Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

something funny going on around here!

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Thu Dec 17, 2015 4:38 pm    Post subject: something funny going on around here! Reply with quote

Merry Christmas everyone,
so, I find that I cannot update Windows from my IE 11, videos are interrupted with a clicking sound and freezing a big. Some pop-ups appear where none were just a few weeks ago. and things are slow. Here are the dds:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2015 3:42:26 AM
System Uptime: 12/17/2015 3:47:39 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | Q400A
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz | SOCKET 0 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 623.221 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 12/17/2015 3:38:28 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.16) MUI
Adobe Refresh Manager
Alcor Micro USB Card Reader
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Screen Saver
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUSDVD
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Bing Bar
Classic Shell
D3DX10
Google Earth
Google Update Helper
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Assistant
HP Support Solutions Framework
HP Update
I.R.I.S. OCR
Intel(R) Management Engine Components
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 365 - en-us
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
Pandora
Photo Common
Photo Gallery
Realtek High Definition Audio Driver
Sony Preset Manager 2.0d
Sony Sound Forge Audio Studio 8.0
Sound Forge Audio Studio 10.0
Waves Diamond Bundle 4.05
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
12/17/2015 3:52:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the UNS service to connect.
12/17/2015 3:52:04 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2015 3:48:39 PM, Error: Service Control Manager [7000] - The jhi_service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2015 3:48:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the jhi_service service to connect.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The User Data Storage_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The User Data Access_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The Sync Host_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The Contact Data_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/17/2015 3:46:17 PM, Error: Service Control Manager [7034] - The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:17 PM, Error: Service Control Manager [7034] - The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/17/2015 3:46:17 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/17/2015 3:46:16 PM, Error: Service Control Manager [7034] - The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:16 PM, Error: Service Control Manager [7034] - The ASUS InstantOn Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:16 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:16 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/17/2015 3:46:16 PM, Error: Service Control Manager [7031] - The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/17/2015 3:46:16 PM, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/17/2015 3:46:15 PM, Error: Service Control Manager [7034] - The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:15 PM, Error: Service Control Manager [7034] - The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2015 3:46:15 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2015 12:24:40 PM, Error: Service Control Manager [7031] - The User Data Storage_4b911 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/16/2015 12:24:40 PM, Error: Service Control Manager [7031] - The User Data Access_4b911 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/16/2015 12:24:40 PM, Error: Service Control Manager [7031] - The Sync Host_4b911 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/16/2015 12:24:40 PM, Error: Service Control Manager [7031] - The Contact Data_4b911 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/16/2015 1:37:03 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user JP\John SID (S-1-5-21-3936709736-1518792879-354126822-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.
12/15/2015 11:24:57 AM, Error: Service Control Manager [7031] - The User Data Storage_30b82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:24:57 AM, Error: Service Control Manager [7031] - The User Data Access_30b82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:24:57 AM, Error: Service Control Manager [7031] - The Sync Host_30b82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:24:57 AM, Error: Service Control Manager [7031] - The Contact Data_30b82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:22:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
12/15/2015 11:17:22 AM, Error: Service Control Manager [7031] - The User Data Storage_7199a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:17:22 AM, Error: Service Control Manager [7031] - The User Data Access_7199a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:17:22 AM, Error: Service Control Manager [7031] - The Sync Host_7199a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2015 11:17:22 AM, Error: Service Control Manager [7031] - The Contact Data_7199a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 9:04:02 AM, Error: Service Control Manager [7031] - The User Data Storage_627cf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 9:04:02 AM, Error: Service Control Manager [7031] - The User Data Access_627cf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 9:04:02 AM, Error: Service Control Manager [7031] - The Sync Host_627cf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 9:04:02 AM, Error: Service Control Manager [7031] - The Contact Data_627cf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 9:03:01 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error: An instance of the service is already running.
12/12/2015 9:02:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error: An instance of the service is already running.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Storage Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Network Connection Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Human Interface Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2015 9:02:01 AM, Error: Service Control Manager [7031] - The Device Association Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2015 8:46:13 AM, Error: Service Control Manager [7031] - The User Data Storage_49319 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 8:46:13 AM, Error: Service Control Manager [7031] - The User Data Access_49319 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 8:46:13 AM, Error: Service Control Manager [7031] - The Sync Host_49319 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2015 8:46:13 AM, Error: Service Control Manager [7031] - The Contact Data_49319 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/11/2015 4:24:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user JP\John SID (S-1-5-21-3936709736-1518792879-354126822-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/10/2015 8:48:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
12/10/2015 8:48:14 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2015 8:45:49 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_2a9c54 service, but this action failed with the following error: An instance of the service is already running.
12/10/2015 8:45:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_2a9c54 service to connect.
12/10/2015 8:45:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_2a9c54 service to connect.
12/10/2015 8:45:39 AM, Error: Service Control Manager [7031] - The User Data Storage_2a9c54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/10/2015 8:45:39 AM, Error: Service Control Manager [7031] - The User Data Access_2a9c54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/10/2015 8:45:39 AM, Error: Service Control Manager [7031] - The Sync Host_2a9c54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/10/2015 8:45:39 AM, Error: Service Control Manager [7031] - The Contact Data_2a9c54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/10/2015 8:36:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user JP\John SID (S-1-5-21-3936709736-1518792879-354126822-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
12/10/2015 3:38:13 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
12/10/2015 3:35:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2015 3:24:12 AM, Error: Service Control Manager [7001] - The SDWSCService service depends on the wscsvc service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2015 3:23:57 AM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel AirSpaceChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
12/10/2015 3:21:40 AM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
12/10/2015 3:11:43 AM, Error: Service Control Manager [7022] - The Delivery Optimization service hung on starting.
12/10/2015 3:10:30 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
12/10/2015 3:10:30 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
12/10/2015 3:09:27 AM, Error: Service Control Manager [7030] - The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/10/2015 3:06:34 AM, Error: Service Control Manager [7023] - The iphlpsvc service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2015 3:06:30 AM, Error: Service Control Manager [7023] - The netprofm service terminated with the following error: The device is not ready.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by John at 16:32:11 on 2015-12-17
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.8078.5122 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.12.1.32_neutral__1fgex2kbsn6g8\Solitaire.exe
C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE
C:\WINDOWS\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearch Bar = Preserve
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [OneDrive] "C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN36RDXH2F05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{224c079e-9089-4ecb-944a-901d157edb42} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f}\75D4532316236666 : DHCPNameServer = 192.168.178.87
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-7-5 647736]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-29 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-29 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-29 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-29 218624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-29 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-29 8192]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2015-12-4 2875576]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-29 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-29 43944]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 25800]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-10-29 330136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-12-25 129856]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-29 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\drivers\AiCharger.sys [2012-7-24 17152]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-5-21 165344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-10-29 245248]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-5-13 19976]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-7-29 38976]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2015-10-29 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-7-2 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-29 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-10-29 3343872]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-29 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-29 364464]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-11-29 188896]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-25 166720]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-29 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-2 1135416]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-25 365376]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-29 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-29 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-29 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-29 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-29 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-11 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-29 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-29 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-29 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-29 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-29 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-29 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-29 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-29 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-7-29 50240]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-29 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-29 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-29 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-29 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-7-2 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-29 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-29 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-29 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-29 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-29 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-29 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-29 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-29 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-29 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-29 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-29 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-29 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-29 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-29 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-29 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-29 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-29 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-29 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-29 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-29 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-29 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-29 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-29 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-29 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-29 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-29 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-29 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-29 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
.
=============== Created Last 30 ================
.
2015-12-18 00:07:56 -------- d-----w- C:\Users\John\AppData\Local\Microsoft Help
2015-12-17 23:58:56 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F8F7B72-0546-4715-A0AF-D67DCD721E6D}\mpengine.dll
2015-12-17 23:53:14 -------- d-----w- C:\FRST
2015-12-17 23:44:37 -------- d-----w- C:\AdwCleaner
2015-12-17 20:08:17 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-12-15 18:35:31 -------- d-----w- C:\ProgramData\IntelDLM
2015-12-15 18:29:06 -------- d-----w- C:\Users\John\AppData\Local\Intel
2015-12-15 18:28:05 -------- d-----w- C:\Program Files (x86)\Intel Driver Update Utility
2015-12-12 17:02:59 -------- d--h--w- C:\$SysReset
2015-12-11 18:49:22 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-12-11 17:14:59 586080 ----a-w- C:\WINDOWS\SysWow64\wimgapi.dll
2015-12-10 16:54:21 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDA948E2-4CD7-41F5-9222-2B0D99D67C2E}\gapaengine.dll
2015-12-10 16:37:48 -------- d-----w- C:\Users\John\AppData\Local\ActiveSync
2015-12-10 11:38:26 -------- d-sh--we C:\ProgramData\Documents
2015-12-10 11:28:05 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-12-10 11:24:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2015-12-10 11:24:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2015-12-10 11:11:01 72704 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2015-12-10 11:11:01 69120 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2015-12-10 11:10:38 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-12-10 11:10:37 -------- d-----w- C:\Program Files (x86)\ASUS
2015-12-10 11:10:23 -------- d-----w- C:\ProgramData\SetupTPDriver
2015-12-10 11:10:06 -------- d-----w- C:\WINDOWS\System32\DAX2
2015-12-10 11:09:49 -------- d-----w- C:\Program Files\Realtek
2015-12-10 11:09:44 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2015-12-10 11:09:28 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-12-10 11:06:33 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2015-12-10 11:04:59 -------- d-sh--w- C:\Recovery
2015-12-10 11:04:56 -------- dc----w- C:\WINDOWS\Panther
2015-12-10 11:02:20 -------- d-----w- C:\Windows.old
2015-12-10 11:01:41 -------- d-----w- C:\WINDOWS\System32\Microsoft
2015-12-10 10:59:22 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-12-10 10:59:22 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-12-10 10:59:22 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 10:59:11 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-12-10 10:59:11 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 10:59:11 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-12-04 22:21:20 -------- d-----w- C:\Program Files\Microsoft Office 15
.
==================== Find3M ====================
.
2015-12-12 17:31:03 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-12-10 16:35:25 451 ----a-w- C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-09 03:39:31 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-12-07 04:57:01 973664 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-12-07 04:55:42 1281376 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-12-07 04:49:31 412512 ----a-w- C:\WINDOWS\System32\wifitask.exe
2015-12-07 04:47:58 116720 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2015-12-07 04:47:57 925064 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-12-07 04:47:57 898184 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2015-12-07 04:47:54 716928 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2015-12-07 04:45:46 264544 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2015-12-07 04:15:40 1035776 ----a-w- C:\WINDOWS\System32\XboxNetApiSvc.dll
2015-12-07 04:15:08 75776 ----a-w- C:\WINDOWS\System32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-07 04:10:37 824320 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2015-12-07 04:09:36 30208 ----a-w- C:\WINDOWS\System32\StorageUsage.dll
2015-12-07 04:09:27 92160 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2015-12-07 04:09:07 133120 ----a-w- C:\WINDOWS\System32\flvprophandler.dll
2015-12-07 04:07:43 134656 ----a-w- C:\WINDOWS\System32\wificonnapi.dll
2015-12-07 04:07:34 77312 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2015-12-07 04:07:13 16984064 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-12-07 04:06:52 231936 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2015-12-07 04:06:38 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-12-07 04:06:36 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-12-07 04:06:32 572928 ----a-w- C:\WINDOWS\SysWow64\WpcWebFilter.dll
2015-12-07 04:05:28 36864 ----a-w- C:\WINDOWS\System32\BackgroundTransferHost.exe
2015-12-07 04:05:15 192000 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
2015-12-07 04:04:28 56320 ----a-w- C:\WINDOWS\System32\provtool.exe
2015-12-07 04:04:20 66560 ----a-w- C:\WINDOWS\System32\moshost.dll
2015-12-07 04:03:46 13017600 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-12-07 04:02:54 477696 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-12-07 04:02:49 161280 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2015-12-07 04:02:01 269824 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2015-12-07 04:01:43 34304 ----a-w- C:\WINDOWS\SysWow64\BackgroundTransferHost.exe
2015-12-07 04:01:07 543232 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-12-07 04:00:55 323072 ----a-w- C:\WINDOWS\System32\MSFlacDecoder.dll
2015-12-07 04:00:52 203776 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-12-07 04:00:51 210432 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2015-12-07 04:00:40 618496 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-12-07 03:59:52 286208 ----a-w- C:\WINDOWS\System32\provhandlers.dll
2015-12-07 03:59:49 292352 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-12-07 03:59:37 558080 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll
2015-12-07 03:59:16 165376 ----a-w- C:\WINDOWS\System32\provdatastore.dll
2015-12-07 03:58:17 459776 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2015-12-07 03:57:48 387072 ----a-w- C:\WINDOWS\System32\qdvd.dll
2015-12-07 03:57:40 409088 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2015-12-07 03:57:28 270848 ----a-w- C:\WINDOWS\SysWow64\MSFlacDecoder.dll
2015-12-07 03:56:27 497152 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
2015-12-07 03:56:18 607232 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2015-12-07 03:55:38 7979008 ----a-w- C:\WINDOWS\System32\mos.dll
2015-12-07 03:55:02 346112 ----a-w- C:\WINDOWS\SysWow64\MapConfiguration.dll
2015-12-07 03:54:56 850432 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2015-12-07 03:54:56 569856 ----a-w- C:\WINDOWS\SysWow64\qdvd.dll
2015-12-07 03:53:28 381952 ----a-w- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
2015-12-07 03:51:16 1318912 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-12-07 03:51:00 223232 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2015-12-07 03:50:55 1131520 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2015-12-07 03:49:01 1105920 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2015-12-07 03:48:02 6297088 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2015-12-07 03:47:02 3428864 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-12-07 03:45:53 683008 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:45 900608 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:44 2582016 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-12-07 03:44:48 2796032 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-12-07 03:43:35 931328 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL
2015-12-07 03:43:07 2598400 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-12-07 03:41:02 2061824 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-12-07 03:40:47 3593216 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-12-07 03:40:23 1995776 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2015-12-07 03:40:08 1706496 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2015-12-07 03:39:24 764928 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-12-07 03:38:14 871936 ----a-w- C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL
2015-12-07 03:33:04 375296 ----a-w- C:\WINDOWS\System32\MDEServer.exe
2015-12-07 03:32:46 126464 ----a-w- C:\WINDOWS\System32\dialserver.dll
2015-12-01 07:12:09 2152800 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2015-12-01 00:33:29 826872 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-12-01 00:33:29 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-11-25 01:12:46 408 ----a-w- C:\Users\John\AppData\Roaming\sp_data.sys
2015-11-24 12:07:40 1817160 ----a-w- C:\WINDOWS\System32\ntdll.dll
2015-11-24 11:06:29 1540768 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2015-11-24 10:26:50 1399224 ----a-w- C:\WINDOWS\System32\user32.dll
2015-11-24 10:01:57 2756096 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2015-11-24 09:54:15 7680 ----a-w- C:\WINDOWS\System32\readingviewresources.dll
2015-11-24 09:53:39 115200 ----a-w- C:\WINDOWS\System32\win32k.sys
2015-11-24 09:45:01 18944 ----a-w- C:\WINDOWS\System32\wshrm.dll
2015-11-24 09:37:04 147968 ----a-w- C:\WINDOWS\System32\drivers\rmcast.sys
2015-11-24 09:26:34 1337240 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2015-11-24 09:19:35 182784 ----a-w- C:\WINDOWS\System32\shutdownux.dll
2015-11-24 09:12:41 523776 ----a-w- C:\WINDOWS\System32\catsrvut.dll
2015-11-24 08:58:24 604672 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-11-24 08:55:41 1393664 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-24 08:54:21 2756096 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2015-11-24 08:52:05 1717248 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2015-11-24 08:49:47 1648640 ----a-w- C:\WINDOWS\System32\comsvcs.dll
2015-11-24 08:14:34 415744 ----a-w- C:\WINDOWS\SysWow64\catsrvut.dll
2015-11-24 08:03:47 503296 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-11-24 07:59:27 1467392 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2015-11-24 07:57:56 1328128 ----a-w- C:\WINDOWS\SysWow64\comsvcs.dll
2015-11-24 07:35:50 22393856 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-24 07:29:31 2352128 ----a-w- C:\WINDOWS\System32\authui.dll
2015-11-24 07:11:35 18678272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
.
============= FINISH: 16:33:24.26 ===============
Thank you!
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 13 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Thu Dec 17, 2015 10:47 pm    Post subject: Reply with quote

http://spywarewarrior.com/viewtopic.php?t=35401&highlight=

Quote:
This is a Duplicate Post of the one linked to above, and has therefore been closed.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group