Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

ESET online scanner found malware

This is a discussion on ESET online scanner found malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. I was doing a normal monthly online scan and found malware. Windows defender won't turn on now also. DDS (Ver_2012-11-20.01)


 
 
Thread Tools Search this Thread
Old 10-21-2017, 12:56 PM   #1
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



I was doing a normal monthly online scan and found malware.

Windows defender won't turn on now also.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by 93 at 11:52:24 on 2017-10-21
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.7105.4007 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Sandboxie\SbieSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\svchost.exe -k networkservice -s TapiSrv
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\WINDOWS\system32\fxssvc.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.pugetsystems.com/welcome.php?oid=117561
uLocal Page = %11%\blank.htm
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall 17.3.6966.0824\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64"
uRunOnce: [Uninstall 17.3.6966.0824] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{dbb5ab4c-4765-46c1-8ced-39aa33d4c16e} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{ef0754b1-f733-49e6-aaff-90432a3d9c36} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\it167470.default\
FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\WINDOWS\System32\Macromed\Flash\NPSWF64_27_0_0_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-7-23 77440]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R1 MpKsl013e1eba;MpKsl013e1eba;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys [2017-10-13 58120]
R1 MpKsl0becec6c;MpKsl0becec6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys [2017-10-13 58120]
R1 MpKsl0dde1adb;MpKsl0dde1adb;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys [2017-10-11 58120]
R1 MpKsl2114210e;MpKsl2114210e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys [2017-10-14 58120]
R1 MpKsl2f680faf;MpKsl2f680faf;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys [2017-10-16 58120]
R1 MpKsl4a019c94;MpKsl4a019c94;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys [2017-10-16 58120]
R1 MpKsl5577933f;MpKsl5577933f;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys [2017-10-19 58120]
R1 MpKsl5b8f605b;MpKsl5b8f605b;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys [2017-10-13 58120]
R1 MpKsl5f721d8e;MpKsl5f721d8e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys [2017-10-18 58120]
R1 MpKsl719291b1;MpKsl719291b1;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys [2017-10-18 58120]
R1 MpKsl8c42b6b0;MpKsl8c42b6b0;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys [2017-10-14 58120]
R1 MpKsl9ed82714;MpKsl9ed82714;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys [2017-10-14 58120]
R1 MpKslaa5c3cda;MpKslaa5c3cda;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys [2017-10-20 58120]
R1 MpKslac23430e;MpKslac23430e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys [2017-10-20 58120]
R1 MpKslc46a7c3a;MpKslc46a7c3a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys [2017-10-19 58120]
R1 MpKslc523f3f5;MpKslc523f3f5;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys [2017-10-14 58120]
R1 MpKsld8bd337a;MpKsld8bd337a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys [2017-10-20 58120]
R1 MpKsldeacfa6c;MpKsldeacfa6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys [2017-10-19 58120]
R1 MpKslfc82725d;MpKslfc82725d;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys [2017-10-18 58120]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-9-7 83768]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2017-9-14 936728]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_1bcc4d4;Connected Devices Platform User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-11-1 373744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2017-10-14 192952]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-7-23 6058960]
R2 OneSyncSvc_1bcc4d4;Sync Host_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-10 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_1bcc4d4;Windows Push Notifications User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d62x64.sys [2017-4-25 534512]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-10-14 110016]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-10-14 45504]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2017-10-14 252232]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-10-14 94144]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 PimIndexMaintenanceSvc_1bcc4d4;Contact Data_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2017-6-5 207496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UnistoreSvc_1bcc4d4;User Data Storage_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_1bcc4d4;User Data Access_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-14 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_1bcc4d4;DevicesFlow_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_1bcc4d4;MessagingService_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-10 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu.sys [2017-3-18 5707264]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-14 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-9-14 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-10 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-10 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-10-21 14:45:47 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FD3F768-0149-4600-A98D-2FEED3FE3895}\mpengine.dll
2017-10-21 13:13:54 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-10-20 20:59:23 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys
2017-10-20 12:22:19 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys
2017-10-20 10:05:05 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys
2017-10-19 20:31:57 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys
2017-10-19 13:33:05 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys
2017-10-19 12:10:52 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys
2017-10-18 20:20:31 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys
2017-10-18 14:27:38 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys
2017-10-18 12:24:12 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys
2017-10-17 05:43:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys
2017-10-17 00:40:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys
2017-10-14 23:59:54 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys
2017-10-14 23:50:59 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys
2017-10-14 21:27:17 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys
2017-10-14 13:40:57 192952 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2017-10-14 13:40:56 94144 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-10-14 13:40:56 110016 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-10-14 13:40:53 45504 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-10-14 13:40:50 252232 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2017-10-14 12:55:09 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys
2017-10-14 02:47:56 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys
2017-10-13 19:49:01 18896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\qipcap64.dll
2017-10-13 13:52:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys
2017-10-13 07:49:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys
2017-10-11 21:04:36 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys
2017-10-11 12:30:59 126925120 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-10-11 12:05:26 5304496 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2017-10-11 12:04:59 8333312 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2017-09-29 03:19:52 1057976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9124BC07-F8E7-414E-95EF-0E0CE6E41FEE}\gapaengine.dll
2017-09-25 17:34:36 -------- d-----w- C:\Program Files\iPod
2017-09-25 17:34:05 -------- d---a-w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2017-10-21 17:12:16 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-13 00:21:46 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-10-13 00:21:46 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-10-11 13:46:23 230400 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-10-11 13:46:23 207872 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-10-04 20:15:42 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-09-30 05:52:01 1595152 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-09-30 05:51:44 1458320 ----a-w- C:\WINDOWS\System32\msctf.dll
2017-09-30 05:51:12 1147288 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-09-30 05:50:48 1068208 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2017-09-30 05:50:46 1024920 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-09-30 05:50:44 1346112 ----a-w- C:\WINDOWS\System32\user32.dll
2017-09-30 05:49:44 777400 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-09-30 05:49:27 135576 ----a-w- C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-30 05:49:25 1004136 ----a-w- C:\WINDOWS\System32\ucrtbase.dll
2017-09-30 05:48:27 644696 ----a-w- C:\WINDOWS\System32\advapi32.dll
2017-09-30 05:48:26 2399728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-09-30 05:48:12 8319384 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-09-30 05:48:04 2327448 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-09-30 05:47:28 1194792 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2017-09-30 05:47:05 2969880 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-30 05:45:54 511896 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2017-09-30 05:44:52 181912 ----a-w- C:\WINDOWS\System32\sspicli.dll
2017-09-30 05:44:03 712600 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-09-30 05:43:49 2442136 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-30 05:43:47 7318888 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-09-30 05:42:43 4848952 ----a-w- C:\WINDOWS\explorer.exe
2017-09-30 05:42:08 1506712 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-09-30 05:42:03 820120 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-09-30 05:41:48 259400 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2017-09-30 05:41:48 228248 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-30 05:41:47 961944 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-09-30 05:41:45 651672 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2017-09-30 05:41:44 5477600 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-30 05:41:35 257432 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-30 05:41:11 654976 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-30 05:41:00 2086808 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2017-09-30 05:40:49 642680 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-09-30 05:40:45 184728 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2017-09-30 05:40:44 724704 ----a-w- C:\WINDOWS\System32\wer.dll
2017-09-30 05:40:38 336320 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2017-09-30 05:40:33 408984 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-09-30 05:40:29 72944 ----a-w- C:\WINDOWS\System32\easinvoker.exe
2017-09-30 05:40:13 558912 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.dll
2017-09-30 05:40:03 173976 ----a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
2017-09-30 05:39:45 203672 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-09-30 05:38:42 2239136 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-09-30 05:38:33 7910072 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-30 05:36:38 2672024 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-30 05:36:28 57976 ----a-w- C:\WINDOWS\System32\lsass.exe
2017-09-30 02:29:54 1408536 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-09-30 02:29:46 804784 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2017-09-30 02:26:30 1292872 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2017-09-30 02:26:24 1333136 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2017-09-30 02:10:34 480920 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2017-09-30 02:10:20 606072 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-09-30 02:10:14 1839872 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-30 02:10:08 1150776 ----a-w- C:\WINDOWS\SysWow64\ucrtbase.dll
2017-09-30 02:09:16 2259760 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-30 02:09:02 787712 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2017-09-30 0228 4471368 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-09-30 02:05:47 750488 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-30 02:05:45 5827744 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-30 02:05:39 559000 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-09-30 02:05:36 1266544 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-09-30 02:05:34 2603744 ----a-w- C:\WINDOWS\SysWow64\OneCoreUAPCommonProxyStub.dll
2017-09-30 02:04:52 612120 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-09-30 02:04:50 4215184 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2017-09-30 02:04:45 347544 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-09-30 02:04:39 438096 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
2017-09-30 02:04:17 519680 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-30 02:04:13 182680 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-30 02:03:27 6768288 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-30 02:03:17 1439032 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-09-30 02:02:53 175512 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-09-30 02:01:54 124544 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2017-09-29 07:46:30 23678976 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-09-29 07:45:00 2953216 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-09-29 07:44:19 133120 ----a-w- C:\WINDOWS\SysWow64\t2embed.dll
2017-09-29 07:43:14 2199552 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-09-29 07:43:07 142336 ----a-w- C:\WINDOWS\SysWow64\smartscreenps.dll
2017-09-29 07:43:05 60928 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-09-29 07:42:56 18944 ----a-w- C:\WINDOWS\SysWow64\mgmtapi.dll
2017-09-29 07:41:56 13844992 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-09-29 07:41:50 50176 ----a-w- C:\WINDOWS\SysWow64\wbem\Win32_Tpm.dll
2017-09-29 07:41:09 110080 ----a-w- C:\WINDOWS\SysWow64\BitLockerCsp.dll
2017-09-29 07:40:57 6728192 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2017-09-29 07:40:50 371200 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-09-29 07:40:25 86528 ----a-w- C:\WINDOWS\SysWow64\updatepolicy.dll
2017-09-29 07:39:51 364032 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2017-09-29 07:39:01 20511232 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-09-29 07:38:55 471040 ----a-w- C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
2017-09-29 07:38:51 229376 ----a-w- C:\WINDOWS\SysWow64\scksp.dll
2017-09-29 07:38:35 1135616 ----a-r- C:\WINDOWS\SysWow64\icuuc.dll
2017-09-29 07:38:18 2671616 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-09-29 07:38:15 370688 ----a-w- C:\WINDOWS\SysWow64\FirewallAPI.dll
2017-09-29 07:38:11 463360 ----a-w- C:\WINDOWS\SysWow64\webio.dll
2017-09-29 07:38:03 5721600 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2017-09-29 07:38:03 308224 ----a-w- C:\WINDOWS\SysWow64\cryptngc.dll
2017-09-29 07:37:45 306688 ----a-w- C:\WINDOWS\SysWow64\Windows.Graphics.dll
.
============= FINISH: 11:53:09.68 ===============
Attached Thumbnails
Click image for larger version

Name:	malware found.jpg
Views:	97
Size:	83.3 KB
ID:	314697  
Attached Files
File Type: txt attach.txt (9.1 KB, 25 views)
File Type: txt malware found 21 october 2017.txt (438 Bytes, 16 views)
tierra is offline  
Sponsored Links
Advertisement
 
Old 10-21-2017, 03:35 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello tierra. Those ESET find is not malicious, just a 'potentially' unsafe application, in this case, Magical Jelly Bean.

It is showing as installed on your machine. Did you install it? If so, you can trust it.

------------------------------------------------------

You don't need Windows Defender to run as long as you have another antivirus installed and running, in your case MBAM.

What happens when you try to turn on Windows Defender? Any error messages?

Can you post a pic of what happens?

------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-21-2017, 03:45 PM   #3
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi Chemist,

I did not install magic jelly bean on my computer. I don't even know what it is. I have very few programs installed on my computer.

Windows defender is now working. It just refused to turn on. I didn't get a picture of it - sorry. I just kept trying and rebooting my computer and it finally came back on.

Thank you.
tierra is offline  
Sponsored Links
Advertisement
 
Old 10-21-2017, 03:52 PM   #4
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Sorry - had to get into the admin account. Here's the results:

Farbar Service Scanner Version: 27-01-2016
Ran by 93 (administrator) on 21-10-2017 at 14:50:14
Running from "C:\Users\93\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
tierra is offline  
Old 10-21-2017, 10:48 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. Just uninstall Magical Jelly Bean from Programs and Features and you should be good to go.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-22-2017, 09:59 AM   #6
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Thank you - Chemist! That worked.

However, still having problems with windows defending turning off real time protection and I turn it on over and over and reboot several times and this time had to turn off totally and then boot up again 3 times before could get it to turn on.
Attached Thumbnails
Click image for larger version

Name:	windows defender off after turning on.jpg
Views:	67
Size:	150.0 KB
ID:	314745  
tierra is offline  
Old 10-23-2017, 07:22 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Do you know exactly when the problem with Defender started?

Did you purchase MBAM, or are you using the trial version?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-23-2017, 09:28 PM   #8
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi Chemist,

As far as I know it started over the weekend.

I have the free version of Malwarebytes; however, it says I have 4 days left of premium trial. I didn't want the premium trial and it caused problems for me a few months ago and I uninstalled it. However, don't like being without the free version and tried it again. If this is because of that - it's the first time since reinstalling it that I've had problems.

Thank you.
tierra is offline  
Old 10-24-2017, 07:40 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. You're welcome.

When the free MBAM trial version runs out, try Defender again and let me know it it still gives you problems.

In the future, you can always decline the free trial and just use the free scanner version.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-25-2017, 06:08 AM   #10
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi Chemist and thank you again.

Actually, what happened is malwarebytes had an update where you couldn't opt out of the free trial, that's when I started to have problems, mostly with window defender several months ago, but with other programs too. When I downloaded I didn't think I had much time left on the free trial and only did the free version, as didn't want the free trial, but I think they want everyone to use the paid version as I didn't see an option without it.

Thank you.
tierra is offline  
Old 10-25-2017, 09:44 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know when the free premium trial runs out.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-28-2017, 02:57 AM   #12
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi chemist,

It's still not run out. For a few days it said one day left and today it's saying that today is the last day. I really hope today is the last day.

Thank you.
tierra is offline  
Old 10-28-2017, 04:32 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. It should let you know when you have so many hours left, or something to that effect. Just X out of the MBAM window whenever it suggests you should upgrade. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-29-2017, 05:08 AM   #14
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi Chemist,

It's finally over the free period.

Thank you.
tierra is offline  
Old 10-29-2017, 07:38 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



OK. You should eventually be presented with the message, Your Premium trial expired', with several options. Choose the one that says 'Stay downgraded-I don't need Real-Time Protection'.

Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-30-2017, 04:15 PM   #16
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Hi chemist,

I did get the message and did click I don't need real time protection.

Thank you,
tierra is offline  
Old 10-31-2017, 08:02 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Any other problems? If not, you should be good to go.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-05-2017, 04:34 PM   #18
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,060
OS: Windows 10 home premium 64-bit



Thank you - Chemist!

Everything seems to be working now.
tierra is offline  
Old 11-09-2017, 06:26 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, tierra! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 12:33 PM
[SOLVED] VGRABBER
After posting this subject in the main Forum, I followed MasterchiefXX17 instructions which I will attached the results here. Basically I first notice Vgrabber v1.5 Toolbar in my uninstall list which I was unable to remove. When I searched for Vgrabber it cannot be found but I just noticed it is...
loftytopp Virus/Trojan/Spyware Help 6 06-30-2013 06:28 AM
Unable to open programs
Good Morning, A friend called me the other night. He was unable to open any programs on his PC. Gets a message like: The specified service does not exist as an installed service. Click help for more information error code 0x80070424". I picked it up from him and tried to install Anti...
mrmuggyd Resolved HJT Threads 28 02-27-2013 03:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:43 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts