Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Empty "Q" folder with old create date found in Music folder

This is a discussion on Empty "Q" folder with old create date found in Music folder within the Resolved HJT Threads forums, part of the Tech Support Forum category. To preface, I did a clean install of Windows 10 on my SSD today because of two issues that were


 
 
Thread Tools Search this Thread
Old 10-31-2018, 12:03 AM   #1
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



To preface, I did a clean install of Windows 10 on my SSD today because of two issues that were ongoing:

One: My PC cursor had been lagging very frequently and the Windows clock was also stopping during this lag. My PC also completely froze up and had to be hard-reset a couple of months ago. This issue had been occurring since around July.

Two: My computer monitor would go blank/black and then re-display itself after closing out exiting certain websites. I noticed that it specifically happens with iTunes album webpages. I haven't been able to place what other websites it happens with. This issue has been ongoing for a month.

After doing a clean install of Windows, the cursor/clock lag has went away. However, the monitor resetting issue is still present. I do believe that the backup service Backblaze was causing the cursor/clock lag. I'm unsure of what may be causing the monitor resetting.

Moving forward: I also have an HDD that I use for file storage that I did not reformat during the clean install. After doing the clean install, I was going through some folders of the HDD and I noticed a folder titled "Q" that was in my Music folder. I assumed I may have created a new folder by accident and hit the Q key. However, when I hovered over the folder, it said that the create date was February of 2018. It also said that the folder was empty. I do have "Show hidden files" selected in folder options. I am positive that this "Q" folder has not been in my Music folder since February. I frequently access my Music folder, and I had never seen/noticed this "Q" folder until today. I cannot verify if it was present anytime before the clean install, though, or if it showed up after.

I don't believe that I actually opened the folder, I just sent it to the recycling bin. I went to empty the recycling bin (unfortunately, I can't remember if I did this immediately after deleting the folder or not), and it briefly said that it was deleting ~2,000 files. I was surprised by this because I typically empty my recycle bin frequently and I could have sworn that it was empty before deleting the "Q" folder, but I cannot be 100% sure. I was downloading and installing drivers after the install, so it could have been one of those.

I will be upfront and say that I did have SoulseekQt installed both before and after the clean install. I have removed it after finding the "Q" folder. I also had the program SFV Checker from Traction Software installed briefly after the clean install, but I removed it because a random error popped up in my Notifications right after I opened it. I don't remember what the notification said. However, I believe the error may have been re: Windows resetting the default app for certain image extensions, because I have IrfanView installed as well and I got a handful of those notifications following the initial one.

I haven't noticed anything else suspicious on my PC

Here is the dds.txt file, and the attach.txt file is attached as well:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Admin at 23:37:08 on 2018-10-30
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.8143.6933 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
C:\Windows\system32\fontdrvhost.exe
C:\Windows\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\Windows\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k LocalService -p
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
svchost.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Windows\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\system32\backgroundTaskHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{cfb7eac7-02dc-478e-96ab-32ec1545a3d1} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdpsp;AMD PSP Service;C:\Windows\System32\drivers\amdpsp.sys [2018-7-5 137104]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\Windows\System32\drivers\iorate.sys [2018-4-11 58272]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\Windows\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2018-10-30 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\Windows\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 bam;Background Activity Moderator Driver;C:\Windows\System32\drivers\bam.sys [2018-4-11 60320]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_2940c;Connected Devices Platform User Service_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\Windows\System32\drivers\cldflt.sys [2018-10-30 414720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DusmSvc;Data Usage;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-10-30 462968]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\Windows\System32\SecurityHealthService.exe [2018-10-30 760888]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2018-4-11 82432]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_2940c;Windows Push Notifications User Service_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 amdgpio2;AMD GPIO Client Driver;C:\Windows\System32\drivers\amdgpio2.sys [2017-3-1 34696]
R3 amdgpio3;AMD GPIO Client Driver;C:\Windows\System32\drivers\amdgpio3.sys [2016-8-12 33144]
R3 AMDPCIDev;AMD PCI;C:\Windows\System32\drivers\AMDPCIDev.sys [2018-4-25 31592]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 camsvc;Capability Access Manager Service;C:\Windows\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2018-10-30 1139424]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\Windows\System32\drivers\wd\WdNisDrv.sys [2018-10-30 60408]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe [2018-10-30 3917016]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S2 OneSyncSvc_2940c;Sync Host_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S2 SgrmBroker;System Guard Runtime Monitor Broker;C:\Windows\System32\SgrmBroker.exe [2018-4-11 163336]
S2 UsoSvc;Update Orchestrator Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\Windows\System32\drivers\amdkmcsp.sys [2017-6-12 101232]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 BcastDVRUserService_2940c;GameDVR and Broadcast User Service_2940c;C:\Windows\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\Windows\System32\drivers\bindflt.sys [2018-4-11 92056]
S3 BluetoothUserService_2940c;Bluetooth User Support Service_2940c;C:\Windows\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 BTAGService;Bluetooth Audio Gateway Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 BthAvctpSvc;AVCTP service;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\Windows\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2018-4-11 39936]
S3 CAD;Charge Arbitration Driver;C:\Windows\System32\drivers\CAD.sys [2018-4-11 60320]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 DevicePickerUserSvc_2940c;DevicePicker_2940c;C:\Windows\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_2940c;DevicesFlow_2940c;C:\Windows\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-10-30 90624]
S3 diagsvc;Diagnostic Execution Service;C:\Windows\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\Windows\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\Windows\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
S3 InstallService;Microsoft Store Install Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 IPT;IPT;C:\Windows\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\Windows\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\Windows\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\Windows\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\Windows\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\Windows\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_2940c;MessagingService_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 nvdimm;Microsoft NVDIMM device driver;C:\Windows\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 PimIndexMaintenanceSvc_2940c;Contact Data_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\Windows\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_2940c;PrintWorkflow_2940c;C:\Windows\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\Windows\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\Windows\System32\drivers\refs.sys [2018-10-30 1921944]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2018-10-30 945568]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\Windows\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2018-10-30 128920]
S3 SDFRd;SDF Reflector;C:\Windows\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\Windows\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\Windows\System32\Spectrum.exe [2018-6-19 976384]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2018-6-19 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2018-10-30 48544]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2018-6-19 29600]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UnistoreSvc_2940c;User Data Storage_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 UserDataSvc_2940c;User Data Access_2940c;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 VacSvc;Volumetric Audio Compositor Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2018-10-30 36352]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2018-10-30 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\Windows\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2018-4-11 82944]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2018-10-30 787456]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\Windows\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\Windows\System32\drivers\winnat.sys [2018-10-30 228864]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 xbgm;Xbox Game Monitoring;C:\Windows\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2018-10-30 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 hvcrash;hvcrash;C:\Windows\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\Windows\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-10-31 03:49:23 -------- d-----w- C:\Users\Admin\AppData\Local\SoulseekQt
2018-10-31 03:49:16 14700800 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A88726F-C4DC-4A46-B380-EC6C85FF68D4}\mpengine.dll
2018-10-31 03:24:42 -------- d-----w- C:\Users\Admin\AppData\Roaming\Mp3tag
2018-10-31 03:21:07 -------- d-----w- C:\Program Files (x86)\Traction Software
2018-10-31 03:20:42 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2018-10-31 03:17:09 -------- d-----w- C:\Program Files (x86)\Mp3tag
2018-10-31 03:15:22 -------- d-----w- C:\Users\Admin\AppData\Roaming\IrfanView
2018-10-31 03:15:22 -------- d-----w- C:\Program Files\IrfanView
2018-10-31 03:10:59 -------- d-----w- C:\Users\Admin\AppData\Local\Programs
2018-10-31 02:53:42 -------- d-----w- C:\Users\Admin\AppData\Roaming\GoldWave
2018-10-31 02:53:38 -------- d-----w- C:\Program Files\GoldWave
2018-10-31 00:53:43 -------- d-----w- C:\Users\Admin\AppData\Roaming\foobar2000
2018-10-31 00:53:39 -------- d-----w- C:\Program Files (x86)\foobar2000
2018-10-31 00:52:10 -------- d-----w- C:\Program Files\AlbumArtDownloader
2018-10-31 00:45:15 1139424 ----a-w- C:\Windows\System32\drivers\rt640x64.sys
2018-10-31 00:43:04 -------- d-----w- C:\Windows\System32\RTCOM
2018-10-31 00:20:45 -------- d-----w- C:\Program Files (x86)\AMD
2018-10-31 00:20:38 -------- d-----w- C:\ProgramData\Package Cache
2018-10-31 00:18:23 -------- d-----w- C:\Users\Admin\AppData\Local\RadeonInstaller
2018-10-31 00:18:21 -------- d-----w- C:\Program Files\AMD
2018-10-30 23:42:42 778936 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2018-10-30 23:42:42 35456 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2018-10-30 23:42:42 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2018-10-30 23:42:39 35456 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2018-10-30 23:42:39 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2018-10-30 23:42:39 1166520 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2018-10-30 23:19:36 -------- d-----w- C:\Users\Admin\AppData\Local\Google
2018-10-30 23:07:03 -------- d-----w- C:\Windows\Panther
2018-10-30 22:53:37 -------- d-----w- C:\Users\Admin\AppData\Local\DBG
2018-10-30 22:40:39 -------- d-----w- C:\ProgramData\Packages
2018-10-30 22:37:57 50688 ----a-w- C:\Windows\System32\wcimage.dll
2018-10-30 22:36:42 -------- d-----w- C:\Windows\System32\MRT
2018-10-30 22:33:09 1476904 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2018-10-30 22:26:09 -------- d-----r- C:\Users\Admin\OneDrive
2018-10-30 22:25:47 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2018-10-30 22:25:46 -------- d-----w- C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2018-10-30 22:24:41 -------- d--h--w- C:\Users\Admin\MicrosoftEdgeBackups
2018-10-30 22:24:34 -------- d-----w- C:\Users\Admin\AppData\Local\MicrosoftEdge
2018-10-30 22:24:31 -------- d-----w- C:\Users\Admin\AppData\Local\Publishers
2018-10-30 22:24:28 -------- d-----w- C:\Users\Admin\AppData\Local\VirtualStore
2018-10-30 22:24:28 -------- d-----w- C:\Users\Admin\AppData\Local\Packages
2018-10-30 22:24:28 -------- d-----r- C:\Users\Admin\Searches
2018-10-30 22:24:28 -------- d-----r- C:\Users\Admin\Contacts
2018-10-30 22:24:28 -------- d-----r- C:\Users\Admin\3D Objects
2018-10-30 22:24:27 -------- d-----w- C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
2018-10-30 22:21:07 -------- d-----w- C:\Windows\System32\wbem\Performance
2018-10-30 22:19:08 -------- d-----w- C:\ProgramData\USOShared
2018-10-30 22:17:39 2752000 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2018-10-30 22:17:03 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2018-10-30 22:17:03 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2018-10-30 22:17:02 -------- d-sh--we C:\ProgramData\Documents
2018-10-30 22:17:02 -------- d-sh--we C:\Documents and Settings
2018-10-30 22:13:38 -------- d-sh--w- C:\Recovery
2018-10-30 22:12:49 -------- d-----w- C:\Windows\System32\wbem\MOF
2018-10-30 22:12:49 -------- d-----w- C:\Windows\System32\drivers\wd
2018-10-30 22:12:40 -------- d-s---w- C:\Windows\System32\Microsoft
2018-10-30 22:12:40 -------- d-----w- C:\Windows\System32\SleepStudy
2018-10-30 22:12:40 -------- d-----w- C:\Windows\ServiceProfiles
.
==================== Find3M ====================
.
2018-10-30 22:41:35 60408 ----a-w- C:\Windows\System32\drivers\wd\WdNisDrv.sys
2018-10-30 22:41:35 46184 ----a-w- C:\Windows\System32\drivers\wd\WdBoot.sys
2018-10-30 22:41:35 328696 ----a-w- C:\Windows\System32\drivers\wd\WdFilter.sys
2018-10-30 22:32:55 559880 ------w- C:\Windows\System32\MpSigStub.exe
2018-10-21 13:00:32 1516120 ----a-w- C:\Windows\System32\msctf.dll
2018-10-21 13:00:31 790416 ----a-w- C:\Windows\System32\fontdrvhost.exe
2018-10-21 13:00:23 396304 ----a-w- C:\Windows\System32\atmfd.dll
2018-10-21 13:00:18 1639560 ----a-w- C:\Windows\System32\user32.dll
2018-10-21 12:59:51 766480 ----a-w- C:\Windows\System32\LicensingWinRT.dll
2018-10-21 12:59:43 236728 ----a-w- C:\Windows\System32\EditionUpgradeManagerObj.dll
2018-10-21 12:46:50 64000 ----a-w- C:\Windows\System32\iemigplugin.dll
2018-10-21 12:46:11 4393472 ----a-w- C:\Windows\System32\SettingsHandlers_nt.dll
2018-10-21 12:45:43 123392 ----a-w- C:\Windows\System32\fontsub.dll
2018-10-21 12:44:40 85504 ----a-w- C:\Windows\System32\INETRES.dll
2018-10-21 12:44:02 623104 ----a-w- C:\Windows\System32\osk.exe
2018-10-21 12:43:46 182784 ----a-w- C:\Windows\System32\LanguageComponentsInstaller.dll
2018-10-21 12:43:27 276992 ----a-w- C:\Windows\System32\wisp.dll
2018-10-21 12:43:17 345600 ----a-w- C:\Windows\System32\AcGenral.dll
2018-10-21 12:42:54 1121792 ----a-w- C:\Windows\System32\TSWorkspace.dll
2018-10-21 12:42:41 1127936 ----a-w- C:\Windows\System32\nettrace.dll
2018-10-21 12:42:28 181248 ----a-w- C:\Windows\System32\EditionUpgradeHelper.dll
2018-10-21 12:42:11 765440 ----a-w- C:\Windows\System32\tdh.dll
2018-10-21 12:42:05 592896 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll
2018-10-21 12:41:58 3649024 ----a-w- C:\Windows\System32\win32kfull.sys
2018-10-21 12:41:39 1180672 ----a-w- C:\Windows\System32\localspl.dll
2018-10-21 12:41:26 1364992 ----a-w- C:\Windows\System32\bcastdvruserservice.dll
2018-10-21 11:38:53 660480 ----a-w- C:\Windows\SysWow64\LicensingWinRT.dll
2018-10-21 11:38:51 221216 ----a-w- C:\Windows\SysWow64\EditionUpgradeManagerObj.dll
2018-10-21 11:38:44 662312 ----a-w- C:\Windows\SysWow64\fontdrvhost.exe
2018-10-21 11:38:32 1322376 ----a-w- C:\Windows\SysWow64\msctf.dll
2018-10-21 11:37:42 1626656 ----a-w- C:\Windows\SysWow64\user32.dll
2018-10-21 11:28:17 84992 ----a-w- C:\Windows\SysWow64\INETRES.dll
2018-10-21 11:23:57 622080 ----a-w- C:\Windows\SysWow64\tdh.dll
2018-10-21 11:23:49 2892288 ----a-w- C:\Windows\SysWow64\win32kfull.sys
2018-10-21 11:23:40 523264 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2018-10-21 11:22:14 224256 ----a-w- C:\Windows\SysWow64\wisp.dll
2018-10-21 11:22:09 2405888 ----a-w- C:\Windows\SysWow64\AcGenral.dll
2018-10-21 09:29:22 1008640 ----a-w- C:\Windows\System32\Windows.Media.MixedRealityCapture.dll
2018-10-21 08:44:20 868864 ----a-w- C:\Windows\SysWow64\Windows.Media.MixedRealityCapture.dll
2018-10-21 07:54:06 1035240 ----a-w- C:\Windows\System32\ApplyTrustOffline.exe
2018-10-21 07:53:32 272200 ----a-w- C:\Windows\System32\SgrmEnclave.dll
2018-10-21 07:53:32 269128 ----a-w- C:\Windows\System32\SgrmEnclave_secure.dll
2018-10-21 07:48:21 5602456 ----a-w- C:\Windows\System32\StartTileData.dll
2018-10-21 07:47:58 1221128 ----a-w- C:\Windows\System32\hvix64.exe
2018-10-21 07:47:56 566776 ----a-w- C:\Windows\System32\tcblaunch.exe
2018-10-21 07:47:51 76304 ----a-w- C:\Windows\System32\drivers\hvservice.sys
2018-10-21 07:47:48 1029432 ----a-w- C:\Windows\System32\hvax64.exe
2018-10-21 07:47:47 1062712 ----a-w- C:\Windows\System32\SecConfig.efi
2018-10-21 07:47:45 135208 ----a-w- C:\Windows\System32\hvloader.dll
2018-10-21 07:47:14 368440 ----a-w- C:\Windows\System32\thumbcache.dll
2018-10-21 07:46:59 497864 ----a-w- C:\Windows\System32\Windows.Devices.Enumeration.dll
2018-10-21 07:46:42 611640 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2018-10-21 07:46:40 717112 ----a-w- C:\Windows\System32\SettingsHandlers_StorageSense.dll
2018-10-21 07:46:33 709936 ----a-w- C:\Windows\System32\drivers\cng.sys
2018-10-21 07:46:28 171024 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-10-21 07:46:20 7432136 ----a-w- C:\Windows\System32\windows.storage.dll
2018-10-21 07:46:20 560136 ----a-w- C:\Windows\System32\drivers\storport.sys
2018-10-21 07:46:12 7519896 ----a-w- C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-10-21 07:46:07 9089544 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-10-21 07:46:06 2824712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2018-10-21 07:46:00 413200 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2018-10-21 07:30:11 25855488 ----a-w- C:\Windows\System32\edgehtml.dll
2018-10-21 07:28:11 16592384 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2018-10-21 07:22:53 4384768 ----a-w- C:\Windows\System32\EdgeContent.dll
2018-10-21 07:22:19 8189440 ----a-w- C:\Windows\System32\Windows.Data.Pdf.dll
2018-10-21 07:22:06 4710912 ----a-w- C:\Windows\System32\cdp.dll
2018-10-21 07:21:26 1589248 ----a-w- C:\Windows\System32\Windows.Globalization.dll
2018-10-21 07:21:14 123424 ----a-w- C:\Windows\SysWow64\sspicli.dll
2018-10-21 07:21:01 3392512 ----a-w- C:\Windows\System32\tquery.dll
2018-10-21 07:20:48 3397120 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2018-10-21 07:20:27 424000 ----a-w- C:\Windows\SysWow64\Windows.Devices.Enumeration.dll
2018-10-21 07:20:27 295224 ----a-w- C:\Windows\SysWow64\thumbcache.dll
2018-10-21 07:20:14 161792 ----a-w- C:\Windows\System32\spacebridge.dll
2018-10-21 07:20:02 141312 ----a-w- C:\Windows\System32\DataStoreCacheDumpTool.exe
2018-10-21 07:18:54 395264 ----a-w- C:\Windows\System32\BthAvctpSvc.dll
2018-10-21 07:18:54 130048 ----a-w- C:\Windows\System32\officecsp.dll
2018-10-21 07:18:50 107520 ----a-w- C:\Windows\System32\dab.dll
2018-10-21 07:18:45 395776 ----a-w- C:\Windows\System32\Search.ProtocolHandler.MAPI2.dll
2018-10-21 07:18:43 894464 ----a-w- C:\Windows\System32\webplatstorageserver.dll
2018-10-21 07:18:36 274432 ----a-w- C:\Windows\System32\DAFWSD.dll
2018-10-21 07:18:27 275456 ----a-w- C:\Windows\System32\scecli.dll
2018-10-21 07:18:26 273408 ----a-w- C:\Windows\System32\ubpm.dll
2018-10-21 07:18:22 761344 ----a-w- C:\Windows\System32\nshwfp.dll
2018-10-21 07:18:21 154112 ----a-w- C:\Windows\System32\Chakradiag.dll
2018-10-21 07:18:12 461824 ----a-w- C:\Windows\System32\Windows.Data.Activities.dll
2018-10-21 07:18:11 2738688 ----a-w- C:\Windows\System32\mssrch.dll
2018-10-21 07:18:06 30720 ----a-w- C:\Windows\System32\seclogon.dll
2018-10-21 07:17:55 473600 ----a-w- C:\Windows\System32\schannel.dll
2018-10-21 07:17:40 764416 ----a-w- C:\Windows\System32\drivers\UMDF\NfcCx.dll
2018-10-21 07:17:38 787456 ----a-w- C:\Windows\System32\drivers\WdiWiFi.sys
2018-10-21 07:17:38 7577088 ----a-w- C:\Windows\System32\Chakra.dll
2018-10-21 07:17:38 311296 ----a-w- C:\Windows\System32\BthAvrcp.dll
2018-10-21 07:17:35 2172928 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-10-21 07:17:25 625152 ----a-w- C:\Windows\System32\PsmServiceExtHost.dll
2018-10-21 07:17:19 1826816 ----a-w- C:\Windows\System32\Windows.CloudStore.dll
2018-10-21 07:17:13 1668096 ----a-w- C:\Windows\System32\cdprt.dll
2018-10-21 07:17:02 271872 ----a-w- C:\Windows\System32\dafBth.dll
2018-10-21 07:16:45 514048 ----a-w- C:\Windows\System32\BTAGService.dll
2018-10-21 07:16:32 2368512 ----a-w- C:\Windows\System32\WebRuntimeManager.dll
2018-10-21 07:16:25 2584576 ----a-w- C:\Windows\System32\wlansvc.dll
.
============= FINISH: 23:37:27.71 ===============
Attached Files
File Type: txt attach.txt (4.8 KB, 7 views)
garmo91 is offline  
Sponsored Links
Advertisement
 
Old 11-02-2018, 03:12 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything suspicious in your logs so far. And the problems you describe are not typically malware related.

You may need to seek help in one of our other forums when we are done here.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-02-2018, 03:16 PM   #3
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



The forum is not allowing me to submit both logs in the body of my post because of the character length. Here is the AdwCleaner log. The two logs from FRST are attached:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-02-2018
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1289 octets] - [02/11/2018 13:43:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Attached Files
File Type: txt FRST.txt (145.9 KB, 7 views)
File Type: txt Addition.txt (22.6 KB, 6 views)
garmo91 is offline  
Sponsored Links
Advertisement
 
Old 11-02-2018, 09:54 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello garmo91. Again, not seeing anything malicious in your logs.

------------------------------------------------------

Are you aware System Restore is disabled on your machine?

Did you disable System Restore? Are you able to re-enable System Restore?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mb3-setup-1878.1878-3.6.1.2711.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • NOTE: If you select the Premium features, MBAM will be running as a full-fledged, real-time antivirus application.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-03-2018, 11:25 AM   #5
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



A few things:

1. I've attached the Malwarebyte's log to this post.

2. As far as I know, I did not disable System Restore. As I said in my OP, I just did a clean install of Windows a couple of days ago, and I don't believe I had disabled it at all since then, or even before. Is it suspicious that it is disabled? And how can I re-enable it?

3. I need some assistance with turning off Windows Defender before I can run the ESET Online Scanner. In your post, you provided a link on how to turn off any real-time scanners prior to using ESET, but it seems that the info for how to do so with Windows Defender may be out-of-date.

The guide says that once you get to Tools > Options, to uncheck "Use real-time protection (recommended)" and "Use Windows Defender".

However, on my PC, I double-click the tray icon, but there is no "Tools" link.

Once I double-clicked the tray icon, I went to Settings > Virus & threat protection settings. On this page, there is an option to turn off Real-time protection, but I don't see any on/off switcher for "Use Windows Defender". Is it located somewhere else, or has it possibly been removed in subsequent Windows updates?
Attached Files
File Type: txt malwarebytes log.txt (1.2 KB, 5 views)
garmo91 is offline  
Old 11-03-2018, 08:39 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. Don't be suspicious. As I said before, I don't think your problems are malware related.

Sorry about those instructions for Windows Defender. Turning off Real-Time Protection is all that is needed.

As far as re-enabling System Restore...

https://www.tenforums.com/tutorials/...e-windows.html

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 12:00 AM   #7
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



ESET did not detect any threats.

I followed the steps in the link you sent to re-enable System Restore, but I had a question regarding that:

I realized that the method in the link you provided wasn't typical, such as just going into Settings/Control Panel and turning something on/off. While I did follow the method in the link you provided, just out of curiosity, I searched Google to see if there was a more straight-forward method. I found this here: https://www.thewindowsclub.com/syste...estore-windows

Can you explain to me the difference between the method in the link you provided and the one detailed in this article?

Also, even after using the .reg file and restarting my computer, when I go to Control Panel > System > System Protection, protection is still listed as "Off" for all of my drives and the System Restore button and the button to Create a restore point are still grayed as if System Restore hasn't been configured. Shouldn't it be on now that I used that .reg file?
garmo91 is offline  
Old 11-04-2018, 08:09 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. There is really no difference. There are often multiple ways of doing the same thing in Windows.

However, please refrain from trying things on your own. It can make it harder for me to fix your issues.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 12:16 PM   #9
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



Here is the Farbar Service Scanner log:

Farbar Service Scanner Version: 27-01-2016
Ran by Admin (administrator) on 04-11-2018 at 12:15:42
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
garmo91 is offline  
Old 11-04-2018, 12:46 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. Nothing amiss there. Weird.

Press the Windows "logo" key and "R" then copy/paste the following into the Run box and click OK:

cmd /c net start >log.txt&log.txt&del log.txt

A DOS window will open and close. This is normal.

A Notepad file should open. Please post the contents of the log here.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 12:51 PM   #11
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



Here is the log. Also, for reference, I've attached a screenshot of my System Protection tab from System Properties:

These Windows services are started:

Application Information
AppX Deployment Service (AppXSVC)
Background Tasks Infrastructure Service
Base Filtering Engine
Capability Access Manager Service
CDPUserSvc_39319
CNG Key Isolation
COM+ Event System
Connected Devices Platform Service
Connected User Experiences and Telemetry
CoreMessaging
Credential Manager
Cryptographic Services
Data Usage
DCOM Server Process Launcher
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
File History Service
Geolocation Service
Group Policy Client
Human Interface Device Service
IDriveService
IP Helper
Local Session Manager
NetgearSwitchUSB
Network Connection Broker
Network List Service
Network Location Awareness
Network Store Interface Service
NVIDIA Display Container LS
NVIDIA Telemetry Container
OneSyncSvc_39319
Payments and NFC/SE Manager
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery
State Repository Service
Storage Service
Superfetch
System Event Notification Service
System Events Broker
System Guard Runtime Monitor Broker
Task Scheduler
TCP/IP NetBIOS Helper
Themes
Time Broker
Touch Keyboard and Handwriting Panel Service
Update Orchestrator Service
User Manager
User Profile Service
Web Account Manager
Windows Audio
Windows Audio Endpoint Builder
Windows Connection Manager
Windows Defender Antivirus Network Inspection Service
Windows Defender Antivirus Service
Windows Defender Firewall
Windows Defender Security Center Service
Windows Event Log
Windows Font Cache Service
Windows Management Instrumentation
Windows Push Notifications System Service
Windows Search
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
WpnUserService_39319

The command completed successfully.
Attached Thumbnails
Click image for larger version

Name:	Clipboard02.jpg
Views:	15
Size:	87.1 KB
ID:	322100  
garmo91 is offline  
Old 11-04-2018, 01:02 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. Ah-ha! System Restore isn't running. It's called Volume Shadow Copy. FSS should have shown that, again weird.

Also, notice that the Configure button is not grayed out.

Go to Control Panel > System > System Protection, then click on your (C:) drive and click Configure, then 'Turn on system protection'? System Restore should now be enabled.

Are the System Restore and Create buttons no longer grayed out? Are you able to manually create a system restore point using the Create button?

Any joy? Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 01:25 PM   #13
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



Yes, the options are now available. I'm just curious as to why that .reg file didn't accomplish the same result?

Also, is it a good idea to enable System Restore/Protection for my storage drive (D:) and external backup (E:)?

Lastly, I've read that System Restore can use between 3% to 5% of disc space regularly. I set my limit to 10% as I usually keep my drives pretty empty, so I don't mind the space being used. Is that an adequate amount?
garmo91 is offline  
Old 11-04-2018, 02:29 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. That amount of space seems reasonable. I don't think you really need more unless you wanted to keep an inordinate amount of system restore points.

System restore only backs up system files, so I don't think it's needed for drives other than your operating system drive. Maybe there is something I don't know.

------------------------------------------------------

As far as the regfix, it appears enabling and turning on are often used interchangeably but are not neccessarily the same thing(as far as the registry is concerned).

I should have given you manual instructions for turning on system restore instead.

The regfix apparently removes any policy that prevents you from accessing your system restore settings, and therefore prevents you from turning on system restore.

Running the regfix allows you access to system restore, so that you are then able to turn it on.

So you had access, it just wasn't turned on. Hope that makes sense.

And I was wrong earlier. Volume Shadow Copy doesn't have to be running before system restore can be turned on.

It is stopped and set to manual on my machine and my system restore is on.

------------------------------------------------------

If you still have questions about that folder, you will have to post in one of our other forums as it is not a malware issue.

Any other problems? If not, let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 02:31 PM   #15
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



I greatly appreciate the information.

I think my other problems/questions are either Windows/software/hardware related, so they're not appropriate for this forum.
garmo91 is offline  
Old 11-04-2018, 02:39 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, garmo91. You're very welcome.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-04-2018, 02:56 PM   #17
Registered Member
 
Join Date: Jul 2013
Posts: 82
OS: Windows 10 Home 64-bit



I've completed the steps listed. Thank you for your help.
garmo91 is offline  
Old 11-04-2018, 06:00 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, garmo91! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
0.0.0.0.1 Default page!
My chrome has this as default page the IP 0.0.0.0.1 and it keeps changing to random things! Also I had some chinese softwares installed on my PC out of nowhere thirdly there is this Russian site which became the default homepage prior to all that, in essence my pc has something wrong with it. >.< ...
Psychosis Virus/Trojan/Spyware Help 16 10-28-2016 12:52 AM
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 11:33 AM
BING Bubbles everywhere! CONDUIT?
Help these stupid Bing Bubbles appear on every image that comes up on the web. It's very annoying as I have to click images in fear below the bubble so i wont take the BING link. How can I remove this pest! I've tried many things but Cant seem to remove this! It has attacked all my web browsers EI,...
Gween Resolved HJT Threads 16 08-02-2013 07:17 AM
Keyboards Unresponsive
Hi, i was referred to this sub-forum from the 'Microsoft/windows 7 support' forum. Here's a copy an paste of my op; "'I recently installed Bitdeffender and after scanning my computer it found a few malware/viruses. But as it was cleaning/deleting the infected files I got a BSOD. Now ever since...
ScretAgentDan Virus/Trojan/Spyware Help 44 04-22-2013 05:13 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:32 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts