Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

PC running very slow - please help

This is a discussion on PC running very slow - please help within the Resolved HJT Threads forums, part of the Tech Support Forum category. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.16299.98 BrowserJavaVersion: 10.67.2 Run by Kenneth Rivalsi at 15:35:40 on 2017-12-26 Microsoft Windows 10


 
 
Thread Tools Search this Thread
Old 12-26-2017, 12:48 PM   #1
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.98 BrowserJavaVersion: 10.67.2
Run by Kenneth Rivalsi at 15:35:40 on 2017-12-26
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7990.5247 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k iissvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\NIS.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\svchost.exe -k SPOCJS
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\mqsvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\atieclxx.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\NIS.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uSearch Bar = Preserve
uProxyOverride = <-loopback>;*.local
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - <orphaned>
uRun: [googletalk] C:\Users\Kenneth Rivalsi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [OneDrive] "C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ac0539c6-36f0-4d6c-af81-7cbe30db7c17} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{d49ed8a4-1478-4426-9e3d-52970edcd979} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{efa0cdec-f76a-4709-b1d4-4b5f82b2f6f1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2016-7-1 82664]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2011-3-3 56336]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\160B020.007\symefasi64.sys [2017-11-20 1938584]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2017-12-24 59800]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20171220.001\BHDrvx64.sys [2017-12-21 1872024]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\160B020.007\ccsetx64.sys [2017-11-20 187544]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20171225.003\IDSvia64.sys [2017-12-25 1056920]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\ironx64.sys [2017-11-20 309984]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\symnets.sys [2017-11-20 566936]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2016-10-6 89600]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-8-2 2257016]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-12-16 255472]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_62279;Connected Devices Platform User Service_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-9-29 384000]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-18 3058416]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-12-4 51016]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IntelHaxm;Intel HAXM Service;C:\WINDOWS\System32\drivers\IntelHaxm.sys [2017-4-13 92280]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\nis.exe [2017-11-20 326144]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 OneSyncSvc_62279;Sync Host_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-12-24 519152]
R2 SPOCJS;Jack Sensing Service for USB Audio;C:\WINDOWS\System32\svchost.exe -k SPOCJS [2017-9-29 48688]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-3-30 253960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-12-24 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_62279;Windows Push Notifications User Service_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 clwvd;HP Webcam Splitter;C:\WINDOWS\System32\drivers\clwvd.sys [2010-6-25 32880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-11-15 158360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys [2017-11-30 110400]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-9-29 604160]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-3-30 52904]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 usbaud;HP USB Media Port Rep Audio;C:\WINDOWS\System32\drivers\usbaud64.sys [2011-11-16 232064]
R3 wdkmd;Intel WiDi KMD;C:\WINDOWS\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\symelam.sys [2017-11-20 24608]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2011-5-13 30520]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S3 DevicesFlowUserSvc_62279;DevicesFlow_62279;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [2017-9-5 404376]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_62279;MessagingService_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-12-24 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_62279;Contact Data_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_62279;PrintWorkflow_62279;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-12-24 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-9-29 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-24 45464]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-24 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-24 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_62279;User Data Storage_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-24 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_62279;User Data Access_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-24 770048]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-9-29 225280]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-12-26 17:14:57 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{CC9F8681-686D-44B8-8532-AFA297F134D6}
2017-12-26 04:11:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{2C794624-DC40-429D-A1B7-67EF429E3E91}
2017-12-25 14:48:27 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C0945908-0199-4FE3-9546-A9B50A6958FD}
2017-12-25 01:11:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\PlaceholderTileLogoFolder
2017-12-25 01:08:02 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\SlimWare Utilities Inc
2017-12-24 19:27:59 -------- d-----w- C:\Windows.old
2017-12-24 19:14:50 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2017-12-24 19:14:45 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2017-12-24 19:12:22 -------- d-----w- C:\WINDOWS\System32\Microsoft
2017-12-24 19:12:22 -------- d-----w- C:\WINDOWS\ServiceProfiles
2017-12-24 19:04:49 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2017-12-24 17:50:54 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-12-24 17:49:16 -------- d--h--w- C:\Users\Kenneth Rivalsi\MicrosoftEdgeBackups
2017-12-24 17:47:08 -------- d-----r- C:\Users\Kenneth Rivalsi\3D Objects
2017-12-24 17:45:50 -------- d-sh--we C:\ProgramData\Documents
2017-12-24 17:18:36 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2017-12-24 17:14:35 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2017-12-24 17:14:34 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2017-12-24 16:47:01 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\Packages
2017-12-24 16:40:47 -------- d-----w- C:\Program Files\ATI Technologies
2017-12-24 16:38:19 2241024 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-12-24 16:35:57 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2017-12-24 16:34:12 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2017-12-24 14:29:58 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{E689F7F7-AACC-4327-A397-E1184C06183C}
2017-12-23 13:42:25 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{88D49AB2-D0F4-4901-A0A7-72A75D5F7E1F}
2017-12-22 19:21:11 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{5AFBBC2F-3D78-4818-8234-A82A1F10D551}
2017-12-22 01:52:25 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{86DC407A-D8E2-4D1D-AF32-AE3094BC11DE}
2017-12-21 13:52:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{81378C89-11F0-4676-B41D-09DB67CC16F4}
2017-12-21 01:37:57 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BD17D121-5B84-4D90-BFD2-6D3A09C90CC4}
2017-12-20 13:37:40 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3431A083-F63E-417E-8607-30B05FE29976}
2017-12-19 23:08:37 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{60EBB520-E872-40BC-81DB-EDC44AC1502B}
2017-12-19 01:55:43 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D01BA935-0F29-45A9-8877-6D511CD94142}
2017-12-18 13:43:07 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{0FD412D0-B542-420C-B763-02EEC37BD50B}
2017-12-18 12:45:03 -------- dc----w- C:\WINDOWS\Panther
2017-12-17 16:26:27 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{E8CC70B3-BD1D-472E-ADA3-36EFC37D9944}
2017-12-17 04:26:10 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{8AF25D4B-F490-49FC-98B7-1F91A483E33F}
2017-12-16 16:26:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3426DB92-9C21-48AF-B29B-F8A60C899D08}
2017-12-16 04:25:51 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3676AAC7-F24C-483B-8D1C-8A7BA971F7E9}
2017-12-15 15:09:44 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{4853203B-9D05-47F5-B7C6-DB3A0905BC0B}
2017-12-14 23:58:52 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{91B17DBD-85B4-4723-B7E2-14B2835B09EC}
2017-12-13 23:22:28 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A9EB6499-7618-4475-8D80-FD50EAE24A0E}
2017-12-12 22:49:55 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A3767D31-37F0-4295-98CC-54F32B162941}
2017-12-12 02:26:24 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{24B75D19-F804-4AD2-BC6F-5984504BDD62}
2017-12-11 12:16:22 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{30A4F814-0F5F-4C52-9D7B-68A13B3F325C}
2017-12-10 19:56:12 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{B404B4CA-8167-4998-A7E9-E5EBC2248388}
2017-12-09 16:30:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{2BC7EA8E-C8A5-47D7-AE37-B9035AA1AA39}
2017-12-09 04:30:33 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{8FE7125B-9EDB-4CE7-8AA4-D072688F16B3}
2017-12-08 14:44:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{25A4ACF5-F383-43DC-A65A-3080D98ADDC5}
2017-12-07 22:57:32 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{7440F999-62D0-419E-BFD0-64A5278B8908}
2017-12-06 22:46:14 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3421A9A9-19FF-4CA2-8777-FFE702F583D0}
2017-12-05 0122 51016 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-12-05 0122 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2017-12-05 0122 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2017-12-05 0122 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2017-12-04 23:15:47 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{394F0E84-0F0C-4100-87C4-545D86195356}
2017-12-04 02:31:26 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{607F10FB-8728-4D21-A0A6-419A327293AB}
2017-12-03 14:00:52 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D8CCE3E3-6D36-4578-9EB4-958FD2AE0251}
2017-12-03 01:20:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{9F94835D-A93E-4C80-A50B-4EFBD29DE871}
2017-12-02 12:20:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D0AE91A1-AB3B-49FD-B0D3-2F8B9AB1B0D5}
2017-12-02 02:43:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\EO.WebEngine
2017-12-01 23:32:53 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{4319C247-63DC-40EE-BC1D-0F83C94DA06C}
2017-11-30 23:22:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D9601D1A-3E2D-4541-80BE-4F6ED04ED3E2}
2017-11-30 13:02:40 110400 ----a-w- C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys
2017-11-30 00:50:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{48D9BB68-B89C-4D95-AD0B-7FDA416249F3}
2017-11-28 23:25:28 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{0D6B0CA2-3836-48FC-8F99-9B8C6243403E}
2017-11-27 22:34:45 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{DC3F53E4-B4B0-43D8-905E-2EC98BFD9344}
.
==================== Find3M ====================
.
2017-12-26 16:55:46 144368 ------w- C:\WINDOWS\System32\drivers\rikvm_C6F09094.sys
2017-12-24 19:04:09 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-24 19:04:09 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2017-12-24 19:04:08 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2017-12-24 19:04:08 35456 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2017-12-24 19:04:08 35456 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2017-12-24 19:04:07 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-12-13 03:18:54 133326408 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-12-03 22:38:40 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-12-03 22:38:40 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-11-20 22:51:29 102600 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
2017-11-10 23:31:25 566936 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symnets.sys
2017-11-10 23:31:25 468616 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symtdiv.sys
2017-11-10 23:31:06 24608 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symelam.sys
2017-11-10 23:31:06 1938584 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symefasi64.sys
2017-11-10 23:29:34 309984 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\ironx64.sys
2017-11-10 23:28:36 187544 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\ccsetx64.sys
2017-11-10 23:28:12 812696 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\srtsp64.sys
2017-11-10 23:28:12 49304 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\srtspx64.sys
2017-09-29 14:43:11 979384 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2017-09-29 14:42:18 6347776 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2017-09-29 14:42:18 5739008 ----a-w- C:\WINDOWS\System32\prm0009.dll
2017-09-29 14:42:18 5484032 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2017-09-29 14:42:18 2629120 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2017-09-29 14:42:18 2629120 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2017-09-29 14:42:09 1347608 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-09-29 14:41:17 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2017-09-29 14:41:15 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2017-09-29 14:41:12 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2017-09-29 13:44:26 208384 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-09-29 13:44:25 229376 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-09-29 13:42:27 98304 ----a-w- C:\WINDOWS\SysWow64\wlgpclnt.dll
2017-09-29 13:41:58 97792 ----a-w- C:\WINDOWS\System32\wshext.dll
2017-09-29 13:40:59 96768 ----a-w- C:\WINDOWS\System32\drivers\drmk.sys
2017-09-29 08:45:15 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-09-29 08:45:14 141312 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-09-29 08:45:12 847768 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2017-09-29 08:45:12 774552 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-09-29 08:45:12 244632 ----a-w- C:\WINDOWS\System32\wdscore.dll
2017-09-29 08:45:12 206848 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2017-09-29 08:45:12 143256 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-09-29 08:45:12 134552 ----a-w- C:\WINDOWS\System32\SSShim.dll
2017-09-29 08:45:12 109568 ----a-w- C:\WINDOWS\System32\NetDriverInstall.dll
2017-09-28 21:38:00 2035096 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-09-28 21:23:00 285176 ----a-w- C:\WINDOWS\System32\wmpeffects.dll
2017-09-28 21:21:00 387408 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-09-28 20:49:00 250208 ----a-w- C:\WINDOWS\SysWow64\wmpeffects.dll
2017-09-28 20:49:00 153088 ----a-w- C:\WINDOWS\SysWow64\wmpps.dll
2017-09-28 19:05:00 7168 ----a-w- C:\WINDOWS\System32\msdxm.ocx
2017-09-28 19:05:00 7168 ----a-w- C:\WINDOWS\System32\dxmasf.dll
2017-09-28 19:05:00 2560 ----a-w- C:\WINDOWS\System32\wmerror.dll
2017-09-28 19:05:00 2560 ----a-w- C:\WINDOWS\System32\SyncRes.dll
2017-09-28 19:05:00 16384 ----a-w- C:\WINDOWS\System32\APHostRes.dll
2017-09-28 19:05:00 11264 ----a-w- C:\WINDOWS\System32\spwmp.dll
2017-09-28 19:04:00 90624 ----a-w- C:\WINDOWS\System32\InternetMailCsp.dll
2017-09-28 19:04:00 62464 ----a-w- C:\WINDOWS\System32\SyncProxy.dll
2017-09-28 19:04:00 58880 ----a-w- C:\WINDOWS\System32\InprocLogger.dll
2017-09-28 19:04:00 216576 ----a-w- C:\WINDOWS\System32\wmpdxm.dll
2017-09-28 19:04:00 175616 ----a-w- C:\WINDOWS\System32\MCCSEngineShared.dll
2017-09-28 19:04:00 13824 ----a-w- C:\WINDOWS\System32\EasPolicyManagerBrokerPS.dll
2017-09-28 19:03:00 96256 ----a-w- C:\WINDOWS\System32\ActiveSyncCsp.dll
2017-09-28 19:03:00 8962560 ----a-w- C:\WINDOWS\System32\wmploc.DLL
2017-09-28 19:03:00 70656 ----a-w- C:\WINDOWS\System32\APHostClient.dll
2017-09-28 19:03:00 20480 ----a-w- C:\WINDOWS\System32\MCCSPal.dll
2017-09-28 19:03:00 137216 ----a-w- C:\WINDOWS\System32\networkhelper.dll
2017-09-28 19:03:00 127488 ----a-w- C:\WINDOWS\System32\wmpshell.dll
2017-09-28 19:02:00 742912 ----a-w- C:\WINDOWS\System32\internetmail.dll
2017-09-28 19:02:00 559104 ----a-w- C:\WINDOWS\System32\quickassist.exe
2017-09-28 19:02:00 268800 ----a-w- C:\WINDOWS\System32\accountaccessor.dll
2017-09-28 19:02:00 257024 ----a-w- C:\WINDOWS\System32\unregmp2.exe
2017-09-28 19:01:00 404480 ----a-w- C:\WINDOWS\System32\DavSyncProvider.dll
2017-09-28 19:01:00 369664 ----a-w- C:\WINDOWS\System32\APHostService.dll
2017-09-28 19:00:00 64000 ----a-w- C:\WINDOWS\System32\EASPolicyManagerBrokerHost.exe
2017-09-28 19:00:00 434176 ----a-w- C:\WINDOWS\System32\AccountsRt.dll
2017-09-28 18:59:00 624128 ----a-w- C:\WINDOWS\System32\SyncController.dll
2017-09-28 18:59:00 393216 ----a-w- C:\WINDOWS\System32\syncutil.dll
2017-09-28 18:56:00 1777664 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2017-09-28 18:45:00 5632 ----a-w- C:\WINDOWS\SysWow64\msdxm.ocx
2017-09-28 18:45:00 5632 ----a-w- C:\WINDOWS\SysWow64\dxmasf.dll
2017-09-28 18:44:00 9216 ----a-w- C:\WINDOWS\SysWow64\spwmp.dll
2017-09-28 18:44:00 2560 ----a-w- C:\WINDOWS\SysWow64\wmerror.dll
2017-09-28 18:44:00 2560 ----a-w- C:\WINDOWS\SysWow64\SyncRes.dll
2017-09-28 18:43:00 8962560 ----a-w- C:\WINDOWS\SysWow64\wmploc.DLL
2017-09-28 18:43:00 48640 ----a-w- C:\WINDOWS\SysWow64\SyncProxy.dll
2017-09-28 18:43:00 174080 ----a-w- C:\WINDOWS\SysWow64\wmpdxm.dll
2017-09-28 18:42:00 48640 ----a-w- C:\WINDOWS\SysWow64\APHostClient.dll
2017-09-28 18:42:00 459264 ----a-w- C:\WINDOWS\SysWow64\quickassist.exe
2017-09-28 18:42:00 147968 ----a-w- C:\WINDOWS\SysWow64\MCCSEngineShared.dll
2017-09-28 18:42:00 117248 ----a-w- C:\WINDOWS\SysWow64\networkhelper.dll
2017-09-28 18:42:00 102912 ----a-w- C:\WINDOWS\SysWow64\wmpshell.dll
2017-09-28 18:41:00 348160 ----a-w- C:\WINDOWS\SysWow64\DavSyncProvider.dll
2017-09-28 18:41:00 217088 ----a-w- C:\WINDOWS\SysWow64\unregmp2.exe
2017-09-28 18:40:00 524800 ----a-w- C:\WINDOWS\SysWow64\SyncController.dll
2017-09-28 18:40:00 215552 ----a-w- C:\WINDOWS\SysWow64\accountaccessor.dll
2017-09-28 18:39:00 363520 ----a-w- C:\WINDOWS\SysWow64\AccountsRt.dll
2017-09-28 18:39:00 330240 ----a-w- C:\WINDOWS\SysWow64\syncutil.dll
2017-09-28 18:35:00 1546752 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2017-09-28 17:20:00 44032 ----a-w- C:\WINDOWS\System32\msdxm.tlb
2017-09-28 17:20:00 18944 ----a-w- C:\WINDOWS\System32\amcompat.tlb
2017-09-28 17:03:00 44032 ----a-w- C:\WINDOWS\SysWow64\msdxm.tlb
.
============= FINISH: 15:38:00.33 ===============
Attached Files
File Type: txt attach.txt (18.6 KB, 10 views)
islavir is offline  
Sponsored Links
Advertisement
 
Old 12-28-2017, 01:02 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs, so your problem is most likely beyond malware.

However, it also appears you just reinstalled Windows a few days ago, so there might not be anything any of our forums could do for you.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-04-2018, 07:07 AM   #3
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Sorry for the delay. I did not notice your comments.
Attached please find results from AdwCleaner and FarbarRecovery.

# AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 14:11:07 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Winferno
Deleted: C:\ProgramData\Application Data\Winferno
Deleted: C:\Users\All Users\Winferno
Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\Kenneth Rivalsi\AppData\Local\slimware utilities inc
Deleted: C:\Users\Kenneth Rivalsi\AppData\Local\SlimWare Utilities Inc


***** [ Files ] *****

Deleted: C:\Users\Kenneth Rivalsi\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
Deleted: C:\Users\Kenneth Rivalsi\Downloads\DRIVERUPDATE-SETUP.EXE


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cinnamonspiceandeverythingnice.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d19tqk5t6qcjac.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3jdlwnuo8nsnr.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3tpuxked45kzt.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dsms0mj1bbhn4.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.cinnamonspiceandeverythingnice.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Song Lyrics | MetroLyrics
Deleted: [Key] - HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\Software\Winferno
Deleted: [Key] - HKCU\Software\Winferno
Deleted: [Key] - HKLM\SOFTWARE\BoostSoftware
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\Software\wecarereminder
Deleted: [Key] - HKCU\Software\wecarereminder
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8655 B] - [2014/11/23 2:54:39]
C:/AdwCleaner/AdwCleaner[S1].txt - [4519 B] - [2018/1/4 14:9:42]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Attached Files
File Type: txt Addition.txt (77.8 KB, 14 views)
File Type: txt FRST.txt (108.1 KB, 11 views)
islavir is offline  
Sponsored Links
Advertisement
 
Old 01-05-2018, 08:49 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {585F65E8-9468-D082-BEF5-2EA985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {414F334C-9468-D082-1AA3-3EB085889A47} => No File
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\d3d10.dll => No File <==== ATTENTION
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    FolderExtensions: [] -> {F6BF8414-962C-40FE-90F1-B80A7E72DB9A} => C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\d3d10.dll -> No File
    Task: {03C114E8-CD94-48C6-A052-19465BDFC0CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1A98EB5C-35B7-40D4-96CC-8073319C8219} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {20B7610B-9295-41C9-A7A5-A5F7A564009F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {34DC5849-5DBB-4540-A0DC-962C3186FB3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5EBE621A-4DDC-448B-9B02-946E9B31A978} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5FE41FC7-46E6-4C3F-9872-53E7BBD4EE92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {67D315C1-B7F0-4266-B4C1-C7FF029D37E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6C8AFFFA-2C01-47EC-9C0F-6EC546FFB4E4} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {6FA5302B-6DA1-4786-9BBA-ED7BF538E662} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {86C7B820-DD0A-4A0E-A976-2962312407E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {93B55E73-CE47-4F65-B6ED-F0C9CD717EA8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B996C6AE-8C68-4167-852E-C852D44526CF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {BCDAF096-85A3-4DCF-9D87-A390431CCA85} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {CF13674B-FDDF-4C1A-AE63-E4A1A5A01312} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F9213C5A-3436-4C55-AC39-A48419AFED8D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {FE6B7C50-8716-41D0-8CD6-12E3B9A2921C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    FirewallRules: [{6180B7C2-2A00-40F3-874B-4C5E4EC74358}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{72C69C08-EFF9-4811-A144-341B7759F7E3}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
    FF Plugin HKU\S-1-5-21-2769849268-4207183726-1260941271-1001:  @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-07-2018, 03:21 PM   #5
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Fixlog.txt posted
******************
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Kenneth Rivalsi (07-01-2018 18:19:14) Run:4
Running from C:\FRST_2018
Loaded Profiles: Kenneth Rivalsi (Available Profiles: Kenneth Rivalsi & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Notepad++ 7.5.3 bug-fixes:

1. Fix shell extension registration failure in installer.
2. Fix theme files installation failure in installer.
3. Fix DSpellCheck incomplete installation in installer.


Notepad++ 7.5.2 new features/enhancements & bug-fixes:

1. Fixed hanging issue while modifying JavaScript TAB settings.
2. Add DSpellCheck plugin into distribution.
3. Add version and other info into installer.
4. Fix an issue while installing a x64 version, x86 version (if it exists) is not removed - and vice versa.
5. Fix display glitch of certificate checking error message.
6. Remove unused/empty entries from shortcut mapper.
7. Add BaanC function list feature.
8. Add batch auto-completion into installer.


Included plugins:

1. NppExport v0.2.8 (32-bit x86 only)
2. Converter 4.2.1
3. Mime Tool 2.1
4. DSpellCheck 1.3.2

Updater (Installer only):

* WinGup v4.2

*****************

Notepad++ 7.5.3 bug-fixes: => Error: No automatic fix found for this entry.
1. Fix shell extension registration failure in installer. => Error: No automatic fix found for this entry.
2. Fix theme files installation failure in installer. => Error: No automatic fix found for this entry.
3. Fix DSpellCheck incomplete installation in installer. => Error: No automatic fix found for this entry.
Notepad++ 7.5.2 new features/enhancements & bug-fixes: => Error: No automatic fix found for this entry.
1. Fixed hanging issue while modifying JavaScript TAB settings. => Error: No automatic fix found for this entry.
2. Add DSpellCheck plugin into distribution. => Error: No automatic fix found for this entry.
3. Add version and other info into installer. => Error: No automatic fix found for this entry.
4. Fix an issue while installing a x64 version, x86 version (if it exists) is not removed - and vice versa. => Error: No automatic fix found for this entry.
5. Fix display glitch of certificate checking error message. => Error: No automatic fix found for this entry.
6. Remove unused/empty entries from shortcut mapper. => Error: No automatic fix found for this entry.
7. Add BaanC function list feature. => Error: No automatic fix found for this entry.
8. Add batch auto-completion into installer. => Error: No automatic fix found for this entry.
Included plugins: => Error: No automatic fix found for this entry.
1. NppExport v0.2.8 (32-bit x86 only) => Error: No automatic fix found for this entry.
2. Converter 4.2.1 => Error: No automatic fix found for this entry.
3. Mime Tool 2.1 => Error: No automatic fix found for this entry.
4. DSpellCheck 1.3.2 => Error: No automatic fix found for this entry.
Updater (Installer only): => Error: No automatic fix found for this entry.
* WinGup v4.2 => Error: No automatic fix found for this entry.

==== End of Fixlog 18:19:14 ====
islavir is offline  
Old 01-08-2018, 06:27 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir. Those previous instructions required Notepad, not Notepad++. That log is useless and I cannot tell what happened during the FRST fix.

Run FRST again(Scan) as you did initially, and post/attach the scan logs in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-10-2018, 06:09 PM   #7
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



I thought I posted the results to this yesterday but I do not see my response.
Trying again.

Please see attached files.
Attached Files
File Type: txt Addition.txt (77.4 KB, 14 views)
File Type: txt FRST.txt (128.2 KB, 9 views)
islavir is offline  
Old 01-11-2018, 07:44 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir.
  • Open Notepad (Start > All Programs > Accessories > Notepad). Do not use Notepad++.
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {585F65E8-9468-D082-BEF5-2EA985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {414F334C-9468-D082-1AA3-3EB085889A47} => No File
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\d3d10.dll => No File <==== ATTENTION
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    FolderExtensions: [] -> {F6BF8414-962C-40FE-90F1-B80A7E72DB9A} => C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\d3d10.dll -> No File
    Task: {03C114E8-CD94-48C6-A052-19465BDFC0CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1A98EB5C-35B7-40D4-96CC-8073319C8219} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {20B7610B-9295-41C9-A7A5-A5F7A564009F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {34DC5849-5DBB-4540-A0DC-962C3186FB3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5EBE621A-4DDC-448B-9B02-946E9B31A978} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5FE41FC7-46E6-4C3F-9872-53E7BBD4EE92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {67D315C1-B7F0-4266-B4C1-C7FF029D37E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6C8AFFFA-2C01-47EC-9C0F-6EC546FFB4E4} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {6FA5302B-6DA1-4786-9BBA-ED7BF538E662} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {86C7B820-DD0A-4A0E-A976-2962312407E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {93B55E73-CE47-4F65-B6ED-F0C9CD717EA8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B996C6AE-8C68-4167-852E-C852D44526CF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {BCDAF096-85A3-4DCF-9D87-A390431CCA85} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {CF13674B-FDDF-4C1A-AE63-E4A1A5A01312} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F9213C5A-3436-4C55-AC39-A48419AFED8D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {FE6B7C50-8716-41D0-8CD6-12E3B9A2921C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    FirewallRules: [{6180B7C2-2A00-40F3-874B-4C5E4EC74358}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{72C69C08-EFF9-4811-A144-341B7759F7E3}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
    FF Plugin HKU\S-1-5-21-2769849268-4207183726-1260941271-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-12-2018, 04:40 AM   #9
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Attached is the FIXLOG.TXT.
Thanks for your help.
Attached Files
File Type: txt Fixlog.txt (14.5 KB, 9 views)
islavir is offline  
Old 01-13-2018, 06:54 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir. It worked that time. Any improvement in behavior?

------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 7 Update 65
Java 7 Update 67


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-14-2018, 04:25 PM   #11
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



The PC does appear to be running quicker.
Attached please find the results from ESET.
Thanks for all your help.
- Ken
Attached Files
File Type: txt ESET.txt (5.6 KB, 12 views)
islavir is offline  
Old 01-15-2018, 06:20 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ken. You're very welcome.

Up to you whether to delete all those potentially unwanted applications flagged by ESET.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go File > Uninstall > Yes

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web pages disappearing
I wonder if anyone else is having or had this problem, I am running win 10 on my laptop and strange things are happening for example when I am in FB and start typing a comment suddenly I get another website coming up in the Laptop or if I playing a game like "hearts of vegas" it will suddenly...
brobilly52 Windows 10 Support 15 04-11-2017 01:37 AM
Slow Internet Speeds
Hi, I am at my wits end and really need some additional help with regards to a slow internet speed problem I am having here in the UK. Everything has been fine up to a few weeks ago when suddenly my internet speeds appear to have taken a nose dive. Basically it's taking ages to load webpages...
daveefarr Networking Support 3 04-30-2013 12:13 PM
How do i disable intel's graphics?
I know that my PC comes with something similiar to a graphics card, it is even wired into my windows 8 settings all by itself. I am having a tech problem, and i believe the display card is the main problem as everything else seems to check, how can i disable it and go back to the display card-less...
aayushagra Video Card Support 37 03-25-2013 09:29 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:22 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts