:06 77432 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-11-14 21:34:49 -------- d-----w- C:\ProgramData\MB3CoreBackup
2017-11-13 10:26:48 51016 ----a-w- C:\Windows\System32\DbxSvc.exe
2017-11-13 10:26:48 45672 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2017-11-13 10:26:48 45640 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2017-11-13 10:26:48 45640 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys
2017-11-10 10:34:51 2023936 ----a-w- C:\Windows\System32\aitstatic.exe
2017-11-10 10:34:50 670208 ----a-w- C:\Windows\System32\generaltel.dll
2017-11-10 10:34:50 605184 ----a-w- C:\Windows\System32\aeinv.dll
2017-11-10 10:34:50 603648 ----a-w- C:\Windows\System32\devinv.dll
2017-11-10 10:34:50 407392 ----a-w- C:\Windows\System32\centel.dll
2017-11-10 10:34:50 370688 ----a-w- C:\Windows\System32\invagent.dll
2017-11-10 10:34:50 241664 ----a-w- C:\Windows\System32\aepic.dll
2017-11-10 10:34:50 181760 ----a-w- C:\Windows\System32\acmigration.dll
2017-11-10 10:34:50 1570304 ----a-w- C:\Windows\System32\appraiser.dll
2017-11-10 10:34:50 134376 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2017-11-03 05:04:37 -------- d-----w- C:\ShadowPlay
2017-11-02 09:15:19 -------- d-----w- C:\Users\\AppData\Roaming\Guild Wars 2
2017-10-31 08:06:19 1989056 ----a-w- C:\Windows\System32\nvdispco6438813.dll
2017-10-31 08:06:19 1673848 ----a-w- C:\Windows\System32\nvdispgenco6438813.dll
2017-10-29 19:59:48 -------- d---a-w- C:\Program Files (x86)\BlueStacks
2017-10-29 19:59:21 -------- d-----w- C:\Users\\AppData\Local\Bluestacks
2017-10-27 07:54:56 82040 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2017-10-27 07:54:55 7855841 ----a-w- C:\Windows\System32\nvcoproc.bin
2017-10-27 07:54:55 607352 ----a-w- C:\Windows\System32\nv3dappshext.dll
2017-10-27 07:54:55 2587584 ----a-w- C:\Windows\System32\nvsvc64.dll
2017-10-27 07:54:55 123000 ----a-w- C:\Windows\System32\nvshext.dll
2017-10-27 07:54:54 5960640 ----a-w- C:\Windows\System32\nvcpl.dll
2017-10-27 07:54:54 449472 ----a-w- C:\Windows\System32\nvmctray.dll
2017-10-27 07:54:54 1766336 ----a-w- C:\Windows\System32\nvsvcr.dll
2017-10-27 07:53:59 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-10-27 07:53:34 532088 ----a-w- C:\Windows\System32\OpenCL.dll
2017-10-27 07:53:34 437696 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2017-10-27 07:49:29 57792 ----a-w- C:\Windows\System32\drivers\nvvhci.sys
2017-10-27 07:49:12 45496 ----a-w- C:\Windows\System32\nvhdap64.dll
2017-10-27 07:49:12 225208 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2017-10-27 07:49:12 1615472 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2017-10-27 07:49:07 492232 ----a-w- C:\Windows\System32\nvumdshimx.dll
2017-10-27 07:49:07 22096064 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2017-10-27 07:49:07 19362944 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2017-10-27 07:48:58 36193912 ----a-w- C:\Windows\System32\nvoglv64.dll
2017-10-27 07:48:18 1606592 ----a-w- C:\Windows\System32\nvdispgenco6438800.dll
2017-10-27 07:48:16 1988032 ----a-w- C:\Windows\System32\nvdispco6438800.dll
2017-10-27 07:48:16 18207576 ----a-w- C:\Windows\System32\nvd3dumx.dll
2017-10-27 07:48:14 15027984 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2017-10-27 07:48:11 4284680 ----a-w- C:\Windows\System32\nvapi64.dll
2017-10-27 07:48:11 3798848 ----a-w- C:\Windows\SysWow64\nvapi.dll
2017-10-26 05:04:56 -------- d-----w- C:\Users\\AppData\Roaming\MSI
2017-10-26 05:02:47 -------- d-----w- C:\Users\\AppData\Roaming\NVIDIA
2017-10-26 05:00:57 -------- d-----w- C:\Windows\SysWow64\LiveUpdate
2017-10-25 21:48:15 918976 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2017-10-25 21:48:15 1796032 ----a-w- C:\Windows\System32\nvspcap64.dll
2017-10-25 21:48:15 1577920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2017-10-25 21:47:23 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-25 21:46:55 50624 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2017-10-25 21:43:22 11248 ----a-w- C:\Windows\acpimof.dll
2017-10-25 21:40:44 1692840 ----a-w- C:\Windows\SysWow64\muachost.exe
2017-10-25 21:40:40 41760 ----a-w- C:\Windows\System32\drivers\I2cHkBurn.sys
2017-10-25 21:40:40 31520 ----a-w- C:\Windows\System32\FintekIcon1.dll
2017-10-25 21:40:32 -------- d-----w- C:\Program Files (x86)\MSI
2017-10-25 21:40:32 -------- d-----w- C:\MSI
2017-10-25 21:40:26 -------- d-----w- C:\Users\\AppData\Local\NVIDIA Corporation
2017-10-25 21:39:35 186304 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2017-10-25 21:39:35 152512 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M ====================
.
2017-11-16 06:53:49 102600 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2017-11-14 20:19:00 127017032 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-11-14 09:47:24 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-11-14 09:47:24 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-10-25 21:27:16 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-10-25 21:27:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-10-25 21:27:15 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-10-25 21:27:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-10-20 20:18:39 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2017-10-18 02:06:57 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 02:06:46 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 02:06:40 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 02:06:40 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 02:06:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 02:06:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 02:06:35 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 22:34:01 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-14 08:23:45 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-10-14 08:23:37 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-10-14 08:12:05 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-10-14 08:11:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-10-14 08:11:27 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-10-14 08:11:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-10-14 08:11:00 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-10-14 08:09:27 5979648 ----a-w- C:\Windows\System32\jscript9.dll
2017-10-14 08:01:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-10-14 08:01:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-10-14 08:00:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-10-14 07:55:55 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-14 07:47:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-14 07:47:00 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-10-14 07:28:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-10-14 07:27:51 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-10-14 07:21:58 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-10-14 07:03:12 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-10-14 06:53:24 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-10-14 06:53:05 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-10-14 06:52:38 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-10-14 06:52:31 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-10-14 06:51:50 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-10-14 06:45:19 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-10-14 06:45:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-10-14 06:35:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-10-14 06:35:07 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-10-14 06:33:00 4542464 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-10-14 06:23:38 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-10-14 06:23:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-10-14 06:10:41 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2017-09-13 23:20:30 798008 ----a-w- C:\Windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20:14 490296 ----a-w- C:\Windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19:50 927544 ----a-w- C:\Windows\System32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19:38 591160 ----a-w- C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:33:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-09-13 15:32:36 706792 ----a-w- C:\Windows\System32\winload.efi
2017-09-13 15:32:35 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-09-13 15:32:33 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-09-13 15:32:33 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-09-13 15:31:56 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-09-13 15:27:59 731648 ----a-w- C:\Windows\System32\kerberos.dll
2017-09-13 15:13:35 4001512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-09-13 15:13:35 3945704 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-09-13 15:10:46 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-09-13 15:08:59 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2017-09-13 15:05:20 324608 ----a-w- C:\Windows\System32\drivers\nwifi.sys
2017-09-13 15:00:54 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-09-13 15:00:50 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-09-13 15:00:50 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-09-13 15:00:10 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-09-13 14:57:12 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-09-13 14:56:20 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-09-13 14:53:40 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-09-13 14:53:06 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-09-13 14:53:04 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-09-13 14:52:23 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-09-13 14:52:20 112640 ----a-w- C:\Windows\System32\smss.exe
2017-09-13 14:50:26 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-09-13 14:47:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-09-13 14:46:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-09-13 14:46:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-09-13 14:46:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-09-13 14:46:13 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-09-13 14:46:06 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 14:46:06 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 14:46:06 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
.
============= FINISH: 4:01:18.53 ===============
nov '17". I uninstall bluestack but ip attempt still continue.
Run scans: Norton AV, super antispyware, MBAM and spybot sd - all come bak clean, no infect no rootkit, etc. Unfortunately no hav restore pt (sys restore somhow turn off at some pt in past w/o my know?) to go back to.
Try 2 connect 2 follwing IPs thousands time/minute (but only when internet adapter turn on. when i turn off, attempt stop, duno if important or obvious)
Quote:
|
"ei du pont de nemours and co, inc" 52.35.84.242 52.42.120.251 "merit compuyter network" 35.166.159.188 |
DDS contents as reqwuest:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838 BrowserJavaVersion: 11.151.2
Run by at 4:00:54 on 2017-11-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7112 [GMT -8:00]
.
AV: Norton Security Suite *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\muachost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.alienware.com/
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.2.7\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.2.7\coIEPlg.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Call this number using SideSync - <no file>
IE: Send image to &Bluetooth Device... - <no file>
IE: Send page to &Bluetooth Device... - <no file>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31343272-88BD-4405-B81D-B1ACE866391C} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://www.oracle.com/technetwork/java/index.html
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2017-11-15 193464]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\N360x64\160B020.007\symefasi64.sys [2017-11-15 1938584]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171108.001\BHDrvx64.sys [2017-11-9 1872024]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\160B020.007\ccsetx64.sys [2017-11-15 187544]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2017-7-18 30752]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-11-14 77432]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171115.001\IDSvia64.sys [2017-11-15 1056920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\160B020.007\ironx64.sys [2017-11-15 309984]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\160B020.007\symnets.sys [2017-11-15 566936]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-7-22 173472]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-12-11 98208]
R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2014-2-21 444648]
R2 DbxSvc;DbxSvc;C:\Windows\System32\DbxSvc.exe [2017-11-13 51016]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2014-6-17 28912]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-20 72216]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-11-14 6234056]
R2 N360;Norton 360;C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe [2017-11-15 326144]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-25 518080]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-26 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-10-25 460736]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-8-9 1153368]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-6-16 754784]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-10-23 158360]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2012-12-18 1617328]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-11-15 110016]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-11-15 46008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2017-11-15 253880]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-11-15 84256]
R3 mio;Master IO Filter Driver;C:\Windows\System32\drivers\mio.sys [2011-5-4 7680]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\neo_vpn.sys [2017-1-3 29744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2017-10-25 50624]
R3 nvvhci;NVVHCI Enumerator Service;C:\Windows\System32\drivers\nvvhci.sys [2017-10-26 57792]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-8-9 22600]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-18 14704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-1-3 143144]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2015-3-25 17720]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2017-8-7 36680]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-21 35104]
S3 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [2017-11-2 71512]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-21 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-1-3 143144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 I2cHkBurn;I2cHkBurn;C:\Windows\System32\drivers\I2cHkBurn.sys [2017-10-25 41760]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-11-14 116224]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-21 317480]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2014-7-10 16376]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-25 518080]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-10-25 30144]
S3 PAExec;PAExec;C:\Windows\PAExec.exe -service --> C:\Windows\PAExec.exe -service [?]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2015-9-30 50320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-9-14 19456]
S3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2012-9-20 180544]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2012-9-20 47168]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2017-5-18 166288]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2014-10-24 122368]
S3 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-2 5613328]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-9-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-10 1255736]
.
=============== File Associations ===============
.
FileExt: .js: Applications\atom.exe="C:\Users\\AppData\Local\atom\app-1.17.2\atom.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2017-11-16 06:53:25 566936 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symnets.sys
2017-11-16 06:53:25 468616 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symtdiv.sys
2017-11-16 06:53:25 24608 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symelam.sys
2017-11-16 06:53:25 1938584 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\symefasi64.sys
2017-11-16 06:53:24 812696 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\srtsp64.sys
2017-11-16 06:53:24 49304 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\srtspx64.sys
2017-11-16 06:53:24 309984 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\ironx64.sys
2017-11-16 06:53:24 187544 ----a-w- C:\Windows\System32\drivers\N360x64\160B020.007\ccsetx64.sys
2017-11-16 06:53:06 -------- d-----w- C:\Windows\System32\drivers\N360x64\160B020.007
2017-11-16 00:59:15 136312 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2017-11-16 00:59:04 927544 ----a-w- C:\Windows\System32\vulkan-1.dll
2017-11-16 00:59:04 798008 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2017-11-16 00:59:04 591160 ----a-w- C:\Windows\System32\vulkaninfo.exe
2017-11-16 00:59:04 490296 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2017-11-16 00:59:04 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-11-15 11:28:07 193464 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2017-11-15 11:28:05 110016 ----a-w- C:\Windows\System32\drivers\farflt.sys
2017-11-15 11:28:02 84256 ----a-w- C:\Windows\System32\drivers\mwac.sys
2017-11-15 11:28:02 46008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2017-11-15 11:28:02 253880 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2017-11-14 21:35:06 77432 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-11-14 21:34:49 -------- d-----w- C:\ProgramData\MB3CoreBackup
2017-11-13 10:26:48 51016 ----a-w- C:\Windows\System32\DbxSvc.exe
2017-11-13 10:26:48 45672 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2017-11-13 10:26:48 45640 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2017-11-13 10:26:48 45640 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys
2017-11-10 10:34:51 2023936 ----a-w- C:\Windows\System32\aitstatic.exe
2017-11-10 10:34:50 670208 ----a-w- C:\Windows\System32\generaltel.dll
2017-11-10 10:34:50 605184 ----a-w- C:\Windows\System32\aeinv.dll
2017-11-10 10:34:50 603648 ----a-w- C:\Windows\System32\devinv.dll
2017-11-10 10:34:50 407392 ----a-w- C:\Windows\System32\centel.dll
2017-11-10 10:34:50 370688 ----a-w- C:\Windows\System32\invagent.dll
2017-11-10 10:34:50 241664 ----a-w- C:\Windows\System32\aepic.dll
2017-11-10 10:34:50 181760 ----a-w- C:\Windows\System32\acmigration.dll
2017-11-10 10:34:50 1570304 ----a-w- C:\Windows\System32\appraiser.dll
2017-11-10 10:34:50 134376 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2017-11-03 05:04:37 -------- d-----w- C:\ShadowPlay
2017-11-02 09:15:19 -------- d-----w- C:\Users\\AppData\Roaming\Guild Wars 2
2017-10-31 08:06:19 1989056 ----a-w- C:\Windows\System32\nvdispco6438813.dll
2017-10-31 08:06:19 1673848 ----a-w- C:\Windows\System32\nvdispgenco6438813.dll
2017-10-29 19:59:48 -------- d---a-w- C:\Program Files (x86)\BlueStacks
2017-10-29 19:59:21 -------- d-----w- C:\Users\\AppData\Local\Bluestacks
2017-10-27 07:54:56 82040 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2017-10-27 07:54:55 7855841 ----a-w- C:\Windows\System32\nvcoproc.bin
2017-10-27 07:54:55 607352 ----a-w- C:\Windows\System32\nv3dappshext.dll
2017-10-27 07:54:55 2587584 ----a-w- C:\Windows\System32\nvsvc64.dll
2017-10-27 07:54:55 123000 ----a-w- C:\Windows\System32\nvshext.dll
2017-10-27 07:54:54 5960640 ----a-w- C:\Windows\System32\nvcpl.dll
2017-10-27 07:54:54 449472 ----a-w- C:\Windows\System32\nvmctray.dll
2017-10-27 07:54:54 1766336 ----a-w- C:\Windows\System32\nvsvcr.dll
2017-10-27 07:53:59 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-10-27 07:53:34 532088 ----a-w- C:\Windows\System32\OpenCL.dll
2017-10-27 07:53:34 437696 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2017-10-27 07:49:29 57792 ----a-w- C:\Windows\System32\drivers\nvvhci.sys
2017-10-27 07:49:12 45496 ----a-w- C:\Windows\System32\nvhdap64.dll
2017-10-27 07:49:12 225208 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2017-10-27 07:49:12 1615472 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2017-10-27 07:49:07 492232 ----a-w- C:\Windows\System32\nvumdshimx.dll
2017-10-27 07:49:07 22096064 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2017-10-27 07:49:07 19362944 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2017-10-27 07:48:58 36193912 ----a-w- C:\Windows\System32\nvoglv64.dll
2017-10-27 07:48:18 1606592 ----a-w- C:\Windows\System32\nvdispgenco6438800.dll
2017-10-27 07:48:16 1988032 ----a-w- C:\Windows\System32\nvdispco6438800.dll
2017-10-27 07:48:16 18207576 ----a-w- C:\Windows\System32\nvd3dumx.dll
2017-10-27 07:48:14 15027984 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2017-10-27 07:48:11 4284680 ----a-w- C:\Windows\System32\nvapi64.dll
2017-10-27 07:48:11 3798848 ----a-w- C:\Windows\SysWow64\nvapi.dll
2017-10-26 05:04:56 -------- d-----w- C:\Users\\AppData\Roaming\MSI
2017-10-26 05:02:47 -------- d-----w- C:\Users\\AppData\Roaming\NVIDIA
2017-10-26 05:00:57 -------- d-----w- C:\Windows\SysWow64\LiveUpdate
2017-10-25 21:48:15 918976 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2017-10-25 21:48:15 1796032 ----a-w- C:\Windows\System32\nvspcap64.dll
2017-10-25 21:48:15 1577920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2017-10-25 21:47:23 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-25 21:46:55 50624 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2017-10-25 21:43:22 11248 ----a-w- C:\Windows\acpimof.dll
2017-10-25 21:40:44 1692840 ----a-w- C:\Windows\SysWow64\muachost.exe
2017-10-25 21:40:40 41760 ----a-w- C:\Windows\System32\drivers\I2cHkBurn.sys
2017-10-25 21:40:40 31520 ----a-w- C:\Windows\System32\FintekIcon1.dll
2017-10-25 21:40:32 -------- d-----w- C:\Program Files (x86)\MSI
2017-10-25 21:40:32 -------- d-----w- C:\MSI
2017-10-25 21:40:26 -------- d-----w- C:\Users\\AppData\Local\NVIDIA Corporation
2017-10-25 21:39:35 186304 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2017-10-25 21:39:35 152512 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M ====================
.
2017-11-16 06:53:49 102600 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2017-11-14 20:19:00 127017032 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-11-14 09:47:24 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-11-14 09:47:24 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-10-25 21:27:16 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-10-25 21:27:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-10-25 21:27:15 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-10-25 21:27:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-10-20 20:18:39 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2017-10-18 02:06:57 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 02:06:46 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 02:06:40 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 02:06:40 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 02:06:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 02:06:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 02:06:35 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 22:34:01 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-14 08:23:45 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-10-14 08:23:37 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-10-14 08:12:05 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-10-14 08:11:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-10-14 08:11:27 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-10-14 08:11:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-10-14 08:11:00 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-10-14 08:09:27 5979648 ----a-w- C:\Windows\System32\jscript9.dll
2017-10-14 08:01:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-10-14 08:01:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-10-14 08:00:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-10-14 07:55:55 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-14 07:47:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-14 07:47:00 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-10-14 07:28:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-10-14 07:27:51 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-10-14 07:21:58 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-10-14 07:03:12 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-10-14 06:53:24 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-10-14 06:53:05 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-10-14 06:52:38 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-10-14 06:52:31 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-10-14 06:51:50 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-10-14 06:45:19 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-10-14 06:45:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-10-14 06:35:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-10-14 06:35:07 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-10-14 06:33:00 4542464 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-10-14 06:23:38 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-10-14 06:23:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-10-14 06:10:41 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2017-09-13 23:20:30 798008 ----a-w- C:\Windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20:14 490296 ----a-w- C:\Windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19:50 927544 ----a-w- C:\Windows\System32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19:38 591160 ----a-w- C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:33:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-09-13 15:32:36 706792 ----a-w- C:\Windows\System32\winload.efi
2017-09-13 15:32:35 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-09-13 15:32:33 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-09-13 15:32:33 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-09-13 15:31:56 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-09-13 15:27:59 731648 ----a-w- C:\Windows\System32\kerberos.dll
2017-09-13 15:13:35 4001512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-09-13 15:13:35 3945704 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-09-13 15:10:46 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-09-13 15:08:59 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2017-09-13 15:05:20 324608 ----a-w- C:\Windows\System32\drivers\nwifi.sys
2017-09-13 15:00:54 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-09-13 15:00:50 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-09-13 15:00:50 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-09-13 15:00:10 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-09-13 14:57:12 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-09-13 14:56:20 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-09-13 14:53:40 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-09-13 14:53:06 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-09-13 14:53:04 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-09-13 14:52:23 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-09-13 14:52:20 112640 ----a-w- C:\Windows\System32\smss.exe
2017-09-13 14:50:26 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-09-13 14:47:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-09-13 14:46:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-09-13 14:46:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-09-13 14:46:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-09-13 14:46:13 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-09-13 14:46:06 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 14:46:06 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 14:46:06 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
.
============= FINISH: 4:01:18.53 ===============