Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Do I have a (rootkit) virus?

This is a discussion on Do I have a (rootkit) virus? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello there! First of all, thanks ahead for time spent helping me with my problem, it is truly appreciated! So,


 
 
Thread Tools Search this Thread
Old 05-06-2017, 04:46 PM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 7
OS: Windows 10



Hello there!

First of all, thanks ahead for time spent helping me with my problem, it is truly appreciated!

So, onto my problem..

Since a short period of barely 2 weeks my RAM usage has been sky-high. I have a total of 16GB memory, which has never let me down in the over 3 years that I've used it. During usage of my computer, my memory has normally (in idle situations) never really exceeded 20%, except recently it idles between 40-70%. Sometimes it even spikes up to 80-90% and occasionally it sits at 98-100%; which basically makes my computer un-usable (as you can see on this image; nothing using much memory, yet sitting at 98%). Whenever I reboot my computer, the problem 'resets' itself and after boot it sits on 40-70% again (rarely it sits on 98-100% again after rebooting!).

To add to this; I've also had a few blue screen crashes (which I normally never get). I have pictures of my phone of the stop codes and 'what failed' (I can supply the information if needed). The last time it crashed (6 days ago), it could not boot and wanted to do an automatic repair, after which booting succeeded. After this I used the program "WhoCrashed" to find out what the problem was, I have the logs from that saved on my desktop and can attach them if needed.

At first I thought it was a memory leak caused by a driver, but after reviewing/updating my drivers, the problem didn't go away and it didn't make sense (to me) that the problem re-occured after a reboot. I highly doubt my RAM sticks are broken, which caused me to search on the internet. After some research I found more and more 'results' regarding rootkit virusses and where they would be located/their actions. Seeing results about these virusses hiding in memory, made me 'paranoid' about the situation.

I've tried some programs on detecting a potential virus (TDSSKiller, GMER), including some 'manual' solutions such as checking bootlogs for weird stuff, but I found that I simply don't know enough about Windows 10 or this subject to find the potential issue. There were some odd results, however I decided not to post/attach the logs, as the 'instructions' topic requests "only attach the logs we've requested".

In addition; when installing my Windows 10 on my new SSD, I burned a disc with a Windows 10 ISO file. I guess this means that I do have access to a Windows boot disc (if it's the same thing?); however I really see using this as a last resort.

TL;DR: strange high memory usage on my computer, not sure if it's a virus or something else.

Thanks ahead,

Rob


--> Below dds.scr (and in attachement) after some stupid issues with Windows only recognizing it as a CAD script...

======================
======================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.0 BrowserJavaVersion: 11.131.2
Run by Rob at 0:56:14 on 2017-05-07
Microsoft Windows 10 Home 10.0.15063.0.1252.31.1033.18.16325.11984 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan *Enabled/Updated* {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall *Enabled* {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Killer Networking\Network Manager\KillerService.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\program files\common files\mcafee\modulecore\modulecoreservice.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
C:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
C:\Windows\SysWoW64\vmnetdhcp.exe
C:\Windows\SysWoW64\vmnat.exe
C:\Windows\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\WINDOWS\system32\dashost.exe
C:\Windows\system32\mfevtps.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
C:\Windows\SearchIndexer.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\SysWoW64\muachost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\windows\system32\svchost.exe -k localservicepeernet -s p2pimsvc
c:\windows\system32\svchost.exe -k localservicepeernet -s PNRPsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\program files\common files\mcafee\modulecore\ModuleCoreService.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -s BITS
svchost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs -s Browser
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uProxyOverride = <local>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Akamai NetSession Interface] "C:\Users\Rob\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [RoccatKonePure] "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: Interfaces\{bf76f55c-b430-426e-8fc6-94fdb9e6c5a4} : DHCPNameServer = 172.18.12.1
TCP: Interfaces\{cf52085e-f5ae-4d14-93b5-e8e701f1fa70} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2016-8-2 923640]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2016-9-9 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 BfLwf;Killer Bandwidth Control;C:\WINDOWS\System32\drivers\bwcW10x64.sys [2016-1-22 144456]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2227312]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_393a4;CDPUserSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ClickToRunSvc;Klik-en-klaar-service van Microsoft Office;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-1-9 3801280]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 GamingApp_Service;GamingApp_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [2017-1-2 45008]
R2 GamingHotkey_Service;GamingHotkey_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2017-1-2 2019792]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2017-1-2 169432]
R2 Killer Service V2;Killer Service V2;C:\Program Files\Killer Networking\Network Manager\KillerService.exe [2016-1-28 454872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2017-5-1 188256]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [2017-2-5 994312]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe [2017-2-28 2054080]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2017-1-2 385112]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [2017-2-5 1551000]
R2 MSI_ActiveX_Service;MSI_ActiveX_Service;C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [2017-1-2 78776]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2017-1-2 105296]
R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2017-1-2 29728]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 492480]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-14 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-2 425408]
R2 OneSyncSvc_393a4;OneSyncSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 Origin Web Helper Service;Origin Web Helper Service;C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-1-2 3116440]
R2 PDFsam Manager;PDFsam Manager;C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [2015-11-13 1050224]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2017-1-2 1104304]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-3-18 335808]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2016-12-16 38272]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2017-1-2 339968]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2016-9-6 916040]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-3-18 141720]
R2 Windows Indexer;Windows Indexer;C:\Windows\SearchIndexer.exe [2017-3-27 64512]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_393a4;WpnUserService_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2016-9-9 88464]
R3 ClientAnalyticsService;ClientAnalyticsService;C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [2017-1-2 1752992]
R3 I2cHkBurn;I2cHkBurn;C:\WINDOWS\System32\drivers\I2cHkBurn.sys [2017-1-2 41760]
R3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e2xw10x64.sys [2017-3-18 145920]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2017-1-2 41088]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2016-8-2 487184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2016-8-2 366328]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2017-1-2 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2016-9-9 518704]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2017-1-19 498648]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110256]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2017-5-1 46240]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2017-1-2 343792]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2017-1-2 13368]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-14 47552]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2017-1-14 59448]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 tap-tb-0901;TunnelBear Adapter V9;C:\WINDOWS\System32\drivers\tap-tb-0901.sys [2016-10-17 38656]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2016-9-9 85048]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-2-22 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-3-18 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\WINDOWS\System32\drivers\CMUSBDAC.sys [2016-11-30 3792904]
