drypen Posted February 20, 2017 ID:1103004 Share Posted February 20, 2017 I'm not sure where this came from but I've been unable to get rid of it completely and need your help. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 20, 2017 ID:1103045 Share Posted February 20, 2017 (edited) Hello and Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scanto begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. The only left thing is to attach saved report in your next message. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please upload them into your next reply. Edited February 20, 2017 by TwinHeadedEagle Link to post Share on other sites More sharing options...
drypen Posted February 20, 2017 Author ID:1103151 Share Posted February 20, 2017 10 hours ago, TwinHeadedEagle said: Hello and Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scanto begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. The only left thing is to attach saved report in your next message. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please upload them into your next reply. Here's the log from the Zemana scan. I'm willing to scan with Farbar but there is no download link? 2017.02.20-11.42.45-i0-t92-d8.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 21, 2017 ID:1103336 Share Posted February 21, 2017 Just do the same thing what you did to get initial reports. Link to post Share on other sites More sharing options...
drypen Posted February 21, 2017 Author ID:1103356 Share Posted February 21, 2017 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.14393.0 Run by drype at 8:13:02 on 2017-02-21 Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.16293.13121 [GMT -7:00] . AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\dwm.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\dashost.exe C:\WINDOWS\system32\igfxCUIService.exe C:\WINDOWS\System32\svchost.exe -k NetworkService C:\Windows\System32\WUDFHost.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\AdminService.exe C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\DbxSvc.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k appmodel C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\taskhostw.exe C:\Windows\System32\RuntimeBroker.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxEM.exe C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\WINDOWS\system32\igfxHK.exe C:\WINDOWS\system32\igfxTray.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe svchost.exe C:\WINDOWS\system32\SettingSyncHost.exe C:\Windows\System32\smartscreen.exe C:\Program Files\Windows Defender\MSASCuiL.exe C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\System32\InstallAgent.exe C:\Windows\System32\InstallAgentUserBroker.exe C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\WINDOWS\system32\fontdrvhost.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\AUDIODG.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe C:\WINDOWS\system32\vssvc.exe C:\WINDOWS\System32\svchost.exe -k swprv C:\WINDOWS\SysWOW64\NOTEPAD.EXE C:\WINDOWS\SysWOW64\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe -k WerSvcGroup C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\wermgr.exe C:\WINDOWS\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com uLocal Page = %11%\blank.htm uSearch Bar = www.google.com uSearch Page = www.google.com BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL uRun: [OneDrive] "C:\Users\drype\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background uRun: [spokeswomen] "C:\Program Files (x86)\camby\spokeswomen.exe" uRun: [Dz9EnF1qzf] "C:\Program Files (x86)\BeCleaner\0FZXY.exe" uRun: [passivity] "C:\Program Files (x86)\Injury\dollhouse.exe" mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui StartupFolder: C:\Users\drype\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\kristian.lnk - C:\Program Files (x86)\Injury\dollhouse.exe StartupFolder: C:\Users\drype\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: DSCAutomationHostEnabled = dword:2 mPolicies-System: FilterAdministratorToken = dword:1 IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll TCP: NameServer = 8.8.8.8,8.8.8.4 TCP: NameServer = 192.168.0.1 192.168.0.1 TCP: Interfaces\{57816987-87f7-4556-ac50-6fbcd2083ef2} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{57816987-87f7-4556-ac50-6fbcd2083ef2} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{65c17a69-60ae-4d1b-9128-293d49ae441c} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{65c17a69-60ae-4d1b-9128-293d49ae441c} : DHCPNameServer = 192.168.0.1 192.168.0.1 TCP: Interfaces\{65c17a69-60ae-4d1b-9128-293d49ae441c}\3456E647572797C496E6B623433313 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{65c17a69-60ae-4d1b-9128-293d49ae441c}\3456E647572797C496E6B623433313 : DHCPNameServer = 192.168.0.1 192.168.0.1 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = "" CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe" x64-Run: [ZAM] "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized x64-mPolicies-System: DSCAutomationHostEnabled = dword:2 x64-mPolicies-System: FilterAdministratorToken = dword:1 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned> x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned> x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned> x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned> x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll . ============= SERVICES / DRIVERS =============== . R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152] R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992] R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224] R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032] R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944] R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-8 199008] R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328] R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-2-15 309784] R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2017-2-15 32088] R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2017-2-15 991496] R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2017-2-15 547904] R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576] R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192] R1 ZAM;ZAM Helper Driver;C:\WINDOWS\System32\drivers\zam64.sys [2017-2-20 203680] R1 ZAM_Guard;ZAM Guard Driver;C:\WINDOWS\System32\drivers\zamguard64.sys [2017-2-20 203680] R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2017-2-15 126088] R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2017-2-15 162528] R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2016-6-26 355760] R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-2-15 262736] R2 CDPUserSvc_f58aa;CDPUserSvc_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-10-9 3699904] R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144] R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496] R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-2-6 46400] R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496] R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-27 370064] R2 OneSyncSvc_f58aa;Sync Host_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336] R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-10-9 7500048] R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-8 119648] R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560] R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R2 ZAMSvc;ZAM Controller Service;C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [2017-2-20 14416624] R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496] R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-2-15 7142136] R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-6-26 610656] R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-10-8 249856] R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496] R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480] R3 PimIndexMaintenanceSvc_f58aa;Contact Data_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] R3 Qcamain10x64;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2016-8-29 2403256] R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-6-23 895216] R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-10-23 410880] R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512] R3 UnistoreSvc_f58aa;User Data Storage_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] R3 UserDataSvc_f58aa;User Data Access_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-10-8 719360] R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064] S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-9 143144] S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496] S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432] S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456] S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360] S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496] S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2017-2-15 38296] S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728] S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728] S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496] S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912] S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272] S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976] S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160] S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-9 143144] S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184] S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496] S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480] S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016] S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280] S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408] S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512] S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384] S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128] S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152] S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120] S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176] S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840] S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-8 473864] S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824] S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216] S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352] S3 MessagingService_f58aa;MessagingService_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584] S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896] S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624] S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720] S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792] S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608] S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416] S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904] S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-10-8 1312768] S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904] S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496] S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-8 81760] S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096] S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744] S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744] S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544] S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688] S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568] S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008] S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608] S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056] S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512] S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696] S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488] S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256] S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240] S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232] S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328] S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496] S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096] S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864] S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S3 WpnUserService_f58aa;Windows Push Notifications User Service_f58aa;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496] S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-17 258560] S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-8 43520] S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice] ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1" ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" . =============== Created Last 30 ================ . 2017-02-21 14:27:15 -------- d-----w- C:\ProgramData\SWCUTemp 2017-02-20 18:42:39 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys 2017-02-20 18:42:39 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys 2017-02-20 18:42:37 -------- d---a-w- C:\Program Files (x86)\Zemana AntiMalware 2017-02-20 18:42:20 -------- d-----w- C:\Users\drype\AppData\Local\Zemana 2017-02-20 01:05:47 -------- d-----w- C:\FRST 2017-02-15 19:49:50 -------- d--h--w- C:\$SysReset 2017-02-15 19:41:40 -------- d--h--w- C:\$AV_ASW 2017-02-15 19:26:39 32088 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys 2017-02-15 19:24:11 -------- d-----w- C:\Users\drype\AppData\Roaming\AVAST Software 2017-02-15 19:24:00 -------- d-----w- C:\Program Files\Common Files\AV 2017-02-15 19:24:00 -------- d-----w- C:\Program Files (x86)\Common Files\AV 2017-02-15 19:21:31 -------- d-----w- C:\Program Files\AVAST Software 2017-02-15 17:52:07 -------- d-----w- C:\AdwCleaner 2017-02-15 13:18:43 285184 ---ha-w- C:\WINDOWS\System32\BIT9BE6.tmp 2017-02-15 13:18:43 285184 ---ha-w- C:\WINDOWS\System32\BIT9B58.tmp 2017-02-15 11:31:13 -------- d-----w- C:\Users\drype\AppData\Roaming\TotalAV 2017-02-15 10:06:17 -------- d-----w- C:\Users\drype\AppData\Local\AdvinstAnalytics 2017-02-15 09:49:41 -------- d-----w- C:\Program Files\YFIRGR2ZK5 2017-02-15 09:49:02 -------- d-----w- C:\Users\drype\AppData\Local\llssoft 2017-02-15 09:48:47 -------- d-----w- C:\Program Files\1TZK006CDE 2017-02-15 09:48:15 -------- d--h--w- C:\Program Files (x86)\camby 2017-02-15 09:48:14 -------- d--h--w- C:\Program Files (x86)\Drainpipes 2017-02-15 09:48:14 -------- d-----w- C:\Program Files (x86)\katy 2017-02-15 09:48:14 -------- d-----w- C:\Program Files (x86)\Injury 2017-02-15 09:48:09 -------- d-----w- C:\Program Files\XHB27BY68P 2017-02-15 09:48:06 -------- d-----w- C:\Program Files\SB8MYYIDF2 2017-02-15 09:47:53 -------- d-----w- C:\Program Files\QOCX52V6BX 2017-02-15 09:47:52 -------- d-----w- C:\Program Files\75KUDDWTDG 2017-02-14 14:47:45 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{162938DA-BD7C-420F-AB91-A82DDDAB1CB9}\mpengine.dll 2017-02-12 17:26:57 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2017-02-07 04:38:06 46400 ----a-w- C:\WINDOWS\System32\DbxSvc.exe 2017-02-07 04:38:06 46192 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys 2017-02-07 04:38:06 46192 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys 2017-02-07 04:38:06 46192 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys 2017-02-02 15:32:39 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll 2017-02-02 15:32:36 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll 2017-02-02 15:32:20 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll 2017-02-02 15:32:20 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll 2017-02-02 15:32:19 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll 2017-02-02 15:32:16 167424 ----a-w- C:\WINDOWS\SysWow64\WinSCard.dll 2017-02-02 15:32:04 331776 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2017-02-02 15:30:57 104448 ----a-w- C:\WINDOWS\SysWow64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-02-02 15:30:55 806400 ----a-w- C:\WINDOWS\SysWow64\D3D12.dll 2017-02-02 15:30:54 3733504 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_47.dll 2017-02-02 15:30:54 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll 2017-02-02 15:30:54 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll 2017-02-02 15:30:54 13869056 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll 2017-02-02 15:30:52 5061120 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll 2017-02-02 15:30:51 213504 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.CredDialogController.dll 2017-02-02 15:30:50 231424 ----a-w- C:\WINDOWS\SysWow64\CloudBackupSettings.dll 2017-02-02 15:30:49 76984 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll 2017-02-02 15:30:49 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll 2017-02-02 15:30:49 382784 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll 2017-02-02 15:30:47 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll 2017-02-02 15:18:45 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll 2017-02-02 15:16:59 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll 2017-02-02 15:15:55 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll 2017-02-02 15:14:47 208896 ----a-w- C:\WINDOWS\System32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-02-02 15:13:27 295424 ----a-w- C:\WINDOWS\System32\CloudBackupSettings.dll 2017-02-02 15:13:16 89416 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll 2017-02-02 15:13:15 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll 2017-02-02 15:13:15 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll 2017-02-02 15:13:15 534096 ----a-w- C:\WINDOWS\System32\AudioEng.dll 2017-02-02 15:13:15 418952 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll 2017-02-02 15:13:15 337920 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll 2017-02-02 15:13:14 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll 2017-02-02 15:13:14 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll 2017-02-02 15:13:12 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll 2017-02-02 15:13:06 1235296 ----a-w- C:\WINDOWS\System32\aeinv.dll 2017-02-02 15:13:02 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll 2017-02-02 15:12:53 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe 2017-02-02 15:12:44 1356864 ----a-w- C:\WINDOWS\System32\ClipUp.exe 2017-02-02 15:11:58 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys 2017-02-02 15:11:58 335712 ----a-w- C:\WINDOWS\System32\drivers\pci.sys 2017-02-02 15:05:35 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe 2017-02-02 15:05:35 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe 2017-01-31 01:31:41 -------- d-----w- C:\Program Files (x86)\K4PC . ==================== Find3M ==================== . 2017-02-21 15:07:40 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-02-18 04:43:05 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2017-02-15 19:24:02 337080 ----a-w- C:\WINDOWS\System32\drivers\aswvmm.sys 2017-02-15 19:23:42 74680 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys 2017-02-15 19:23:42 38296 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys 2017-02-15 19:23:42 162528 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys 2017-02-15 19:23:42 126088 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys 2017-02-15 19:23:42 100640 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys 2017-02-15 19:23:30 991496 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys 2017-02-15 19:23:24 48528 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys 2017-02-15 19:23:24 334600 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys 2017-02-15 19:23:24 309784 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys 2017-02-15 19:23:24 189768 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys 2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe 2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl 2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll 2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll 2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe 2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys 2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll 2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll 2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll 2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll 2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll 2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll 2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll 2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll 2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll 2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll 2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe 2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll 2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll 2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll 2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll 2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll 2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll 2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe 2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll 2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll 2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll 2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll 2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll 2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll 2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll 2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe 2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll 2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll 2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll 2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll 2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll 2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll 2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll 2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll 2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll 2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll 2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll 2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll 2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe 2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll 2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll 2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll 2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll 2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll 2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll 2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll 2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll 2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll 2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll 2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll 2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll 2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll 2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll 2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe 2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll 2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll 2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe 2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll 2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll 2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll 2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe 2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll 2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll 2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll 2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll 2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll 2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll 2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll 2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll 2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe 2016-12-21 04:24:58 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll 2016-12-21 04:24:11 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll 2016-12-21 04:22:44 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll 2016-12-21 04:22:32 860672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll 2016-12-21 00:59:10 116966 ----a-w- C:\Backup registruykey.reg 2016-12-15 13:51:18 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll 2016-12-14 05:34:03 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll 2016-12-14 05:23:03 404832 ----a-w- C:\WINDOWS\System32\msv1_0.dll 2016-12-14 05:21:13 2206496 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll 2016-12-14 05:19:34 584544 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe 2016-12-14 05:17:43 319288 ----a-w- C:\WINDOWS\System32\wow64.dll . ============= FINISH: 8:13:27.48 =============== attach.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 21, 2017 ID:1103466 Share Posted February 21, 2017 This is not a set of FRST reports. Link to post Share on other sites More sharing options...
drypen Posted February 22, 2017 Author ID:1103531 Share Posted February 22, 2017 Then I'm confused. How do I get a set of FRST reports? Link to post Share on other sites More sharing options...
drypen Posted February 22, 2017 Author ID:1103541 Share Posted February 22, 2017 I had to go back to the original post to see what I needed to do. I'd deleted it. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 22, 2017 ID:1103636 Share Posted February 22, 2017 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. Please upload it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 26, 2017 Root Admin ID:1104492 Share Posted February 26, 2017 Are you still with us? This topic will be closed soon if we do not hear back from you. Link to post Share on other sites More sharing options...
drypen Posted February 26, 2017 Author ID:1104513 Share Posted February 26, 2017 Sorry, yes. I'm in a flare and it's hard to type. I'll see how I feel tomorrow. Link to post Share on other sites More sharing options...
drypen Posted February 26, 2017 Author ID:1104720 Share Posted February 26, 2017 I'm running it now. It's been almost 2 hours is that normal? It already generated the fixlog.txt and I've enclosed it. Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 26, 2017 ID:1104722 Share Posted February 26, 2017 Can you reboot and run the fix one more time? Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104724 Share Posted February 27, 2017 Yes, I'll do that now. Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104733 Share Posted February 27, 2017 It's still running but it did generate this again. Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 27, 2017 ID:1104783 Share Posted February 27, 2017 Yes, for some reason it won't finish. Can you run MalwareBytes and Zemana scans again? Please remove everything found. Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104784 Share Posted February 27, 2017 Ok Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104827 Share Posted February 27, 2017 Both ran. Both found nothing. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 27, 2017 ID:1104829 Share Posted February 27, 2017 Okay. Can you reboot to Safe Mode and try to run FRST fix there? Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104861 Share Posted February 27, 2017 ok Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104892 Share Posted February 27, 2017 (edited) This is safe mode with networking. When it opened it said an app couldn't load. Then when I clicked FRST64 it said it didn't update so I'm not sure it it worked or not. But the log disappeared? Edited February 27, 2017 by drypen no attachment reason Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 27, 2017 ID:1104898 Share Posted February 27, 2017 I think there was one syntax error in Fixlist that caused FRST to hang. Please try again with attached Fixlist from Normal mode. fixlist.txt Link to post Share on other sites More sharing options...
drypen Posted February 27, 2017 Author ID:1104901 Share Posted February 27, 2017 ok Link to post Share on other sites More sharing options...
drypen Posted February 28, 2017 Author ID:1104963 Share Posted February 28, 2017 Done without a hitch! Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 28, 2017 ID:1105055 Share Posted February 28, 2017 How is your PC behaving now? Link to post Share on other sites More sharing options...
Recommended Posts