Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

BRAND NEW COMPUTER WITH TONS OF POP UPS

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
acapella
Warrior


Joined: 15 Feb 2005
Last Visit: 02 Dec 2016
Posts: 53

PostPosted: Mon Apr 11, 2016 2:22 pm    Post subject: BRAND NEW COMPUTER WITH TONS OF POP UPS Reply with quote

Sorry if this is a double post but I cannot see my original post. Brand new HP computer paralyzed with pop ups especially dns unlocker. Please help.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2016 4:06:02 AM
System Uptime: 4/5/2016 5:32:10 AM (157 hours ago)
.
Motherboard: HP | | 2B45
Processor: Intel(R) Core(TM) i3-6100T CPU @ 3.20GHz | U3E1 | 3192/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 909 GiB total, 842.483 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.693 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/21/2016 5:49:33 AM - Scheduled Checkpoint
RP2: 3/26/2016 4:18:28 PM - Installed ActivClient CAC x64.
RP3: 3/28/2016 5:25:11 AM - Windows Modules Installer
RP4: 4/5/2016 6:38:54 AM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
Hosts: 0.0.0.0 api.opencandy.com
Hosts: 0.0.0.0 api.recommendedsw.com
Hosts: 0.0.0.0 installer.betterinstaller.com
Hosts: 0.0.0.0 installer.filebulldog.com
Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
Hosts: 0.0.0.0 inno.bisrv.com
Hosts: 0.0.0.0 nsis.bisrv.com
Hosts: 0.0.0.0 cdn.file2desktop.com
Hosts: 0.0.0.0 cdn.goateastcach.us
Hosts: 0.0.0.0 cdn.guttastatdk.us
Hosts: 0.0.0.0 cdn.inskinmedia.com
Hosts: 0.0.0.0 cdn.insta.oibundles2.com
Hosts: 0.0.0.0 cdn.insta.playbryte.com
Hosts: 0.0.0.0 cdn.llogetfastcach.us
Hosts: 0.0.0.0 cdn.montiera.com
Hosts: 0.0.0.0 cdn.msdwnld.com
Hosts: 0.0.0.0 cdn.mypcbackup.com
Hosts: 0.0.0.0 cdn.ppdownload.com
Hosts: 0.0.0.0 cdn.riceateastcach.us
Hosts: 0.0.0.0 cdn.shyapotato.us
Hosts: 0.0.0.0 cdn.solimba.com
Hosts: 0.0.0.0 cdn.tuto4pc.com
Hosts: 0.0.0.0 cdn.appround.biz
Hosts: 0.0.0.0 cdn.bigspeedpro.com
Hosts: 0.0.0.0 cdn.bispd.com
Hosts: 0.0.0.0 cdn.bisrv.com
Hosts: 0.0.0.0 cdn.cdndp.com
Hosts: 0.0.0.0 cdn.download.sweetpacks.com
Hosts: 0.0.0.0 cdn.dpdownload.com
Hosts: 0.0.0.0 cdn.visualbee.net
.
==== Installed Programs ======================
.
ActivClient CAC x64
Advanced ScreenSnapshotTool 1.1.0.11130
Bonjour
Chromium
CyberLink PhotoDirector
CyberLink Power Media Player 14
CyberLink PowerDirector 12
CyberLink YouCam
Dropbox 25 GB
Energy Star
Evernote v. 5.8.13
Extended Update
HP Customer Experience Enhancements
HP Documentation
HP ePrint Windows Driver
HP ESU for Microsoft Windows 10
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP Support Information
HP Support Solutions Framework
HP Welcome
Intel RealSense Training
Intel(R) Chipset Device Software
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Intel(R) WiDi Software Asset Manager
Intel(R) Wireless Bluetooth(R)
Intel® PROSet/Wireless WiFi Software
Intel® RealSense™ Depth Camera Manager Beta (x64): dptf_com
Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com
Intel® RealSense™ Depth Camera Manager F200
Intel® RealSense™ Depth Camera Manager F200 Gold (x64): Intel® RealSense™ 3D camera ACPI driver
Intel® RealSense™ Depth Camera Manager F200 Gold (x64): Intel® RealSense™ 3D camera IO module
Intel® RealSense™ Depth Camera Manager F200 Gold (x64): Intel® RealSense™ 3D camera Source Provider
Intel® RealSense™ Depth Camera Manager F200 Gold (x64): Intel® RealSense™ 3D camera virtual driver
Intel® RealSense™ Depth Camera Manager F200 Gold (x64): Intel® RealSense™ Depth Camera Manager Service
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service
Intel® RealSense™ SDK 2014 Runtime
Intel® RealSense™ SDK 2014 Runtime (x64): Core
Intel® RealSense™ SDK 2014 Runtime (x64): Face Tracking
Intel® RealSense™ SDK 2014 Runtime (x64): Hand Tracking
Intel® RealSense™ SDK 2014 Runtime (x86): Core
Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking
Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking: Models
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking: Models
Intel® RealSense™ SDK 2014 Runtime (x86): User Notification Tool files and components
Intel® RealSense™ SDK Runtime
Intel® RealSense™ SDK Runtime Gold (x64): Core
Intel® RealSense™ SDK Runtime Gold (x64): Data Collector
Intel® RealSense™ SDK Runtime Gold (x64): Hand Tracking
Intel® RealSense™ SDK Runtime Gold (x86): Core
Intel® RealSense™ SDK Runtime Gold (x86): Data Collector
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models
Madagascar - Move It!
McAfee LiveSafe
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23019
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23019
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23019
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23019
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23019
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23019
Mozilla Firefox 45.0.1 (x86 en-US)
Mozilla Maintenance Service
Pluto TV version 0.1.7
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Unchecky v0.4.3
WebBar 4.7.5910.29102
.
==== Event Viewer Messages From Past Week ========
.
4/11/2016 4:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-L0TPQH2\robert SID (S-1-5-21-139420222-3172310208-2084142697-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795). This security permission can be modified using the Component Services administrative tool.
4/11/2016 11:04:57 AM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.
4/10/2016 8:30:29 AM, Error: Service Control Manager [7031] - The Sync Host_4b1ec service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/10/2016 8:30:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by robert at 18:10:05 on 2016-04-11
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.8052.5294 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenShotServ.exe
c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe
C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenSnapshot.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Users\robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Common Files\Intel\RSSDK\v4\bin\win32\notification_tool.exe
C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files\WebBar\4.7.5910.29102\wbmain.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = %11%\blank.htm
mStart Page = about:blank
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [OneDrive] "C:\Users\robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Chromium] "c:\users\robert\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
mRun: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
mRun: [Intel Privacy Notification Tool] "C:\Program Files (x86)\Common Files\Intel\RSSDK\v4\bin\win32\notification_tool.exe"
mRunOnce: [Ramopadusor] C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\robert\AppData\Local\6EBD7F~1\Tisoh.dat"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\PlutoTV.lnk - C:\Program Files (x86)\Pluto TV\PlutoTV.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALSE~1.LNK - C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 82.163.142.7 95.211.158.134
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{5fc94d55-a62f-4ac2-a475-9a3a89b9e248} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{5fc94d55-a62f-4ac2-a475-9a3a89b9e248} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{9792c3b8-13a0-4cb8-bb6c-893cf032b623} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{9792c3b8-13a0-4cb8-bb6c-893cf032b623} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{d888b4d4-a948-4905-a11d-69151b0f2f5b} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{d888b4d4-a948-4905-a11d-69151b0f2f5b} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{e000fd4d-3f25-4263-b37e-2c286c551a2d} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{e000fd4d-3f25-4263-b37e-2c286c551a2d} : DHCPNameServer = 82.163.142.7
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\rb83sbwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-7-24 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2015-6-11 846080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2015-6-11 245096]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 26680]
R2 ibtsiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2015-8-7 165104]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-3-19 373720]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2015-4-7 863448]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [2016-2-23 1696712]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
R2 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-6-11 419624]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-11-30 380896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2015-11-30 275368]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-3-23 902112]
R2 RealSenseDCM;Intel(R) RealSense(TM) Depth Camera Manager Service;C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [2015-10-15 3663512]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2015-11-30 389896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-3-19 316152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 TheScreenSnapshotService;The Screen Snapshot Service;C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenShotServ.exe [2015-12-7 153248]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2016-3-19 255928]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-8-13 3831712]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-2-13 245760]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2015-6-11 79248]
R3 clwvd6;@oem23.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 6.0 Service;C:\WINDOWS\System32\drivers\clwvd6.sys [2015-11-30 41704]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-8-7 259824]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-11-19 803080]
R3 IntelDFUACPI;Intel(R) DFU ACPI Service;C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [2015-10-15 36352]
R3 IXCamera;Intel(R) RealSense(TM) 3D Camera Virtual Driver;C:\WINDOWS\System32\drivers\RealSenseDCM.sys [2015-10-15 72704]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2015-6-11 351144]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2015-11-30 234192]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2015-6-11 496368]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2015-11-20 539496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 Netwtw02;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw02.sys [2016-3-19 6731520]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-11-30 302808]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-9-23 889584]
R3 S3XXx64;SCR3xx USB SmartCardReader64;C:\WINDOWS\System32\drivers\S3XXx64.sys [2015-2-17 73856]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2015-6-11 83096]
S2 0057231460041368mcinstcleanup;McAfee Application Installer Cleanup (0057231460041368);C:\WINDOWS\TEMP\005723~1.EXE -cleanup -nolog --> C:\WINDOWS\TEMP\005723~1.EXE -cleanup -nolog [?]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 wbsvc;WebBar Service (wbsvc);C:\Program Files\WebBar\wbsvc.exe [2016-3-19 28392]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\IntelCpHDCPSvc.exe [2016-3-19 623064]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-11-30 207208]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) WiDi SAM;Intel(R) WiDi Software Asset Manager;C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-6-24 19088]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 McAWFwk;McAfee Activation Service;C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [2015-11-30 338208]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2015-11-20 109480]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-8-13 268192]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-21 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-21 29696]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-11-30 453520]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-04-10 18:57:58 -------- d-----w- C:\ProgramData\2364e08d-6f65-0
2016-04-10 18:57:58 -------- d-----w- C:\ProgramData\2364e08d-50f5-1
2016-04-10 16:04:39 -------- d-----w- C:\Users\robert\AppData\Roaming\WildTangent
2016-04-10 16:04:27 658000 ----a-w- C:\ProgramData\uninstall267875.exe
2016-04-10 13:51:00 -------- d-----w- C:\ProgramData\2364e08d-74a5-1
2016-04-10 13:51:00 -------- d-----w- C:\ProgramData\2364e08d-14c1-0
2016-04-10 12:36:12 -------- d-----w- C:\ProgramData\abd7d654-3fe1-0
2016-04-10 07:51:00 -------- d-----w- C:\ProgramData\2364e08d-2b81-0
2016-04-10 01:55:16 -------- d-----w- C:\ProgramData\1190a997
2016-04-10 01:55:15 -------- d-----w- C:\ProgramData\{0b59d309-112c-1}
2016-04-10 01:55:15 -------- d-----w- C:\ProgramData\{06676c08-512c-0}
2016-03-28 09:46:03 -------- d--h--w- C:\Users\robert\AppData\Local\6ebd7f39291d6422
2016-03-26 20:19:01 -------- d-----w- C:\Program Files\Common Files\ActivIdentity
2016-03-26 20:19:01 -------- d-----w- C:\Program Files\ActivIdentity
2016-03-26 20:19:01 -------- d-----w- C:\Program Files (x86)\ActivIdentity
2016-03-26 20:10:46 -------- d-----w- C:\Users\robert\AppData\Roaming\Thinstall
2016-03-26 20:10:46 -------- d-----w- C:\Users\robert\AppData\Local\Thinstall
2016-03-23 09:16:18 -------- d-----w- C:\ProgramData\Intel Security
2016-03-23 09:15:49 -------- d-----w- C:\Program Files\Common Files\Intel Security
2016-03-23 08:42:51 -------- d-----w- C:\Users\robert\AppData\Roaming\DropboxOEM
2016-03-21 11:47:34 -------- dc----w- C:\WINDOWS\Panther
2016-03-21 11:45:42 -------- d-----w- C:\Windows.old
2016-03-21 09:45:14 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2016-03-21 09:09:03 -------- d-----w- C:\Users\robert\AppData\Local\Comms
2016-03-21 08:52:35 -------- d-----w- C:\Users\robert\AppData\Local\ActiveSync
2016-03-21 08:05:47 -------- d-sh--we C:\ProgramData\Documents
2016-03-21 07:50:49 -------- d-----w- C:\ProgramData\Package Cache
2016-03-21 07:50:45 -------- d---a-w- C:\Program Files\Common Files\Intel
2016-03-21 07:50:12 -------- d-----w- C:\WINDOWS\System32\SRSLabs
2016-03-21 07:50:09 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2016-03-21 07:50:09 -------- d-----w- C:\Program Files\Realtek
2016-03-21 07:50:08 -------- d-----w- C:\WINDOWS\SysWow64\sda
2016-03-21 07:50:02 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-03-21 07:50:02 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-21 07:50:01 99848 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2016-03-21 07:50:01 103944 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2016-03-21 07:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2016-03-20 01:54:16 -------- d-----w- C:\Program Files\Common Files\AV
2016-03-19 22:46:09 -------- d-----w- C:\Users\robert\AppData\Local\NetworkTiles
2016-03-19 21:59:11 -------- d-----w- C:\WINDOWS\System32\MRT
2016-03-19 19:50:14 -------- d-----w- C:\Users\robert\AppData\Local\PlutoTV
2016-03-19 19:49:50 -------- d---a-w- C:\Program Files (x86)\Pluto TV
2016-03-19 19:49:39 -------- d-----w- C:\Users\robert\AppData\Local\IsolatedStorage
2016-03-19 19:49:26 -------- dc-h--w- C:\ProgramData\~0
2016-03-19 19:49:10 -------- d-----w- C:\Program Files (x86)\ScreenSnapshotTool
2016-03-19 19:49:09 -------- d-----w- C:\Users\robert\AppData\Roaming\ScreenSnapshotTool
2016-03-19 19:47:21 -------- d-----w- C:\Users\robert\AppData\Local\Chromium
2016-03-19 19:46:54 -------- d-----w- C:\Users\robert\AppData\Roaming\UpdaterEX
2016-03-19 19:46:51 -------- d-----w- C:\Users\robert\AppData\Local\WebBar
2016-03-19 19:46:42 -------- d-----w- C:\Users\robert\AppData\Local\Google
2016-03-19 19:46:41 -------- d---a-w- C:\Program Files\WebBar
2016-03-19 19:46:37 -------- d-----w- C:\ProgramData\2364e08d-0593-0
2016-03-19 19:46:37 -------- d-----w- C:\ProgramData\2364e08d-02e1-1
2016-03-19 19:46:36 -------- d-----w- C:\Users\robert\AppData\Local\Programs
2016-03-19 19:46:34 -------- d-----w- C:\ProgramData\Unchecky
2016-03-19 19:46:32 -------- d---a-w- C:\Program Files (x86)\Unchecky
2016-03-19 19:46:24 -------- d-----w- C:\Users\robert\AppData\Local\{3F9E09C2-1B36-657A-76AE-409252C6BC0A}
2016-03-19 19:45:56 6731520 ----a-w- C:\WINDOWS\System32\drivers\Netwtw02.sys
2016-03-19 19:43:42 -------- d-----r- C:\Users\robert\OneDrive
2016-03-19 19:43:06 -------- d-----w- C:\Users\robert\AppData\Local\Intel RealSense
2016-03-19 19:43:04 -------- d-----w- C:\Users\robert\AppData\Local\HP_Inc
2016-03-19 19:43:04 -------- d-----w- C:\Users\robert\AppData\Local\Hewlett-Packard
2016-03-19 19:41:59 97976 ----a-w- C:\WINDOWS\System32\RTEEG64A.dll
2016-03-19 19:40:57 -------- d-----w- C:\Users\robert\AppData\Local\CyberLink
2016-03-19 19:40:56 -------- d-----w- C:\Users\robert\AppData\Local\DropboxOEM
2016-03-19 19:40:23 -------- d-----r- C:\Users\robert\Searches
2016-03-19 19:40:23 -------- d-----r- C:\Users\robert\Contacts
2016-03-19 19:40:01 -------- d-----w- C:\Users\robert\AppData\Local\VirtualStore
2016-03-19 19:40:00 -------- d-----w- C:\Users\robert\AppData\Local\Packages
.
==================== Find3M ====================
.
2016-03-21 11:39:55 56320 ----a-w- C:\WINDOWS\System32\admwprox.dll
2016-03-21 07:50:15 12493 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2016-03-19 19:42:05 176480 ----a-w- C:\WINDOWS\System32\SRSWOW64.dll
2016-03-19 19:41:59 704696 ----a-w- C:\WINDOWS\System32\RtDataProc64.dll
2016-03-19 19:39:50 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-L0TPQH2_defaultuser0_HistoryPrediction.bin
2016-03-19 19:39:05 2517496 ----a-w- C:\WINDOWS\System32\RealSenseF200Coinstaller_227975.dll
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-02-13 13:02:57 380416 ----a-w- C:\WINDOWS\System32\rdpclip.exe
2016-02-13 12:55:10 6359040 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2016-02-13 12:55:10 5739520 ----a-w- C:\WINDOWS\System32\prm0009.dll
2016-02-13 12:55:10 2629632 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2016-02-13 12:55:10 2629632 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2016-02-13 12:55:09 4847616 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2016-02-13 12:51:07 12288 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2016-02-13 12:51:06 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2016-02-13 12:51:06 7168 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2016-02-13 12:51:06 4096 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2016-02-13 12:51:06 3072 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-US\SensorsCx.dll.mui
2016-01-26 01:20:58 16148 ----a-w- C:\WINDOWS\System32\PGC30P2VLCI1P_Administrator_HistoryPrediction.bin
.
============= FINISH: 18:10:50.41 ===============
========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Mar 2017
Posts: 10181
Location: Yorkshire

PostPosted: Wed Apr 13, 2016 8:48 am    Post subject: Reply with quote

Duplicate post .... http://spywarewarrior.com/viewtopic.php?t=35438&highlight=

This topic is closed
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group