S3 DevicesFlowUserSvc_393a4;DevicesFlowUserSvc_393a4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-1-9 1591264]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2017-1-2 207968]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2017-1-2 171632]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_393a4;MessagingService_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2017-1-19 109320]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-3-18 119296]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2017-1-2 13368]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 492480]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-5-1 30144]
S3 NVVADARM;NVIDIA Miracast Audio;C:\WINDOWS\System32\drivers\nvvadarm.sys [2017-1-2 39056]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2017-1-2 2147216]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 PimIndexMaintenanceSvc_393a4;PimIndexMaintenanceSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-3-18 104448]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-3-18 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UnistoreSvc_393a4;UnistoreSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UserDataSvc_393a4;UserDataSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-18 759808]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-18 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-05-06 21:17:50 -------- d-----w- C:\WINDOWS\pss
2017-05-06 21:02:39 134592 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2017-05-06 21:02:35 536864 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2017-05-06 21:02:35 525600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2017-05-06 21:02:35 254240 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2017-05-06 21:02:35 233760 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2017-05-06 21:02:35 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-05-06 21:02:17 -------- d-----w- C:\temp
2017-05-03 19:48:36 -------- d-----w- C:\Users\Rob\Valley
2017-05-03 19:47:51 -------- d-----w- C:\Program Files (x86)\Unigine
2017-05-01 12:19:35 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2017-05-01 12:18:30 1988216 ----a-w- C:\WINDOWS\System32\nvdispco6438189.dll
2017-05-01 12:18:30 1589880 ----a-w- C:\WINDOWS\System32\nvdispgenco6438189.dll
2017-05-01 12:10:57 -------- d---a-w- C:\Program Files\WhoCrashed
2017-04-29 20:24:39 -------- d-----w- C:\Users\Rob\AppData\Roaming\Jubler
2017-04-29 20:24:22 -------- d-----w- C:\Program Files\Jubler
2017-04-24 17:01:57 512960 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2017-04-24 17:01:57 420408 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2017-04-24 16:57:54 -------- d-----w- C:\Users\Rob\AppData\Roaming\MAXON
2017-04-23 21:53:33 1988032 ----a-w- C:\WINDOWS\System32\nvdispco6438165.dll
2017-04-23 21:53:33 1591352 ----a-w- C:\WINDOWS\System32\nvdispgenco6438165.dll
2017-04-23 21:41:43 153536 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2017-04-23 21:41:43 127424 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2017-04-23 12:48:19 110144 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
2017-04-19 00:15:42 447776 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-04-19 00:12:32 28408 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-04-19 00:04:32 207056 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-04-18 15:13:13 -------- d-----w- C:\Users\Rob\AppData\Roaming\TunnelBear
2017-04-18 15:13:13 -------- d-----w- C:\Users\Rob\AppData\Local\IsolatedStorage
2017-04-18 15:13:09 -------- d---a-w- C:\Program Files (x86)\TunnelBear
2017-04-15 21:28:52 9481728 ----a-w- C:\WINDOWS\System32\prm0013.dll
2017-04-15 21:28:50 543648 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-15 21:28:50 388000 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-04-15 21:28:32 -------- d-----w- C:\WINDOWS\System32\Microsoft
2017-04-15 21:28:32 -------- d-----w- C:\WINDOWS\ServiceProfiles
2017-04-15 11:42:58 -------- d-----w- C:\Users\Rob\AppData\Local\DBG
2017-04-15 11:42:54 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-04-15 11:42:12 -------- d-----w- C:\ProgramData\USOShared
2017-04-15 11:41:30 -------- d-----r- C:\Users\Rob\Music
2017-04-15 11:41:29 -------- d-----r- C:\Users\Rob\Videos
2017-04-15 11:41:29 -------- d-----r- C:\Users\Rob\Pictures
2017-04-15 11:41:21 -------- d-sh--we C:\ProgramData\Documents
2017-04-15 11:41:21 -------- d-sh--w- C:\Recovery
2017-04-15 11:36:40 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2017-04-15 11:36:40 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2017-04-15 11:33:09 2233344 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-15 11:30:59 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2017-04-13 15:55:12 -------- dc----w- C:\WINDOWS\Panther
2017-04-12 15:41:01 -------- d-----w- C:\Users\Rob\AppData\Local\UNP
2017-04-12 15:05:28 -------- d---a-w- C:\Program Files\UNP
2017-04-12 15:05:28 -------- d-----w- C:\WINDOWS\System32\UNP
2017-04-11 19:42:33 31232 ------w- C:\WINDOWS\System32\DdcWnsListener.dll
2017-04-11 19:42:33 261632 ------w- C:\WINDOWS\System32\indexeddbserver.dll
2017-04-10 16:09:41 -------- d-----w- C:\Users\Rob\AppData\Local\Jagex
2017-04-10 16:09:35 -------- d-----w- C:\ProgramData\Jagex
2017-04-10 16:08:37 -------- d-----w- C:\Program Files\Jagex
.
==================== Find3M ====================
.
2017-05-01 20:52:54 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 20:51:10 6437312 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2017-05-01 20:51:10 2479552 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2017-05-01 20:51:08 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2017-05-01 20:51:08 69752 ----a-w- C:\WINDOWS\System32\nvshext.dll
2017-05-01 20:51:08 548800 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2017-05-01 20:51:08 392312 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2017-05-01 20:51:08 1762752 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2017-04-26 05:40:34 1882048 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2017-04-26 05:40:34 1472960 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2017-04-26 05:40:33 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2017-04-26 05:40:33 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2017-04-26 05:40:33 121280 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2017-04-26 05:03:24 1951 ----a-w- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-04-25 21:11:41 7944687 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2017-04-25 15:02:11 348360 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.xtr
2017-04-25 15:02:11 348360 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2017-04-25 15:01:51 280904 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.ex0
2017-04-24 17:24:09 466456 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2017-04-24 17:24:09 444952 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2017-04-24 17:24:09 122904 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2017-04-24 17:24:09 109080 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2017-04-23 12:48:00 110144 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2017-04-23 12:47:43 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2017-04-20 01:59:14 59448 ----a-w- C:\WINDOWS\System32\drivers\nvvhci.sys
2017-04-15 21:28:04 8704 ----a-w- C:\WINDOWS\SysWow64\dpnhupnp.dll
2017-04-03 16:56:16 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-03 16:56:16 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-02 06:15:32 87904 ----a-w- C:\WINDOWS\System32\UNPUXWorker.exe
2017-03-28 03:32:48 47552 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2017-03-27 17:00:56 64512 ----a-w- C:\WINDOWS\SearchIndexer.exe
2017-03-26 18:35:58 76152 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2017-03-18 21:01:14 207872 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-03-18 21:01:13 230400 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-03-18 20:59:55 705024 ----a-w- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
2017-03-18 20:58:59 9728 ----a-w- C:\WINDOWS\SysWow64\nddeapi.dll
2017-03-18 20:57:58 97280 ----a-w- C:\WINDOWS\System32\WaaSAssessment.dll
2017-03-18 20:56:58 928712 ----a-w- C:\WINDOWS\SysWow64\mfreadwrite.dll
2017-03-18 11:40:24 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-03-18 11:40:23 140288 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-03-18 11:40:22 247200 ----a-w- C:\WINDOWS\System32\wdscore.dll
2017-03-18 11:40:21 846744 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2017-03-18 11:40:21 762784 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-03-18 11:40:21 206848 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2017-03-18 11:40:21 143776 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-03-18 11:40:21 133024 ----a-w- C:\WINDOWS\System32\SSShim.dll
2017-03-18 11:40:21 111616 ----a-w- C:\WINDOWS\System32\NetDriverInstall.dll
2017-03-18 05:54:00 2021680 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-03-18 05:46:20 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2017-03-18 05:45:24 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2017-03-18 05:44:56 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2017-03-18 05:40:28 276400 ----a-w- C:\WINDOWS\System32\wmpeffects.dll
2017-03-18 05:40:26 387416 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-18 05:11:52 1339352 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-03-18 05:09:30 8192 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2017-03-18 05:00:38 7168 ----a-w- C:\WINDOWS\System32\msdxm.ocx
2017-03-18 05:00:38 7168 ----a-w- C:\WINDOWS\System32\dxmasf.dll
2017-03-18 04:59:56 11264 ----a-w- C:\WINDOWS\System32\spwmp.dll
2017-03-18 04:59:52 2560 ----a-w- C:\WINDOWS\System32\wmerror.dll
2017-03-18 04:58:00 214528 ----a-w- C:\WINDOWS\System32\wmpdxm.dll
2017-03-18 04:57:26 249016 ----a-w- C:\WINDOWS\SysWow64\wmpeffects.dll
2017-03-18 04:57:26 153976 ----a-w- C:\WINDOWS\SysWow64\wmpps.dll
2017-03-18 04:56:26 9261568 ----a-w- C:\WINDOWS\System32\wmploc.DLL
2017-03-18 04:56:24 123904 ----a-w- C:\WINDOWS\System32\wmpshell.dll
2017-03-18 04:55:42 566272 ----a-w- C:\WINDOWS\System32\quickassist.exe
2017-03-18 04:54:52 231424 ----a-w- C:\WINDOWS\System32\unregmp2.exe
2017-03-18 04:44:58 5632 ----a-w- C:\WINDOWS\SysWow64\msdxm.ocx
2017-03-18 04:44:58 5632 ----a-w- C:\WINDOWS\SysWow64\dxmasf.dll
2017-03-18 04:44:14 9216 ----a-w- C:\WINDOWS\SysWow64\spwmp.dll
2017-03-18 04:44:10 2560 ----a-w- C:\WINDOWS\SysWow64\wmerror.dll
2017-03-18 04:42:36 172032 ----a-w- C:\WINDOWS\SysWow64\wmpdxm.dll
2017-03-18 04:41:12 100352 ----a-w- C:\WINDOWS\SysWow64\wmpshell.dll
2017-03-18 04:41:10 9261568 ----a-w- C:\WINDOWS\SysWow64\wmploc.DLL
2017-03-18 04:40:32 458752 ----a-w- C:\WINDOWS\SysWow64\quickassist.exe
2017-03-18 04:39:50 190976 ----a-w- C:\WINDOWS\SysWow64\unregmp2.exe
2017-03-18 03:00:30 44032 ----a-w- C:\WINDOWS\System32\msdxm.tlb
2017-03-18 03:00:30 18944 ----a-w- C:\WINDOWS\System32\amcompat.tlb
2017-03-18 02:52:46 44032 ----a-w- C:\WINDOWS\SysWow64\msdxm.tlb
2017-03-18 02:52:46 18944 ----a-w- C:\WINDOWS\SysWow64\amcompat.tlb
2017-03-10 21:17:28 525600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1-1-0-42-1.dll
2017-03-10 21:17:20 233760 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-42-1.exe
2017-03-10 21:17:14 536864 ----a-w- C:\WINDOWS\System32\vulkan-1-1-0-42-1.dll
2017-03-10 21:17:10 254240 ----a-w- C:\WINDOWS\System32\vulkaninfo-1-1-0-42-1.exe
2017-03-04 06:18:32 198656 ------w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2017-02-10 09:26:14 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2017-02-10 09:26:14 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2017-02-10 09:26:14 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2017-02-10 09:21:38 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2017-02-10 09:21:36 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2017-02-10 09:21:36 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 0:56:28,91 ===============
Attached Files
File Type: txt attach.txt (7.2 KB, 32 views)
W00dyR is offline  
Sponsored Links
Advertisement
 
Old 05-07-2017, 01:10 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything in your logs. It appears your problems are beyond malware.

To make sure...

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-07-2017, 05:59 PM   #3
Registered Member
 
Join Date: Jul 2015
Posts: 7
OS: Windows 10



Hello,

I am subscribed to the topic, thanks for the quick reply and sorry for my 'late' reply, ESET scanner required longer than I thought.

Quote:
Originally Posted by chemist View Post
I'm not seeing anything in your logs. It appears your problems are beyond malware.
With this I assume you mean that you don't expect the problem to be malware related, but caused by something else? Because my 'fear' is that its a potential rootkit virus that isn't detected by anti-malware systems...

-> I have ran Malwarebytes Anti-Malware, the logs are in the attachment (mbam_8-5-2017.txt). Strangely it found a browser hijacker, but I have never found it to be active inside my browser (perhaps some old malware that was never completely removed).
-> I have disabled McAfee real-time scanning, and ran ESET Online Scanner.
-> Results below (I will clarify some of them below)



C:\Users\Rob\AppData\Local\Temp\HYD9BE0.tmp.1494110332\HTA\install.1494110332.zip a variant of Win32/FusionCore.K potentially unwanted application
C:\Users\Rob\AppData\Local\Temp\HYD9BE0.tmp.1494110332\HTA\3rdparty\FS.dll a variant of Win32/FusionCore.K potentially unwanted application
E:\Downloads\camstudio.exe a variant of Win32/InstallCore.AFW potentially unwanted application
E:\Downloads\CheatEngine66.exe a variant of Win32/FusionCore.I potentially unwanted application
E:\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application
E:\Downloads\wk-setup.exe multiple threats,a variant of Win32/KeyLogger.eMatrixSoft.B application,a variant of Win32/KeyLogger.eMatrixSoft.A application
E:\Downloads\wk-setup.zip multiple threats,a variant of Win32/KeyLogger.eMatrixSoft.B application,a variant of Win32/KeyLogger.eMatrixSoft.A application
E:\Downloads\Downloads\cnet_GhostMouse-Setup_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
E:\Downloads\Downloads\FreeYouTubeToMP3Converter.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
E:\Downloads\Downloads\pf-setup-en-653.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,Win32/Bundled.Toolbar.Ask potentially unsafe application
E:\Downloads\Downloads\rpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Downloads\Downloads\SoftonicDownloader_for_age-of-empires-ii.exe Win32/SoftonicDownloader potentially unwanted application
E:\Downloads\Downloads\SoftonicDownloader_voor_funny-voice.exe Win32/SoftonicDownloader.A potentially unwanted application
E:\Downloads\Downloads\SoftonicDownloader_voor_volvo-the-game.exe Win32/SoftonicDownloader.D potentially unwanted application
E:\Downloads\Downloads\Sony478091.rar a variant of Win32/Keygen.HU potentially unsafe application
E:\Downloads\Programmas\Sony Vegas Pro 12 Patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\Downloads\Programmas\Leatrix\Configurable_Injector.exe MSIL/DllInject.D potentially unsafe application
E:\Downloads\Programmas\Sony Vegas Pro 12 Patch\Sony Vegas Pro 12 Patch\Sony Vegas Pro 12 Patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
F:\Program Files (x86)\Cheat Engine 6.6\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6A33A73C-045D-FB73-352C-D27EB76B4B27_1d1f95ebd6c2f84 a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application
F:\Users\Rob\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
F:\Users\Rob\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application
F:\Windows KAN WEG\Installer\8cd11.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application



Clarifying about some facts (I know you are not here to judge, however some things might make more sense after some clarification).

- Everything in 'E:\Downloads' is part of an backup from when I was still using Windows 7. All the .exe files (including the DllInject / Vegas patch) have not been used for quite a while, and have been in this folder for quite some years now (still needs cleaning up). So I doubt they are related to the problem.
- Everything on 'F:\' drive are remnants of a previous Windows 7 installation, that has not been active for a while now (still need to format that SSD when I have time to sort things out).

Once again, thanks ahead for your help!

- Rob
W00dyR is offline  
Sponsored Links
Advertisement
 
Old 05-08-2017, 06:02 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Erm, I don't see an attachment.

You don't have a rootkit, and I'm not seeing any signs of infection.

I suggest you seek expert advice in our Windows 10 Support Forum or Hardware Support Forum or BSOD, App Crashes And Hangs Forum

Let them know you were here first and were cleared of malware.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-10-2017, 05:37 AM   #5
Registered Member
 
Join Date: Jul 2015
Posts: 7
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Erm, I don't see an attachment.
I guess something went wrong; I have now attached it.

Quote:
Originally Posted by chemist View Post
You don't have a rootkit, and I'm not seeing any signs of infection.

I suggest you seek expert advice in our Windows 10 Support Forum or Hardware Support Forum or BSOD, App Crashes And Hangs Forum

Let them know you were here first and were cleared of malware.
I'll visit the Windows 10 support forum I guess, as I see it most fitting.

Thank you very much for your help!
Attached Files
File Type: txt mbam_8-5-2017.txt (1.4 KB, 37 views)
W00dyR is offline  
Old 05-11-2017, 08:41 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Hope you get it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit virus
i have been dealing with error messages with host process for windows services and I have been thinking there is a chance of a rootkit virus. well I downloaded MBAR and I have received a message that reads what should I do? Here is my Hijackthis log: Logfile of Trend Micro HijackThis...
Hampshire178 Inactive Malware Help Topics 2 10-24-2013 10:23 AM
Virus slowing down my PC and blocking me out to remove it.
Hi. I've been having this problem with a virus for sometime now it is slowing down my computer blocks me to use famous antiviruses websites and i keep getting this msg telling me that MBAM cough a Trojan.Downloader virus in system32 i keep getting it like every 15 minutes and i have alot of...
Znoti Resolved HJT Threads 15 04-18-2012 02:49 PM
AVG System Tray/Software Issues
Hi and thanks in advance for any help anyone can provide. Just yesterday I was simply browsing the internet (nothing dodgy or malicious, atleast I thought) and an error message popped up saying that windows explorer had crashed, then I realised the AVG icon was removed from the system tray. ...
Ralph123 Resolved HJT Threads 18 10-22-2011 08:18 PM
I need help with rootkit virus
A few days ago I try to g00gle search and i was redirected to wrong site. After doing some research, i found out I had a virus problem. After running a few antivirus scan, i was able to remove a few, But the computer was still having issues. I ran combo fix and it picked up a rootkit virus, the...
t0pethepr0 Inactive Malware Help Topics 0 10-21-2011 07:46 PM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:29 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts