Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Win32/Zperm virus & popups.

This is a discussion on Win32/Zperm virus & popups. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I


Closed Thread
 
Thread Tools Search this Thread
Old 12-22-2016, 10:35 AM   #1
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\DptfPolicyCriticalService.exe
C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
C:\WINDOWS\system32\DptfParticipantProcessorService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Getstarted_4.2.29.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\WindowsApps\Microsoft.BingNews_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\WINDOWS\System32\sdiagnhost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\smartscreen.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={157D7AC9-D0D0-481F-A902-B516EE3FECF4}&mid=3cb132cf36e047cda1d2856e5810e0fe-b77f08a324e953ddc3fee54571f6df06071efe63&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116av&pr=fr&d=2015-07-16 12:21:27&v=4.3.6.255&pid=wtu&sg=&sap=hp
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRunOnce: [Uninstall 17.3.6517.0809_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64"
uRunOnce: [Uninstall 17.3.6517.0809_1] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
dRunOnce: [Application Restart #1] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{548618f6-a406-4e10-834b-9f87371363d5} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{77123f7f-96e7-4422-9e25-6ecb601d7a1a} : DHCPNameServer = 192.168.1.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\snvw6azb.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-1-8 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-25 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [2013-8-16 71680]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-11-2 5337696]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-12-6 1146128]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-11-2 727512]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_206b8d;CDPUserSvc_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\WINDOWS\System32\DptfParticipantProcessorService.exe [2013-12-2 115656]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe [2013-12-2 118728]
R2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;C:\WINDOWS\System32\DptfPolicyCriticalService.exe [2013-12-2 148160]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-27 374360]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-19 169432]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe [2016-12-5 630976]
R2 OneSyncSvc_206b8d;Sync Host_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-11-19 390632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-11-2 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-11-2 4088608]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-2 235984]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 vToolbarUpdater40.3.6;vToolbarUpdater40.3.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [2016-11-14 1349704]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2016-11-14 980552]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-29 249856]
R3 DptfDevDram;DptfDevDram;C:\WINDOWS\System32\drivers\DptfDevDram.sys [2013-12-2 145640]
R3 DptfDevPch;DptfDevPch;C:\WINDOWS\System32\drivers\DptfDevPch.sys [2013-12-2 116752]
R3 DptfDevProc;DptfDevProc;C:\WINDOWS\System32\drivers\DptfDevProc.sys [2013-12-2 290256]
R3 DptfManager;DptfManager;C:\WINDOWS\System32\drivers\DptfManager.sys [2013-12-2 494808]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 enecir;ENE CIR Receiver;C:\WINDOWS\System32\drivers\enecir.sys [2013-12-2 71168]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 27032]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_206b8d;Contact Data_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-12-5 830680]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_206b8d;User Data Storage_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_206b8d;User Data Access_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-11-2 647864]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DptfDevDisplay;DptfDevDisplay;C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [2013-12-2 70752]
S3 DptfDevFan;DptfDevFan;C:\WINDOWS\System32\drivers\DptfDevFan.sys [2013-12-2 50640]
S3 DptfDevGen;DptfDevGen;C:\WINDOWS\System32\drivers\DptfDevGen.sys [2013-12-2 78504]
S3 DptfDevPower;DptfDevPower;C:\WINDOWS\System32\drivers\DptfDevPower.sys [2013-12-2 71808]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-7 54736]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-7-16 472872]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_206b8d;MessagingService_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-25 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-29 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_206b8d;Windows Push Notifications User Service_206b8d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-25 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2016-12-19 00:48:33 -------- d-----w- C:\Users\Nicholas\AppData\Roaming\Smartflix
2016-12-19 00:48:27 -------- d-----w- C:\Users\Nicholas\AppData\Local\smartflix
2016-12-19 00:48:26 -------- d-----w- C:\Users\Nicholas\AppData\Local\SquirrelTemp
2016-12-17 19:27:25 -------- d--h--w- C:\OneDriveTemp
2016-12-15 03:10:16 321480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozB629.tmp
2016-12-14 03:36:18 20364888 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-12-09 22:58:59 691712 ----a-w- C:\WINDOWS\System32\lsm.dll
2016-12-08 08:16:03 -------- d-----w- C:\WINDOWS\pss
2016-12-08 08:14:25 -------- d-----w- C:\Program Files\Common Files\Lavasoft
.
==================== Find3M ====================
.
2016-12-14 17:08:15 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-09 22:43:22 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:45 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
.
============= FINISH: 12:29:27.29 ===============
Attached Files
File Type: txt attach.txt (3.6 KB, 30 views)
File Type: txt dds.txt (39.5 KB, 31 views)
SnowBum is offline  
Sponsored Links
Advertisement
 
Old 12-22-2016, 02:33 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-22-2016, 04:03 PM   #3
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



Adwcleaner cleaned & fixed 50 infected file's. I didn't click fix on the FARBAR because you didn't instruct to. Here are the attached text files. Thanks.

# AdwCleaner v6.041 - Logfile created 22/12/2016 at 17:58:17
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-22.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Nicholas - HOMEPC
# Running from : C:\Users\Nicholas\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.3.6
[-] Service deleted: WtuSystemSupport


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Nicholas\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Files ] *****

[-] File deleted: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\snvw6azb.default\extensions\[email protected]
[-] File deleted: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\snvw6azb.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File deleted: C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File deleted: C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-226458003-544575888-2425317945-1001\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[-] Data restored: HKU\S-1-5-21-226458003-544575888-2425317945-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-226458003-544575888-2425317945-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-226458003-544575888-2425317945-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Web browsers ] *****

[-] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: check point software technologies ltd
[-] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8002 Bytes] - [07/11/2016 12:46:09]
C:\AdwCleaner\AdwCleaner[C2].txt - [5743 Bytes] - [22/12/2016 17:58:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [9613 Bytes] - [07/11/2016 12:38:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [7837 Bytes] - [07/11/2016 12:42:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [6063 Bytes] - [22/12/2016 17:54:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6035 Bytes] ##########
Attached Files
File Type: txt AdwCleaner[C2].txt (6.0 KB, 24 views)
File Type: txt FRST.txt (76.6 KB, 29 views)
File Type: txt Addition.txt (46.2 KB, 28 views)
SnowBum is offline  
Sponsored Links
Advertisement
 
Old 12-22-2016, 09:20 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello SnowBum. You're very welcome!

Please uninstall Spybot while we clean your machine. It sometimes interferes with our fixes.

You can re-install it once we are done.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Ad-Aware and AVG.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please let me know which you want to keep before we proceed.

Are you going to keep Ad-Aware or AVG? Please don't uninstall either until you reply and follow the next set of instructions.

I will let you know when you can uninstall either Ad-Aware or AVG.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-23-2016, 01:53 PM   #5
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



I'll keep AVG. I uninstalled spybot.
SnowBum is offline  
Old 12-24-2016, 12:26 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, SnowBum.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AdAwareInstaller (Version: 11.14.1023.10544 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.14.1023.10544 - Lavasoft) Hidden
    AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
    Task: {08399FE6-DAAB-47C0-A027-9BF24EC587F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {31E0E008-E69A-4CB1-A75D-16742FFF268B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {3E222987-A4CD-4E33-A60B-B57A9DC988FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {547C8C90-B19C-46FD-BEAA-089D42EE1E27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {5B0E8DD5-A969-4B48-B9E2-034FE14417CE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5E8CB58E-74E8-45AE-872A-7947268AFDCD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {67EA4255-5B50-411A-8928-3E18475755C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {8E6ABE29-0C3C-4FFA-88E5-B2B5DE62274A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {97FC2DC3-FCC2-4449-9454-CA8C3F0A5AAD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A78DEC46-A1B8-40DE-99A9-BD26C179F6FB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {BC7564A8-2FD6-4273-B590-36606C840CE2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BE225611-4549-403F-888A-56D023D29921} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {DE804CD8-A63F-4B9B-8853-B461A4B2EF0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {EFB4DD3F-5E6C-44F3-A52B-69EDAAC48599} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {F53AF07A-B327-4347-9194-FFBBD8972808} - \WPD\SqmUpload_S-1-5-21-226458003-544575888-2425317945-1001 -> No File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    HKLM\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-226458003-544575888-2425317945-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-226458003-544575888-2425317945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
    SearchScopes: HKU\S-1-5-21-226458003-544575888-2425317945-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-226458003-544575888-2425317945-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    2016-12-08 14:45 - 2016-08-18 04:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-07] ()
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-27-2016, 12:08 PM   #7
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



Here is fixlog. Thanks.
Attached Files
File Type: txt Fixlog.txt (14.7 KB, 24 views)
SnowBum is offline  
Old 12-27-2016, 08:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, SnowBum. How is the machine behaving?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    AntimalwareEngine
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2016, 12:33 PM   #9
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



The system still has popups and AVG still flags with the same virus alert on occasion.
Attached Files
File Type: txt SystemLook.txt (2.8 KB, 20 views)
SnowBum is offline  
Old 12-29-2016, 08:09 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, SnowBum. That detection is probably a false positive due to having 2 different antivirus programs installed.

Please carry out the steps listed below, in order. If you have trouble, stop and let me know before proceeding.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[{20334FA5-6CD5-48FC-B5F9-D34D75E07845}]
"SystemComponent"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

You can now uninstall all the following Ad-Aware products via Programs and Features:

Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
AntimalwareEngine


If you are prompted to reboot, wait until all Ad-Aware products are uninstalled first.

Let me know if you have trouble uninstalling any Ad-Aware products.

Reboot your machine(if you haven't already) and let me know if you still get the detection and popup.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-03-2017, 07:42 PM   #11
Registered Member
 
Join Date: Jun 2005
Posts: 116
OS: Windows 7



Problem appears to be resolved. Thank you very much.
SnowBum is offline  
Old 01-04-2017, 12:28 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, SnowBum. You're very welcome. Glad to hear it. Still a bit of tidying to do.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareTray.exe [9529080 2016-12-05] ()
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.14.1023.10544\AdAwareService.exe [630976 2016-12-05] ()
    2016-12-08 02:14 - 2016-12-08 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2016-12-08 02:14 - 2016-12-08 02:14 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    C:\Program Files\Lavasoft
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Virus Causing Popups, Uninstalled Programs & Messing with Permissions
I know I'm infected with something, but I don't know what, or even how it happened. First off, Firefox is opening on its own and tabs are being opened for strange searches like "asian+thumb+movies" or "big+fish+games" or "ladies+clothes" and I've also had something like Chinatv and admirablesearch....
xKiDDOx Resolved HJT Threads 22 11-23-2011 09:46 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
dwm.exe / csrss.exe / conhost.exe?
I am trying to clean up this computer for a friend - unfortunately someone else has already been messing around with it and trying to sort it out (I found various cleanup programs on the desktop) but to no avail. As far as I can see/have been told the symptoms have been - Hiding all documents...
lm03929z Resolved HJT Threads 20 05-09-2011 03:42 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts