Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

I do not know what is wrong.

This is a discussion on I do not know what is wrong. within the Resolved HJT Threads forums, part of the Tech Support Forum category. There are several issues with my computer right now, here i am disappointed, famished and desperate for the aid of


 
 
Thread Tools Search this Thread
Old 04-02-2016, 11:07 PM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



There are several issues with my computer right now, here i am disappointed, famished and desperate for the aid of this forum.

- My monitor trips, like it goes blank for 2-3 seconds randomly (could be an hardware issue)

- My computer even though on SSD is slow at times

- I had 3 other hard drives and one of them was ancient and contained bad sectors so i have disconnected it, which improved my PC but the two others, one of them is relatively old and one is a brand new one, what happens is, my PC at times would crash and then PC fails to reboot from the SSD and accesses old drives for windows which have none, therefore, I cannot boot, in order to fix it, I have to open my PC, disconnect my hard drives so the only remaining is SSD and restart my PC which where the boot actually happens and then i reconnect my other drives again, this happens after every few days? ??????? >.<

- Thirdly, I am using a Samsung 27' monitor and I do not know what is wrong with all of this, i cannot enter bios, it presents me with a blank screen, so I cannot re-install windows too, I have windows written on a USB drive too and it gives me a strange error that my drives are some other type, whereas initially I have installed the windows from that very USB.

I spend decent money to get this pc made, but.... =( help.

Also my start button isn't responding and "My Computer" doesn't appear on my desktop.

------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by abc at 10:58:57 on 2016-04-03
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.8053.5951 [GMT 5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\ProgramData\CharJi EVO\OnlineUpdate\ouc.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k AppReadiness
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O:\Program Files (x86)\Steam\Steam.exe
C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\DataExchangeHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\InstallAgent.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [OneDrive] "C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleChromeAutoLaunch_6498289AB796CA7846991036AE76305E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRunOnce: [Uninstall C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP.abc-PC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
mRun: [Sound Blaster X-Fi MB 3] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\KILLER~1.LNK - C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{09d7e732-a787-4b50-8b47-507983e5743b} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{113d9b9d-5d15-486c-9743-da91c37b9376} : NameServer = 182.176.100.13 182.176.100.138
TCP: Interfaces\{165097bf-bdd8-451f-9a70-ad27cf8d9ee9} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{243b1da4-3bce-44c6-a9fc-f5b6ae8931cd} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6e61b5d8-9310-4877-90e7-ec742b735327} : NameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{82c277d3-6f79-46b8-8667-cb15f212f3e0} : NameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{aa60f291-37cc-43fd-9313-4730765ed2c1} : NameServer = 39.39.39.39 182.176.100.138
TCP: Interfaces\{d72559ce-9042-44d7-a838-2923832b8809} : NameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{e54c8e8a-ce50-4f5d-b527-75b7bd8d4cd0} : NameServer = 0.0.0.0 0.0.0.0
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MBCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\WINDOWS\System32\drivers\bflwfx64.sys [2013-2-13 67888]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-6-12 1155192]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 24888]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2013-2-6 351824]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-12-31 373160]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-6-12 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-7-30 5544568]
R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-8-8 343040]
R2 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2015-6-11 91648]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-6-10 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-6-10 450520]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\e22W7x64.sys [2013-3-20 154320]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-6-24 41088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-6-12 19576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-10-7 50472]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S2 CharJi EVO. RunOuc;CharJi EVO. OUC;C:\Program Files (x86)\CharJi EVO\UpdateDog\ouc.exe [2015-6-11 656976]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-1 117248]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2015-6-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2015-6-10 79360]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2015-8-28 122160]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2015-6-11 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2015-6-11 14976]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\WINDOWS\System32\drivers\ewusbwwan.sys [2015-6-11 455680]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-8-28 214832]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudserd.sys [2015-12-8 214832]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 usbrndis6;USB RNDIS6 Adapter;C:\WINDOWS\System32\drivers\usb80236.sys [2015-10-30 23040]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-2 29696]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-04-03 18:27:33 -------- d-sh--w- C:\found.004
2016-04-03 05:49:27 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Roaming\HpUpdate
2016-04-03 05:46:02 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\CEF
2016-04-03 05:46:01 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\Steam
2016-04-03 05:46:00 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\ActiveSync
2016-04-03 05:44:31 -------- d-----r- C:\Users\TEMP.abc-PC\OneDrive
2016-04-03 05:44:18 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\Creative
2016-04-03 05:44:00 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\NVIDIA Corporation
2016-04-03 05:44:00 -------- d-----w- C:\Users\TEMP.abc-PC\AppData\Local\NVIDIA
2016-04-03 05:44:00 -------- d-----r- C:\Users\TEMP.abc-PC\Searches
2016-04-03 05:44:00 -------- d-----r- C:\Users\TEMP.abc-PC\Contacts
2016-04-03 05:32:17 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8977A729-6BDA-36C5-F874-94201D66A443}\GapaEngine.dll
2016-04-02 13:30:29 11686560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47FA23D4-F2D1-474E-9102-BE08B09DBB37}\mpengine.dll
2016-04-01 03:14:37 11686560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-03-31 15:03:40 -------- d-sh--w- C:\found.003
2016-03-30 19:20:50 -------- d-sh--w- C:\found.002
2016-03-29 15:19:52 -------- d-----w- C:\Program Files\Logitech Gaming Software
2016-03-23 14:31:35 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-03-22 21:46:00 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1C309E0-0F71-44A2-AF61-D26E8ECC1EB6}\gapaengine.dll
2016-03-16 19:18:12 -------- d-sh--w- C:\found.001
2016-03-09 12:52:00 48128 ----a-we C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll
2016-03-09 12:52:00 37888 ----a-we C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll
2016-03-09 12:52:00 369664 ----a-w- C:\WINDOWS\SysWow64\FirewallAPI.dll
2016-03-09 12:52:00 20480 ----a-we C:\WINDOWS\SysWow64\wfapigp.dll
2016-03-09 12:52:00 135168 ----a-we C:\WINDOWS\SysWow64\AppxSip.dll
.
==================== Find3M ====================
.
2016-04-03 05:43:52 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-03-01 05:31:29 848168 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-03-01 05:22:47 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-02-24 09:52:06 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-02-24 09:51:58 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-02-24 09:48:32 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-02-24 09:47:03 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-02-24 09:40:06 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-02-24 09:34:50 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-02-24 09:28:35 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-02-24 09:15:07 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-02-24 08:58:26 794888 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-02-24 08:51:24 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-02-24 08:50:49 808800 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-02-24 08:46:25 6607080 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-02-24 08:43:01 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-02-24 08:39:30 141560 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2016-02-24 08:39:01 358752 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-02-24 08:19:18 670928 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-02-24 08:14:23 216416 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2016-02-24 08:11:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-02-24 08:11:07 258280 ----a-w- C:\WINDOWS\System32\sqmapi.dll
2016-02-24 08:11:03 652392 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-02-24 08:11:03 394080 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03 1997152 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-02-24 08:10:54 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52 630632 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-02-24 08:09:58 640472 ----a-w- C:\WINDOWS\System32\wer.dll
2016-02-24 08:09:49 147808 ----a-w- C:\WINDOWS\System32\wermgr.exe
2016-02-24 0839 5242496 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-02-24 07:59:11 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-02-24 07:39:44 23552 ----a-w- C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34 45568 ----a-w- C:\WINDOWS\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35 187744 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12 111616 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58 45056 ----a-w- C:\WINDOWS\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17 60416 ----a-w- C:\WINDOWS\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26 220064 ----a-w- C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-24 07:35:24 523752 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-02-24 07:35:18 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-02-24 07:35:08 540752 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53 141664 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2016-02-24 07:33:49 538736 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-02-24 07:31:49 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-02-24 07:30:18 25600 ----a-w- C:\WINDOWS\System32\wfapigp.dll
2016-02-24 07:28:12 70656 ----a-w- C:\WINDOWS\System32\POSyncServices.dll
2016-02-24 07:23:20 68096 ----a-w- C:\WINDOWS\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:09 91648 ----a-w- C:\WINDOWS\System32\asycfilt.dll
2016-02-24 07:22:03 196608 ----a-w- C:\WINDOWS\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57 167936 ----a-w- C:\WINDOWS\System32\dafBth.dll
2016-02-24 07:20:35 195072 ----a-w- C:\WINDOWS\System32\VCardParser.dll
2016-02-24 07:20:00 87552 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
2016-02-24 07:19:56 31232 ----a-w- C:\WINDOWS\System32\seclogon.dll
2016-02-24 07:19:10 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2016-02-24 07:15:29 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-02-24 07:14:00 274944 ----a-w- C:\WINDOWS\System32\ExSMime.dll
2016-02-24 07:13:57 121856 ----a-w- C:\WINDOWS\System32\AppointmentActivation.dll
2016-02-24 07:12:54 243712 ----a-w- C:\WINDOWS\System32\cemapi.dll
2016-02-24 07:12:03 221184 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05 93184 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2016-02-24 07:09:04 258560 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2016-02-24 07:09:00 161792 ----a-w- C:\WINDOWS\System32\AppxSip.dll
2016-02-24 07:07:53 252928 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00 208896 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2016-02-24 07:03:16 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-02-24 07:02:17 161280 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2016-02-24 07:01:56 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-02-24 07:01:21 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-02-24 07:01:15 67584 ----a-w- C:\WINDOWS\System32\profext.dll
2016-02-24 07:00:00 214528 ----a-w- C:\WINDOWS\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55 450560 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44 318976 ----a-w- C:\WINDOWS\System32\domgmt.dll
2016-02-24 06:59:32 360448 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2016-02-24 06:58:29 685568 ----a-w- C:\WINDOWS\System32\scapi.dll
2016-02-24 06:55:57 790528 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-02-24 06:55:39 224256 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2016-02-24 06:55:08 18944 ----a-w- C:\WINDOWS\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:55 228352 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2016-02-24 06:54:45 288768 ----a-w- C:\WINDOWS\System32\vaultcli.dll
2016-02-24 06:54:09 526336 ----a-w- C:\WINDOWS\System32\FirewallAPI.dll
2016-02-24 06:53:47 89088 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2016-02-24 06:53:35 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataLanguageUtil.dll
2016-02-24 06:52:11 451584 ----a-w- C:\WINDOWS\System32\werui.dll
2016-02-24 06:51:21 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-02-24 06:49:50 726528 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2016-02-24 06:47:58 93696 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2016-02-24 06:44:46 56320 ----a-w- C:\WINDOWS\SysWow64\POSyncServices.dll
2016-02-24 06:44:19 700416 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2016-02-24 06:44:18 1713664 ----a-w- C:\WINDOWS\System32\SRHInproc.dll
2016-02-24 06:44:00 915456 ----a-w- C:\WINDOWS\System32\configurationclient.dll
2016-02-24 06:43:59 286720 ----a-w- C:\WINDOWS\System32\deviceaccess.dll
2016-02-24 06:43:12 957952 ----a-w- C:\WINDOWS\System32\SRH.dll
2016-02-24 06:41:30 982016 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2016-02-24 06:41:28 436736 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-02-24 06:40:53 1224704 ----a-w- C:\WINDOWS\System32\Unistore.dll
2016-02-24 06:40:36 56320 ----a-w- C:\WINDOWS\SysWow64\UserDataPlatformHelperUtil.dll
2016-02-24 06:40:27 78848 ----a-w- C:\WINDOWS\SysWow64\asycfilt.dll
.
============= FINISH: 10:59:13.60 ===============
Attached Files
File Type: txt attach.txt (12.5 KB, 293 views)
Psychosis is offline  
Sponsored Links
Advertisement
 
Old 04-09-2016, 02:57 AM   #2
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Bump!
Psychosis is offline  
Old 04-09-2016, 08:26 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Psychosis. Any reason you think this is a malware problem? I see no signs of infection in your logs.

However, I do see these:

Quote:
2016-04-03 18:27:33 -------- d-sh--w- C:\found.004
2016-03-31 15:03:40 -------- d-sh--w- C:\found.003
2016-03-30 19:20:50 -------- d-sh--w- C:\found.002
2016-03-16 19:18:12 -------- d-sh--w- C:\found.001
Quote:
==== Event Viewer Messages From Past Week ========
.
4/3/2016 10:43:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CharJi EVO. RunOuc service to connect.
4/3/2016 10:43:51 AM, Error: Service Control Manager [7000] - The CharJi EVO. RunOuc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/3/2016 10:43:27 AM, Error: Service Control Manager [7023] - The WWAN AutoConfig service terminated with the following error: Overlapped I/O operation is in progress.
4/3/2016 10:43:21 AM, Error: Service Control Manager [7031] - The Sync Host_1ebd39 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/3/2016 10:34:21 AM, Error: Service Control Manager [7031] - The Sync Host_50115 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/3/2016 10:33:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user abc-PC\abc SID (S-1-5-21-333406388-1466311093-1462433630-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
4/3/2016 10:32:05 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\BBI' was corrupted and it has been recovered. Some data might have been lost.
4/2/2016 6:30:33 PM, Error: disk [154] - The IO operation at logical block address 0x9f6b6d8 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/2/2016 6:28:36 PM, Error: disk [154] - The IO operation at logical block address 0x1366d88 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/2/2016 6:28:31 PM, Error: disk [154] - The IO operation at logical block address 0x1cc800 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 8:51:13 AM, Error: disk [154] - The IO operation at logical block address 0x60787e8 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 8:14:41 AM, Error: disk [154] - The IO operation at logical block address 0x9f782d8 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 6:10:10 AM, Error: disk [154] - The IO operation at logical block address 0x827e400 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 4:49:06 AM, Error: disk [154] - The IO operation at logical block address 0x607f9c0 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 4:14:37 AM, Error: disk [154] - The IO operation at logical block address 0x7bb7778 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 2:42:33 AM, Error: disk [154] - The IO operation at logical block address 0x6067688 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 2:18:34 AM, Error: disk [154] - The IO operation at logical block address 0x9f6b1d8 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
4/1/2016 1:11:15 AM, Error: disk [154] - The IO operation at logical block address 0x8267700 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 9:26:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_52017 service to connect.
3/31/2016 9:25:53 AM, Error: Service Control Manager [7031] - The Sync Host_52017 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/31/2016 8:29:27 PM, Error: disk [154] - The IO operation at logical block address 0x824e100 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 8:04:08 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Store/Operational.
3/31/2016 7:00:47 AM, Error: disk [154] - The IO operation at logical block address 0x67d6820 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:57:19 AM, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume9) needs to be taken offline for a short time to perform a Spot Fix. Please run "CHKDSK /SPOTFIX" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
3/31/2016 6:21:48 AM, Error: disk [154] - The IO operation at logical block address 0x8270400 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:46 AM, Error: disk [154] - The IO operation at logical block address 0x96e47b0 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:45 AM, Error: disk [154] - The IO operation at logical block address 0x96c2ab0 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:44 AM, Error: disk [154] - The IO operation at logical block address 0x9b50448 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:43 AM, Error: disk [154] - The IO operation at logical block address 0x9b3f648 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:42 AM, Error: disk [154] - The IO operation at logical block address 0x9b1b648 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:41 AM, Error: disk [154] - The IO operation at logical block address 0x9b06548 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:40 AM, Error: disk [154] - The IO operation at logical block address 0x9af1348 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:39 AM, Error: disk [154] - The IO operation at logical block address 0x9adc448 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:38 AM, Error: disk [154] - The IO operation at logical block address 0x5be1f80 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:37 AM, Error: disk [154] - The IO operation at logical block address 0x5bc3e80 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:35 AM, Error: disk [154] - The IO operation at logical block address 0x6dd6fb0 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:32 AM, Error: disk [154] - The IO operation at logical block address 0x1515e68 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:31 AM, Error: disk [154] - The IO operation at logical block address 0x785b008 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:30 AM, Error: disk [154] - The IO operation at logical block address 0x7883b08 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:29 AM, Error: disk [154] - The IO operation at logical block address 0x786d408 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 6:21:28 AM, Error: disk [154] - The IO operation at logical block address 0x7859908 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 5:57:23 AM, Error: disk [154] - The IO operation at logical block address 0x4380008 for Disk 2 (PDO name: \Device\00000038) failed due to a hardware error.
3/31/2016 5:48:56 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
3/31/2016 5:45:49 AM, Error: disk [154] - The IO operation at logical block address 0x7bb2770 for Disk 0 (PDO name: \Device\00000036) failed due to a hardware error.
3/31/2016 5:45:42 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel System.
3/31/2016 5:40:14 PM, Error: Service Control Manager [7031] - The Sync Host_4f6c3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/31/2016 5:34:49 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
3/31/2016 5:30:11 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x2fd000000000074. The name of the file is "\Users\abc\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
3/31/2016 5:28:47 PM, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume9) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
I think it would be best if you showed them to the folks in our Windows 10 Support Forum or our Hardware Support Forum
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 04-11-2016, 09:49 PM   #4
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Dear chemist, do I have to make a thread? or will this one be moved? is it okay if I copy paste this post?

Thanks for your time and help my friend.
Psychosis is offline  
Old 04-12-2016, 06:08 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Psychosis. You're very welcome. It would be best if you make another thread in one of those previously linked forums.

And you can copy/paste those event viewer messages in the new thread, or you can post this link in your new thread:

https://www.techsupportforum.com/foru...ml#post6994777
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-29-2016, 04:11 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[CCNA] Whats wrong with this RIP Configuration?
I am attaching the packet tracer file "Wrong Rip.pkt" , in which i have configured networks as in the pic https://i.lulzimg.com/7c8a2d69de.png The problem is when i remove the network 10.1.4.0 from the scene, everything works perfectly i.e each router can communicate with each other but when...
veddotcom Protocols and Routing 3 01-31-2012 01:46 PM
[SOLVED] facebook, wrong phone number
north cyprus,, turkish nicosia can't login facebook and correct phone number need 0542859**** wrong 859** wrong 357(cyprus code)0542859**** wrong +90(turkey code)0542859**** wrong my country>> No SMS support or do not have SMS support
dang_boy Networking Support 5 12-16-2011 07:17 PM
[SOLVED] Desktop, Keyboard, Graphics card - Something is awfully wrong
Hi, Just built a machine from a whole load of components I bought some time ago and never got around to building til now. Built to play some games but not real cutting edge ones. It ran for the first few days OK on internet etc running Firefox 8 no hassles watching TV programs online etc no...
Chanter62 Windows XP Support 27 12-15-2011 09:46 PM
Hard Drive errors but nothing seems physically wrong??
Ever since yesterday I've been getting prompts from Windows saying that there is an error with my hard drive and that I should back up my files immediately but then when I check the 'Intel Rapid Storage Technology" program it isn't actually stating that anything is wrong with the hard drive, but...
hanikins Hard Drive Support 1 11-22-2011 06:38 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:40 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts