User Tag List

Scam about porn

This is a discussion on Scam about porn within the Resolved HJT Threads forums, part of the Tech Support Forum category. I received an unusual email stating that they had access to my desktop through a virus installed while watching porn,


 
 
Thread Tools Search this Thread
Old 07-12-2018, 10:49 AM   #1
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



I received an unusual email stating that they had access to my desktop through a virus installed while watching porn, It shows what appears to be a close enough password to a certain site (Avast?) an demands money or a video of the porn I watched is sent to all my contacts...

I don't really believe much of it, but would like to feel certain that there is no virus installed in the computer.

Thank you

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1 BrowserJavaVersion: 11.161.2
Run by Camilo at 18:40:37 on 2018-07-12
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.6056.2114 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Protection *Disabled/Updated* {CF440CD9-5435-10B1-04E0-7768B6F10320}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Protection *Disabled/Updated* {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\Program Files\Elantech\ETDCtrl.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\ETDTouch.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files\Elantech\ETDCtrlHelper.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
c:\windows\system32\svchost.exe -k netsvcs -p
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Camilo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\POP Peeper\POPPeeper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\internet explorer\iexplore.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Camilo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/?gws_rd=ssl
uLocal Page = %11%\blank.htm
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Windows\SysWOW64\F12\F12App.dll
uRun: [OneDrive] "C:\Users\Camilo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [BingSvc] C:\Users\Camilo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: MaxGPOScriptWait = dword:600
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11679750-d21a-44d1-8891-44048bbd542c} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{11679750-d21a-44d1-8891-44048bbd542c}\D454F4D2430353633473 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8808ba8a-d705-48d3-a16e-dff1c958c936} : DHCPNameServer = 192.168.1.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= C:\WINDOWS\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_40e2f893a8ddfad8\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: MaxGPOScriptWait = dword:600
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Camilo\AppData\Roaming\Mozilla\Firefox\Profiles\1jggpe4f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/?gws_rd=ssl
FF - plugin: C:\Users\Camilo\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll
FF - plugin: C:\Users\Camilo\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-12 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-4-12 58272]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2017-1-17 48696]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-12 63896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-12 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-11 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-12 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-12 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-12 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-12 254464]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-12 60320]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-12 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-12 8192]
R1 NNSALPC;NNSALPC;C:\WINDOWS\System32\drivers\nnsalpc.sys [2017-4-7 106976]
R1 NNSHTTP;NNSHTTP;C:\WINDOWS\System32\drivers\nnshttp.sys [2017-4-7 211936]
R1 NNSHTTPS;NNSHTTPS;C:\WINDOWS\System32\drivers\nnshttps.sys [2017-4-7 121312]
R1 NNSIDS;NNSIDS;C:\WINDOWS\System32\drivers\nnsids.sys [2017-4-7 125920]
R1 NNSNAHSL;NNSNAHSL;C:\WINDOWS\System32\drivers\NNSNAHSL.sys [2017-3-17 89960]
R1 NNSPICC;NNSPICC;C:\WINDOWS\System32\drivers\nnspicc.sys [2017-4-7 118240]
R1 NNSPIHSW;NNSPIHSW;C:\WINDOWS\System32\drivers\nnspihsw.sys [2017-4-7 91104]
R1 NNSPOP3;NNSPOP3;C:\WINDOWS\System32\drivers\nnspop3.sys [2017-4-7 135648]
R1 NNSPROT;NNSPROT;C:\WINDOWS\System32\drivers\nnsprot.sys [2017-4-7 336352]
R1 NNSPRV;NNSPRV;C:\WINDOWS\System32\drivers\nnsprv.sys [2017-4-7 226272]
R1 NNSSMTP;NNSSMTP;C:\WINDOWS\System32\drivers\nnssmtp.sys [2017-4-7 123360]
R1 NNSSTRM;NNSSTRM;C:\WINDOWS\System32\drivers\nnsstrm.sys [2017-4-7 280032]
R1 NNSTLSC;NNSTLSC;C:\WINDOWS\System32\drivers\nnstlsc.sys [2017-4-7 125408]
R1 PSINKNC;PSINKNC;C:\WINDOWS\System32\drivers\PSINKNC.sys [2017-10-9 207328]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
R2 CDPUserSvc_76cd9;Connected Devices Platform User Service_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-4-12 414208]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-12 51288]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-12 51288]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2016-11-11 129752]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 333688]
R2 HPTouchpointAnalyticsService;HP Touchpoint Analytics;C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [2017-11-27 332216]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-7-19 109024]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-3-15 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-4-6 458176]
R2 OneSyncSvc_76cd9;Sync Host_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-7-19 86104]
R2 PSINAflt;PSINAflt;C:\WINDOWS\System32\drivers\PSINAflt.sys [2017-10-9 179168]
R2 PSINFile;PSINFile;C:\WINDOWS\System32\drivers\PSINFile.sys [2017-10-9 140256]
R2 PSINProc;PSINProc;C:\WINDOWS\System32\drivers\PSINProc.sys [2017-10-9 133600]
R2 PSINProt;PSINProt;C:\WINDOWS\System32\drivers\PSINProt.sys [2017-10-9 146912]
R2 PSINReg;PSINReg;C:\WINDOWS\System32\drivers\PSINReg.sys [2017-10-9 117216]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-7-19 48784]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-7-11 761440]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-12 163336]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-12 82432]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-12 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
R2 WpnUserService_76cd9;Windows Push Notifications User Service_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-12 60320]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-12 51288]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2016-11-11 589392]
R3 ETDSMBus;ETDSMBus;C:\WINDOWS\System32\drivers\ETDSMBus.sys [2015-8-5 32328]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2016-4-1 77808]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-12 20992]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-3-15 46016]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2017-3-15 57792]
R3 PimIndexMaintenanceSvc_76cd9;Contact Data_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R3 PSKMAD;PSKMAD;C:\WINDOWS\System32\drivers\PSKMAD.sys [2017-10-9 72648]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2018-4-12 604160]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-12 51288]
R3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-11 48544]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
R3 UnistoreSvc_76cd9;User Data Storage_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R3 UserDataSvc_76cd9;User Data Access_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-7-11 59944]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe [2018-7-11 3925648]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-12 51288]
S2 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [2016-11-18 437392]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-12 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-12 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-12 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-12 51288]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-12 51288]
S3 BcastDVRUserService_76cd9;GameDVR and Broadcast User Service_76cd9;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-12 51288]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-12 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-4-12 92056]
S3 BluetoothUserService_76cd9;Bluetooth User Support Service_76cd9;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-12 51288]
S3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-12 51288]
S3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-12 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-12 39936]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-12 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-12 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-12 1836952]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-12 51288]
S3 DevicePickerUserSvc_76cd9;DevicePicker_76cd9;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-12 51288]
S3 DevicesFlowUserSvc_76cd9;DevicesFlow_76cd9;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-12 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-7-22 130688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-4-12 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-12 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-12 51288]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-12 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-12 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-12 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-12 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-12 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-12 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-12 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-12 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-12 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-12 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-12 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-12 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-12 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-12 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-12 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-12 38912]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-12 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-12 145816]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-12 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-12 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-12 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-12 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-12 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-12 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-12 82328]
S3 MessagingService_76cd9;MessagingService_76cd9;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-12 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-12 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-12 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-12 197632]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-3-15 462784]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-12 104448]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-3-15 27584]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-12 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-12 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-12 16896]
S3 PrintWorkflowUserSvc_76cd9;PrintWorkflow_76cd9;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-12 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-12 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-11 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-11 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-12 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-12 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-12 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-4-12 128416]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-12 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-12 1273344]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-12 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-12 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-12 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-6-21 976384]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-5-26 105368]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-12 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-12 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-12 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-12 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-12 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-6-21 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-12 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-12 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-12 144288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-12 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-12 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-12 28064]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-4-12 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-4-12 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-12 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-12 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-12 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-12 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-12 82944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-6-21 781824]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-8-16 159936]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-12 21408]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-12 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-12 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-4-12 227840]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-12 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-12 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-12 51288]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2018-4-12 264192]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-12 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-11 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-12 46592]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-12 33184]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-12 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-07-11 21:40:04 -------- d--h--w- C:\OneDriveTemp
2018-07-11 21:35:41 14756216 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{622538C7-CBBC-4935-9E27-A504916EA740}\mpengine.dll
2018-07-11 21:22:38 835064 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-07-11 21:22:38 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-07-11 17:22:59 3611368 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-07-11 04:45:02 -------- d-----w- C:\Users\Camilo\AppData\Local\D3DSCache
2018-07-03 14:32:20 -------- d-----w- C:\Users\Camilo\AppData\Local\Deployment
2018-07-03 14:23:41 -------- d-----w- C:\Users\Camilo\AppData\Local\Vodafone.SMSbyMail
2018-06-29 14:56:16 244208 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2018-06-23 05:26:15 -------- d-----w- C:\ProgramData\Packages
2018-06-21 18:27:59 652800 ----a-w- C:\WINDOWS\System32\ActivationManager.dll
.
==================== Find3M ====================
.
2018-07-11 21:42:39 59944 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-07-11 21:42:38 340008 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-07-11 21:42:37 46592 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-07-11 21:31:57 548000 ------w- C:\WINDOWS\System32\MpSigStub.exe
2018-07-06 14:20:55 792472 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-07-06 14:20:50 1610648 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-07-06 14:20:49 2868640 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-07-06 14:20:45 689560 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-07-06 14:20:45 451992 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-07-06 14:20:44 612248 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-07-06 14:20:44 309664 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-07-06 14:20:43 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-07-06 14:20:43 144792 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-07-06 14:17:10 3932672 ----a-w- C:\WINDOWS\explorer.exe
2018-07-06 14:14:29 541592 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-07-06 13:56:43 4708864 ----a-w- C:\WINDOWS\System32\twinui.pcshell.dll
2018-07-06 13:53:56 386048 ----a-w- C:\WINDOWS\System32\zipfldr.dll
2018-07-06 13:53:52 409088 ----a-w- C:\WINDOWS\System32\SettingsEnvironment.Desktop.dll
2018-07-06 13:53:16 340992 ----a-w- C:\WINDOWS\System32\AcGenral.dll
2018-07-06 13:52:59 677376 ----a-w- C:\WINDOWS\System32\winlogon.exe
2018-07-06 13:52:15 1787392 ----a-w- C:\WINDOWS\System32\wsp_health.dll
2018-07-06 13:51:57 2051584 ----a-w- C:\WINDOWS\System32\wsp_fs.dll
2018-07-06 13:51:35 3652608 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-07-06 13:51:20 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2018-07-06 13:51:10 1004032 ----a-w- C:\WINDOWS\System32\clusapi.dll
2018-07-06 13:50:59 615424 ----a-w- C:\WINDOWS\System32\resutils.dll
2018-07-06 13:49:37 91136 ----a-w- C:\WINDOWS\System32\mcbuilder.exe
2018-07-06 11:54:36 485376 ----a-w- C:\WINDOWS\SysWow64\resutils.dll
2018-07-06 11:53:40 775168 ----a-w- C:\WINDOWS\SysWow64\clusapi.dll
2018-07-06 11:53:11 347136 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-07-06 11:52:47 1308160 ----a-w- C:\WINDOWS\SysWow64\wsp_health.dll
2018-07-06 11:52:34 1452544 ----a-w- C:\WINDOWS\SysWow64\wsp_fs.dll
2018-07-06 11:52:25 2895360 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-07-06 11:51:26 2401280 ----a-w- C:\WINDOWS\SysWow64\AcGenral.dll
2018-07-06 11:51:10 80384 ----a-w- C:\WINDOWS\SysWow64\mcbuilder.exe
2018-07-06 11:26:02 19525120 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-07-06 11:25:19 23863296 ----a-w- C:\WINDOWS\System32\Hydrogen.dll
2018-07-06 11:01:54 1008640 ----a-w- C:\WINDOWS\System32\Windows.Media.MixedRealityCapture.dll
2018-07-06 07:32:09 480672 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-07-06 07:31:58 462752 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-07-06 07:31:57 35232 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-07-06 07:29:56 272296 ----a-w- C:\WINDOWS\System32\SgrmEnclave.dll
2018-07-06 07:29:55 269224 ----a-w- C:\WINDOWS\System32\SgrmEnclave_secure.dll
2018-07-06 07:27:29 1174432 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-07-06 07:27:27 567176 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2018-07-06 07:27:27 1063320 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2018-07-06 07:27:27 1012632 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-07-06 07:27:19 57440 ----a-w- C:\WINDOWS\System32\Windows.Internal.ShellCommon.Broker.dll
2018-07-06 07:27:15 134552 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-07-06 07:27:00 709824 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-07-06 07:26:26 2712992 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-07-06 07:26:19 930720 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2018-07-06 07:26:15 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-07-06 07:26:01 1148800 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2018-07-06 07:25:59 2420632 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-07-06 07:25:54 2571728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-07-06 07:25:51 1945784 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-07-06 07:25:50 267680 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2018-07-06 07:25:48 335776 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2018-07-06 07:25:47 885856 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-07-06 07:25:45 9147808 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-07-06 07:25:38 483048 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-07-06 07:25:38 1018616 ----a-w- C:\WINDOWS\System32\ucrtbase.dll
2018-07-06 07:25:37 139672 ----a-w- C:\WINDOWS\System32\drivers\ksecdd.sys
2018-07-06 07:25:33 1026464 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-07-06 07:24:39 380824 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-07-06 07:16:47 567144 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-07-06 07:14:28 1981896 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-07-06 07:14:19 829856 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2018-07-06 07:14:09 988640 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2018-07-06 07:14:09 1175568 ----a-w- C:\WINDOWS\SysWow64\ucrtbase.dll
2018-07-06 07:13:57 1620872 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-07-06 07:10:15 25845760 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-07-06 07:07:07 22006272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-07-06 07:03:04 4371456 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2018-07-06 07:02:46 9084928 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2018-07-06 07:01:56 7057408 ----a-w- C:\WINDOWS\System32\mos.dll
2018-07-06 07:01:23 5883904 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2018-07-06 07:01:13 14848 ----a-w- C:\WINDOWS\System32\MapsBtSvcProxy.dll
2018-07-06 07:01:01 104448 ----a-w- C:\WINDOWS\System32\NotificationControllerPS.dll
2018-07-06 07:00:53 94720 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
2018-07-06 07:00:41 29696 ----a-w- C:\WINDOWS\System32\MapsTelemetry.dll
2018-07-06 07:00:32 92672 ----a-w- C:\WINDOWS\System32\MosHostClient.dll
2018-07-06 07:00:22 18944 ----a-w- C:\WINDOWS\System32\nativemap.dll
2018-07-06 07:00:04 151040 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
2018-07-06 07:00:03 53248 ----a-w- C:\WINDOWS\System32\mapstoasttask.dll
2018-07-06 06:59:58 41984 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll
2018-07-06 06:59:57 86528 ----a-w- C:\WINDOWS\System32\MosStorage.dll
2018-07-06 06:59:46 3381248 ----a-w- C:\WINDOWS\System32\MapRouter.dll
2018-07-06 06:59:39 453632 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2018-07-06 06:59:35 48128 ----a-w- C:\WINDOWS\System32\tokenbinding.dll
2018-07-06 06:59:23 200192 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Geolocation.dll
2018-07-06 06:59:22 334336 ----a-w- C:\WINDOWS\System32\NmaDirect.dll
2018-07-06 06:59:15 6647296 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2018-07-06 06:59:00 1153536 ----a-w- C:\WINDOWS\System32\Windows.Devices.Sensors.dll
2018-07-06 06:57:53 3712512 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2018-07-06 06:57:48 676864 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Devices.dll
2018-07-06 06:57:47 473088 ----a-w- C:\WINDOWS\System32\schannel.dll
2018-07-06 06:57:44 7579648 ----a-w- C:\WINDOWS\System32\Chakra.dll
2018-07-06 06:57:42 5779456 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
.
============= FINISH: 18:44:42.32 ===============
Attached Files
File Type: txt attach.txt (7.4 KB, 6 views)
qimqim is offline  
Sponsored Links
Advertisement
 
Old 07-13-2018, 06:52 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Have you run ESET Online Scanner since the incident? If so, please post the ESET log in your next reply.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-14-2018, 01:21 AM   #3
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi Chemist

Yes, I ran Eset but cannot see that a log was left. I downloaded AdCleaner from the link you provided but after clicking on the .exe file nothing happens! It does not open.

Let me add to my original post. It seems that the sender of the email had my log in details for Avast. I have not used Avast for a very long time (years?) and my suspicion is that he hacked into Avast“s website and got hold of the email details of everybody, after which on the assumption that a lot of people watch porn he sent that message. I do not believe that my computer was compromised.
qimqim is offline  
Old 07-14-2018, 04:58 AM   #4
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



I restarted computer an been able to run ADWCleaner

Please note that I got two logs from runninng ADWCleaner just once The other file is called AdwCleaner[S00].txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-07-04.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-14-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

Deleted Ask Jeeves

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1280 octets] - [14/07/2018 12:38:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Attached Files
File Type: txt Addition.txt (45.1 KB, 5 views)
qimqim is offline  
Old 07-14-2018, 05:00 AM   #5
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Unable to copy/paste file even though I split it from the ADWCleaner one. So I had to attache it
Attached Files
File Type: txt FRST.txt (98.9 KB, 6 views)
qimqim is offline  
Old 07-14-2018, 09:32 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, qimqim. Not seeing anything here, as usual.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\Users\Camilo\Desktop\Endo CUF.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
    AlternateDataStreams: C:\Users\Camilo\Desktop\Endo CUF.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\Camilo\Documents\CNPD.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
    AlternateDataStreams: C:\Users\Camilo\Documents\CNPD.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-15-2018, 02:59 AM   #7
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Thank you chemist

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Camilo (15-07-2018 08:53:17) Run:1
Running from C:\Users\Camilo\Desktop
Loaded Profiles: Camilo (Available Profiles: Camilo & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\Users\Camilo\Desktop\Endo CUF.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Camilo\Desktop\Endo CUF.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Camilo\Documents\CNPD.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Camilo\Documents\CNPD.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Users\Camilo\Desktop\Endo CUF.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Camilo\Desktop\Endo CUF.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Camilo\Documents\CNPD.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Camilo\Documents\CNPD.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95168284 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 410936 B
Edge => 14591 B
Chrome => 743945765 B
Firefox => 58986352 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7360 B
LocalService => 0 B
NetworkService => 5280 B
NetworkService => 0 B
Camilo => 161863254 B
UpdatusUser => 0 B

RecycleBin => 367838885 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:55:10 ====
qimqim is offline  
Old 07-15-2018, 08:19 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. Run ESET if you wish, else let me know how the machine is behaving and I will give you some final instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flash Player SMS scam charges victims for free Adobe software
BitDefender has uncovered a creative scheme that charges people via SMS for what should be a free copy of Adobe Systems' Flash player, which is apparently undergoing a test run on a Russian social network. The scam was uncovered after one of security vendor BitDefender's customers found a...
Glaswegian Computer Security News 1 12-19-2011 01:08 PM
Online dating scam targets incurable romantics
Research out of the UK today says that perhaps as many as 200,00 people have been victims of online romance scams and the same study says over 1 million people personally know someone who has been scammed by one of these heartless fraudsters. The online research was conducted by the UK's...
Glaswegian Computer Security News 0 10-01-2011 08:20 AM
Cybercriminals trick Windows users into paying £88 in "ransomware" scam
Cybercriminals are trying to trick Windows users into paying £88 ($143) by claiming that they're running a counterfeit copy of the operating system, a security expert said today. The scam, a kind dubbed "ransomware" for the way criminals try to extort money, poses as a message from Microsoft...
Glaswegian Computer Security News 0 09-07-2011 01:00 PM
Twitter scam exploits users' lack of Internet savvy
Security firm Sophos is warning that a new scam is spreading virally on Twitter and a significant number of people have already fallen for it. The Online Timer scam claims to measure how long users have spent on the Twitter website. It spreads via seemingly innocuous Twitter messages along the...
Glaswegian Computer Security News 0 03-21-2011 01:34 PM
Australian phishing scam - Windows event viewer
Had 2 of these calls in last 5 days - beware! Microsoft issues warning on phone scam, Security and Privacy, News Centre | Microsoft Australia
zuluclayman Computer Security News 0 01-16-2011 07:00 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:53 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts