Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malware Spyware and Possible RAT

This is a discussion on Malware Spyware and Possible RAT within the Resolved HJT Threads forums, part of the Tech Support Forum category. I recently installed MalwareBytes and I have noticed svchost.exe trying to connect to an IP in Israel, also, PowerShell opens


 
 
Thread Tools Search this Thread
Old 03-11-2017, 01:12 PM   #1
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



I recently installed MalwareBytes and I have noticed svchost.exe trying to connect to an IP in Israel, also, PowerShell opens randomly and tries connecting to a website blocked by MBAM.

I had run a scan with MBAM and after I restarted my PC, I was locked out of my Microsoft Windows Account, I use a fingerprint scanner to sign in. I was being signed into a temporary account automatically. I have since gained access back to it, and reset all my passwords.

I have also not noticed svchost trying to connect to the IP anymore. I have reason to believe it was a RAT and I doubt its gone.

I do have a clone of my HDD before the troubles started. I can just format and restore to that if needed.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.101.2
Run by Jonathan at 15:00:23 on 2017-03-11
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.15848.9043 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\SysWoW64\acs.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\valWBFPolicyService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Users\Jonathan\AppData\Roaming\Telegram Desktop\Telegram.exe
C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\Windows\helppane.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
svchost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\compattelrunner.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
C:\WINDOWS\system32\CompatTelRunner.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.ru/cnt/10445?gp=811013
uLocal Page = %11%\blank.htm
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [eblueMouseRun] "C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe" -runauto
uRun: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Jonathan\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Akamai NetSession Interface] "C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Discord] C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
uRunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64"
uRunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
mRun: [CAM] C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
mRun: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Curse.lnk - C:\Users\Jonathan\AppData\Roaming\Curse Client\Bin\Curse.exe
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Telegram.lnk - C:\Users\Jonathan\AppData\Roaming\Telegram Desktop\Telegram.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: SafeModeBlockNonAdmins = dword:1
TCP: NameServer = 8.8.8.8
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{052c4934-e175-4ad3-9634-d50d950bb4ff} : NameServer = 8.8.8.8
TCP: Interfaces\{37432e34-f874-4511-8c50-04bdd236f0fc} : NameServer = 8.8.8.8
TCP: Interfaces\{53e2166c-6132-11e6-8326-806e6f6e6963} : NameServer = 8.8.8.8
TCP: Interfaces\{5b9eaab2-1097-4157-af8d-2c3689beba36} : NameServer = 8.8.8.8
TCP: Interfaces\{5b9eaab2-1097-4157-af8d-2c3689beba36} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{817598d6-2c04-4dcf-b3bd-fbb7b560bcdf} : NameServer = 8.8.8.8
TCP: Interfaces\{83c129f5-7b23-4b81-ba03-6873c6378cbd} : NameServer = 8.8.8.8
TCP: Interfaces\{8836c2e3-ddf2-4463-aee5-a6f31578cafa} : NameServer = 8.8.8.8
TCP: Interfaces\{8836c2e3-ddf2-4463-aee5-a6f31578cafa} : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{90fb77e0-aa49-4094-b36a-0b5c982a11bd} : NameServer = 8.8.8.8
TCP: Interfaces\{abdbc9fd-f4b2-4c8a-ae41-e6e4113b1620} : NameServer = 8.8.8.8
TCP: Interfaces\{cfa09707-3a48-4daf-bbd7-c8d36c12786a} : NameServer = 8.8.8.8
TCP: Interfaces\{cfa09707-3a48-4daf-bbd7-c8d36c12786a} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c} : NameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c}\14273686D4F6F666573723 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c}\A48435D2A4943544D27455543545 : DHCPNameServer = 10.99.2.17 10.99.2.18
TCP: Interfaces\{e975ad97-01fa-4fa7-9b8e-e566cd002882} : NameServer = 8.8.8.8
TCP: Interfaces\{f88c8413-dd42-41ea-8e49-2f0e5437a577} : NameServer = 8.8.8.8
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [Cm108BSound] "C:\Program Files\HAVIT 7.1 GAMING HEADSET\CPL\FaceLift_x64.exe" /h /d
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: FilterAdministratorToken = dword:1
x64-mPolicies-System: SafeModeBlockNonAdmins = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-11 48992]
R0 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-3-8 186304]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-3-8 251840]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-24 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-29 227328]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-3-8 77408]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SeLow;SoftEther Lightweight Network Protocol;C:\WINDOWS\System32\drivers\SeLow_x64.sys [2016-9-24 51024]
R2 AdAppMgrSvc;Autodesk Desktop App Service;C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-11-13 1295376]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-31 257032]
R2 AODDriver4.3.0;AODDriver4.3.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2014-9-19 60104]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [2016-9-6 425496]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_962d5;CDPUserSvc_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-7 31776]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-3-8 4355024]
R2 OneSyncSvc_962d5;Sync Host_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2016-9-24 5232072]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-27 253960]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2013-10-30 35328]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-2-11 111120]
R3 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [2016-9-6 152672]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-3-8 111544]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-3-8 43968]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-3-8 92088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [2016-9-24 38216]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 PimIndexMaintenanceSvc_962d5;Contact Data_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-29 310528]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-8-13 52392]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_962d5;User Data Storage_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_962d5;User Data Access_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2016-4-14 31656]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2014-9-19 137584]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-1-16 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BstHdAndroidSvc;BlueStacks Android Service ;C:\Program Files (x86)\Bluestacks\HD-Service.exe [2016-9-6 445976]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ;C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [2016-9-6 462360]
S3 BstkDrv;BlueStacks Plus Hypervisor;C:\Program Files (x86)\Bluestacks\BstkDrv.sys [2016-9-6 307768]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-9-30 168448]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-30 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-29 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 CMUAC;USB Audio Class 1.0 and 2.0 Device Driver;C:\WINDOWS\System32\drivers\CMUAC.SYS [2016-11-21 613888]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2016-11-5 1369856]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2016-8-11 342456]
S3 GenericMount;Generic Mount Driver;C:\WINDOWS\System32\drivers\GenericMount.sys [2009-9-21 54320]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hpqcaslwmiex;HP CASL Framework Service;C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-6-3 1031704]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 kmloop;Microsoft KM-TEST Loopback Adapter Driver;C:\WINDOWS\System32\drivers\loop.sys [2016-7-16 16384]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_962d5;MessagingService_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2015-6-12 2554528]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\WINDOWS\System32\drivers\rtbth.sys [2015-6-3 1219200]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-8-13 52904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.sys [2016-8-30 14544]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_962d5;Windows Push Notifications User Service_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-10 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-8-31 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-03-10 15:40:17 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E98B6CE5-B692-46C0-A839-96A07A386EA6}\mpengine.dll
2017-03-10 14:37:13 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D53E70F-20C5-44E7-B2F6-230A2386CC4F}\gapaengine.dll
2017-03-10 13:36:39 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2017-03-10 06:05:40 -------- d-----w- C:\Program Files\Common Files\VST2
2017-03-10 06:05:38 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2017-03-10 06:05:38 -------- d-----w- C:\Program Files (x86)\VstPlugins
2017-03-10 06:05:38 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2017-03-10 06:00:22 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Image-Line
2017-03-10 06:00:17 -------- d-----w- C:\Program Files\Image-Line
2017-03-10 05:43:09 -------- d-----w- C:\Program Files (x86)\Image-Line
2017-03-09 23:11:53 12654400 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-03-09 03:01:40 186304 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-03-09 03:01:21 92088 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-03-09 03:01:21 111544 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-03-09 03:01:11 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-03-09 03:01:05 251840 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-03-09 03:00:51 77408 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-03-09 03:00:37 -------- d-----w- C:\ProgramData\Malwarebytes
2017-03-09 03:00:37 -------- d-----w- C:\Program Files\Malwarebytes
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{C22773BE-758C-C415-BDEC-45EB824447DD}
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{BE5B4011-09F0-F7BA-3DA1-332F53AB3C02}
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{002B8BCE-B780-3C65-E855-C914BCD11649}
2017-03-09 02:53:18 -------- d-----w- C:\ProgramData\{A6F1748C-115A-C327-2C54-C417BCFEBF96}
2017-03-05 19:59:48 -------- d-----w- C:\Users\Jonathan\AppData\Local\HP_Development_Company,_L
2017-03-05 07:32:49 -------- d---a-w- C:\Python27
2017-03-05 06:58:00 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Hex-Rays
2017-03-05 06:57:34 -------- d---a-w- C:\Program Files (x86)\IDA Free
2017-03-05 06:48:21 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\RC7
2017-03-04 2216 -------- d-----w- C:\Users\Jonathan\AppData\Local\Hewlett-Packard
2017-03-04 21:07:45 -------- d-----w- C:\System.sav
2017-03-04 2126 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\hpqLog
2017-03-01 03:31:57 -------- d-----w- C:\ProgramData\417525ec
.
==================== Find3M ====================
.
2017-03-10 22:52:31 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-03-04 04:53:17 4317112 ----a-w- C:\WINDOWS\System32\drivers\athw10x.sys
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-02-05 23:04:25 0 ----a-w- C:\WINDOWS\SysWow64\OCLEE.tmp
2017-02-05 04:38:22 11376 ----a-w- C:\WINDOWS\SysWow64\drivers\SECDRV.SYS
2017-01-06 21:37:42 0 ----a-w- C:\WINDOWS\SysWow64\OCL21F5.tmp
2017-01-06 21:33:25 0 ----a-w- C:\WINDOWS\SysWow64\OCL3707.tmp
2017-01-06 21:32:23 0 ----a-w- C:\WINDOWS\SysWow64\OCL465E.tmp
2017-01-06 20:12:17 0 ----a-w- C:\WINDOWS\SysWow64\OCLEF77.tmp
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:04 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 0749 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 0749 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 0726 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 0705 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:44:06 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
.
============= FINISH: 15:01:28.38 ===============
Attached Files
File Type: txt attach.txt (13.0 KB, 12 views)
Wolfy-Friend is offline  
Sponsored Links
Advertisement
 
Old 03-14-2017, 01:43 AM   #2
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Bump.
Wolfy-Friend is offline  
Old 03-14-2017, 06:59 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 03-15-2017, 02:06 AM   #4
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Well, I'm sorry for wasting your time. Windows stopped letting me do anything at system level, UAC wouldn't work, my local administrator account wasn't working either, I flat out just reinstalled Windows.

Again, sorry for wasting your time.
Wolfy-Friend is offline  
Old 03-16-2017, 07:04 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You didn't waste my time. Glad you got it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:20 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts