Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting ads on every web page


  • This topic is locked This topic is locked
3 replies to this topic

#1 siddheshk

siddheshk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 26 September 2016 - 11:24 AM

Dear Team,

 

My system is infected with Adwares. I am getting ads popup on every first click on webpages including google.com in all browsers (Chrome/Mozilla/Edge).

I tried uninstalling and reinstalling them all. I scanned system with AdwCleaner and HitmanPro. At first they identified and fixed few malwares and adwares but still ads are appearing on webpages.

 

Herewith attaching  pasting logs from DDS (Attachment getting IO error :-( ). Please check and help me to find out issues.

 

 

PS: I noticed that my hosts file was infected too. It was having all junk characters and file size of approx 400KB. I have fixed the inside content from microsoft site.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.14393.0
Run by USER at 21:23:58 on 2016-09-26
Microsoft Windows 10 Home  10.0.14393.0.1252.1.1033.18.8106.4195 [GMT 5.5:30]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\LenovoUtility\utility.exe
C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Softwares\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.25021.0_x64__8wekyb3d8bbwe\Music.UI.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11608.1001.49.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uLocal Page = %11%\blank.htm
uDefault_Page_URL = www.google.co.in
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 202.88.131.90 202.88.131.89
TCP: Interfaces\{6881c32d-a890-4f32-9372-36370829a5bb} : DHCPNameServer = 202.88.131.90 202.88.131.89
TCP: Interfaces\{8fd4ff7b-c5f1-4b76-a30a-a80350a0dd0a} : DHCPNameServer = 192.168.17.74 192.168.17.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
IFEO: 252525.exe - B-NPAV
IFEO: 505040.exe - B-NPAV
IFEO: 943978765865873.EXE - B-NPAV
IFEO: AADRIVE32.EXE - B-NPAV
IFEO: Adobe Gamma Loader.com - B-NPAV
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [LenovoUtility] "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-IFEO: 252525.exe - B-NPAV
x64-IFEO: 505040.exe - B-NPAV
x64-IFEO: 943978765865873.EXE - B-NPAV
x64-IFEO: AADRIVE32.EXE - B-NPAV
x64-IFEO: Adobe Gamma Loader.com - B-NPAV
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-7-25 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-5 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-9-25 35488]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-12-5 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-8-28 257024]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-9-25 470600]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-9-25 470600]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-9-25 144664]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-8-24 346928]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-9-25 78208]
R2 CCSDK;CCSDK;C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [2015-12-5 650680]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_1b8738;CDPUserSvc_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 GDCAgent;GDCAgent;C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [2015-12-5 1155512]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-7-23 18856]
R2 ibtsiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2015-6-10 150256]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-8-31 373760]
R2 ImControllerService;System Interface Foundation Service;C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2016-9-13 60752]
R2 OneSyncSvc_1b8738;Sync Host_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-8-28 7534864]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-7-16 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-6-12 3831200]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-6-15 42328]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-5 247296]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-6-10 255728]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-6-22 3776792]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 PimIndexMaintenanceSvc_1b8738;Contact Data_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-12-5 895256]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2016-6-10 3068160]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-29 33960]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_1b8738;User Data Storage_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_1b8738;User Data Access_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-9-25 989696]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-9-25 1454720]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MessagingService_1b8738;MessagingService_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-6-12 268192]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-7-10 3354384]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-12-5 419576]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-18 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 ShareItSvc;ShareItSvc;C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.Service.exe [2016-8-20 31704]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-5 77664]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe [2016-9-9 29696]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-7-16 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_1b8738;Windows Push Notifications User Service_1b8738;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2016-8-20 102376]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-5 43520]
S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2016-9-26 36568]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.7.11\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.7.11\bin\mysqld.exe wampmysqld64 [?]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2016-09-25 20:41:30	--------	d-----w-	C:\ProgramData\IObit
2016-09-25 20:41:30	--------	d-----w-	C:\Program Files (x86)\IObit
2016-09-25 07:51:09	--------	d-----w-	C:\Users\USER\AppData\Roaming\Avira
2016-09-25 07:49:24	78208	----a-w-	C:\WINDOWS\System32\drivers\avnetflt.sys
2016-09-25 07:49:24	35488	----a-w-	C:\WINDOWS\System32\drivers\avkmgr.sys
2016-09-25 07:49:24	144664	----a-w-	C:\WINDOWS\System32\drivers\avgntflt.sys
2016-09-25 07:37:37	12030488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66C11B0F-B298-4C74-B810-431DABE6AF2F}\mpengine.dll
2016-09-25 07:31:55	--------	d-----w-	C:\Program Files (x86)\Avira
2016-09-25 07:31:53	--------	d-----w-	C:\ProgramData\Avira
2016-09-25 07:26:13	29184	----a-w-	C:\WINDOWS\SysWow64\drivers\npavweb.sys
2016-09-24 18:13:06	--------	d-----w-	C:\AdwCleaner
2016-09-24 17:55:21	12030488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-09-24 17:25:32	54736	----a-w-	C:\WINDOWS\System32\drivers\HITMANPRO37.SYS.OSF
2016-09-24 14:07:34	57192	------w-	C:\WINDOWS\System32\drivers\NPPORT64.SYS
2016-09-19 20:00:58	--------	d-----w-	C:\ProgramData\HitmanPro
2016-09-19 09:09:45	--------	d-----w-	C:\WINDOWS\Microsoft Antimalware
2016-09-18 07:28:57	1388544	----a-w-	C:\WINDOWS\System32\Windows.UI.Cred.dll
2016-09-18 07:27:59	764936	----a-w-	C:\WINDOWS\System32\CoreMessaging.dll
2016-09-18 07:26:59	554496	----a-w-	C:\WINDOWS\SysWow64\StoreAgent.dll
2016-09-17 08:02:21	--------	d---a-w-	C:\Program Files\CCleaner
2016-09-14 14:21:04	1167568	------w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8AE40AD-935E-4E93-95D3-D56C8250C3D9}\gapaengine.dll
2016-09-13 13:24:04	--------	d-----w-	C:\Users\USER\AppData\Roaming\uTorrent
2016-09-13 12:44:14	257872	------w-	C:\WINDOWS\System32\iMDriverHelper.dll
2016-09-13 11:43:28	--------	d-----w-	C:\WINDOWS\AutoKMS
2016-09-12 16:14:47	--------	d-----w-	C:\Users\USER\AppData\Local\Google
2016-09-11 18:15:03	82944	----a-w-	C:\WINDOWS\System32\pthreadVC2.dll
2016-09-10 09:15:52	--------	d-----w-	C:\Users\USER\AppData\Local\Turbo_C__
2016-09-10 08:37:24	--------	d---a-w-	C:\TURBOC3
2016-09-08 09:15:04	--------	d-----w-	C:\temp
2016-09-05 17:10:14	--------	d-----w-	C:\WINDOWS\System32\MRT
2016-09-05 07:34:38	--------	d-----w-	C:\ProgramData\RestoreFile
2016-09-05 04:56:58	965120	----a-w-	C:\WINDOWS\System32\drivers\bthport.sys
2016-09-05 04:55:58	43520	----a-w-	C:\WINDOWS\System32\drivers\xinputhid.sys
2016-09-05 02:16:16	--------	dc----w-	C:\WINDOWS\Panther
2016-09-05 02:12:35	--------	d-----w-	C:\WINDOWS\System32\Microsoft
2016-09-05 02:09:59	778936	----a-w-	C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-09-05 02:09:59	35480	----a-w-	C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-09-05 02:09:59	103120	----a-w-	C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-09-05 02:09:53	35480	----a-w-	C:\WINDOWS\System32\TsWpfWrp.exe
2016-09-05 02:09:53	124624	----a-w-	C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-09-05 02:09:53	1166520	----a-w-	C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-09-05 02:09:33	199008	----a-w-	C:\WINDOWS\System32\drivers\wof.sys
2016-09-04 13:22:17	--------	d-----w-	C:\ProgramData\Microsoft OneDrive
2016-09-04 13:19:09	--------	d-----w-	C:\Users\USER\AppData\Local\ConnectedDevicesPlatform
2016-09-04 13:18:30	--------	d-----w-	C:\ProgramData\USOShared
2016-09-04 13:18:14	--------	d-sh--we	C:\ProgramData\Documents
2016-09-04 13:06:52	--------	d-----w-	C:\WINDOWS\System32\wbem\Performance
2016-09-04 13:04:48	--------	d-----w-	C:\WINDOWS\System32\wbem\MOF\good
2016-09-04 13:04:48	--------	d-----w-	C:\WINDOWS\System32\wbem\MOF\bad
2016-09-04 12:51:58	--------	d-----w-	C:\WINDOWS\System32\DAX2
2016-09-04 12:51:53	--------	d-----w-	C:\WINDOWS\SysWow64\RTCOM
2016-09-04 12:51:53	--------	d-----w-	C:\Program Files\Realtek
2016-09-04 12:51:42	2716672	------w-	C:\WINDOWS\SysWow64\PrintConfig.dll
2016-09-04 12:51:38	--------	d-----w-	C:\Program Files\AMD
2016-09-04 12:51:09	--------	d-----w-	C:\Program Files\Synaptics
2016-09-04 12:51:07	200	----a-w-	C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-09-04 12:51:07	180	----a-w-	C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-04 12:51:00	0	----a-w-	C:\WINDOWS\System32\GfxValDisplayLog.bin
2016-09-04 12:50:35	--------	d-----w-	C:\Program Files (x86)\Common Files\Intel
2016-09-04 12:49:30	--------	d-----w-	C:\WINDOWS\System32\wbem\MOF
2016-09-04 12:48:46	--------	d-----w-	C:\WINDOWS\System32\SleepStudy
2016-09-04 12:48:46	--------	d-----w-	C:\WINDOWS\ServiceProfiles
2016-09-04 08:13:44	--------	d-----w-	C:\Users\USER\AppData\Local\Profiles
2016-09-04 08:13:18	--------	d-----w-	C:\ProgramData\Avg
2016-09-04 08:13:17	--------	d-----w-	C:\ProgramData\AVAST Software
2016-09-04 08:12:03	--------	d-----w-	C:\Users\USER\AppData\Roaming\Profiles
2016-09-04 07:56:04	--------	d-----w-	C:\Users\USER\AppData\Local\TeknoGods_TotalKillaz.eu
2016-09-03 13:05:06	--------	d--h--w-	C:\$GetCurrent
2016-09-02 18:37:54	--------	d-----w-	C:\Users\USER\AppData\Local\AMD
2016-09-02 05:55:17	--------	d-----w-	C:\Windows10Upgrade
2016-08-31 17:39:37	--------	d-----w-	C:\WINDOWS\UpdateAssistant
2016-08-31 17:27:59	373760	----a-w-	C:\WINDOWS\System32\igfxCUIService.exe
2016-08-30 12:21:06	3767504	----a-w-	C:\WINDOWS\System32\d3dx9_26.dll
2016-08-30 12:21:06	2297552	------w-	C:\WINDOWS\SysWow64\d3dx9_26.dll
2016-08-28 16:50:14	--------	d-----w-	C:\Users\USER\AppData\Roaming\TeamViewer
2016-08-28 16:50:04	--------	d---a-w-	C:\Program Files (x86)\TeamViewer
2016-08-28 08:35:47	--------	d-----w-	C:\Users\USER\AppData\Local\Diagnostics
2016-08-28 08:27:59	22327320	------w-	C:\WINDOWS\SysWow64\amdocl12cl.dll
2016-08-28 08:27:57	39721496	------w-	C:\WINDOWS\SysWow64\amdocl.dll
2016-08-28 08:27:56	60936	----a-w-	C:\WINDOWS\System32\amdmmcl6.dll
2016-08-28 08:27:56	49672	------w-	C:\WINDOWS\SysWow64\amdmmcl.dll
2016-08-28 08:27:56	472872	----a-w-	C:\WINDOWS\System32\amdmiracast.dll
2016-08-28 08:27:50	153496	----a-w-	C:\WINDOWS\System32\amdhcp64.dll
2016-08-28 08:27:50	144904	----a-w-	C:\WINDOWS\System32\amdhdl64.dll
2016-08-28 08:27:50	133632	------w-	C:\WINDOWS\SysWow64\amdhdl32.dll
2016-08-28 08:27:49	138416	------w-	C:\WINDOWS\SysWow64\amdhcp32.dll
2016-08-28 08:27:47	117640	----a-w-	C:\WINDOWS\System32\amdave64.dll
2016-08-28 08:27:47	111872	------w-	C:\WINDOWS\SysWow64\amdave32.dll
2016-08-28 07:31:59	69715	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2016-08-28 07:31:59	5632	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2016-08-28 07:31:59	32768	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2016-08-28 07:31:59	274432	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2016-08-28 07:31:59	180224	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2016-08-28 07:31:58	749568	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2016-08-28 07:31:49	323716	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2016-08-28 07:31:49	192644	------w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2016-08-28 07:09:50	--------	d-----w-	C:\Users\USER\AppData\Roaming\PowerISO
2016-08-28 07:07:52	137280	----a-w-	C:\WINDOWS\System32\drivers\scdemu.sys
2016-08-28 07:07:52	--------	d---a-w-	C:\Program Files\PowerISO
.
==================== Find3M  ====================
.
2016-09-07 16:32:38	828408	------w-	C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-09-07 16:32:38	176632	------w-	C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-09-07 06:10:15	484584	----a-w-	C:\WINDOWS\SysWow64\AudioSes.dll
2016-09-07 05:55:48	279904	----a-w-	C:\WINDOWS\System32\drivers\sdbus.sys
2016-09-07 05:54:50	885824	----a-w-	C:\WINDOWS\System32\winresume.exe
2016-09-07 05:54:50	1046976	----a-w-	C:\WINDOWS\System32\winresume.efi
2016-09-07 05:54:48	133472	----a-w-	C:\WINDOWS\System32\drivers\ksecdd.sys
2016-09-07 05:54:22	590952	----a-w-	C:\WINDOWS\System32\AudioSes.dll
2016-09-07 05:53:54	2481768	----a-w-	C:\WINDOWS\System32\msmpeg2vdec.dll
2016-09-07 05:53:51	2183792	----a-w-	C:\WINDOWS\System32\hevcdecoder.dll
2016-09-07 05:51:50	2214784	----a-w-	C:\WINDOWS\System32\KernelBase.dll
2016-09-07 05:51:29	1349120	----a-w-	C:\WINDOWS\System32\winload.efi
2016-09-07 05:51:29	1163696	----a-w-	C:\WINDOWS\System32\winload.exe
2016-09-07 05:50:33	773200	----a-w-	C:\WINDOWS\System32\oleaut32.dll
2016-09-07 05:50:32	7813472	----a-w-	C:\WINDOWS\System32\ntoskrnl.exe
2016-09-07 05:49:37	552288	----a-w-	C:\WINDOWS\System32\devinv.dll
2016-09-07 05:48:42	2256224	----a-w-	C:\WINDOWS\System32\drivers\ntfs.sys
2016-09-07 05:48:35	379744	----a-w-	C:\WINDOWS\System32\drivers\Classpnp.sys
2016-09-07 05:46:07	423776	----a-w-	C:\WINDOWS\System32\wifitask.exe
2016-09-07 05:44:57	5622600	----a-w-	C:\WINDOWS\System32\sppsvc.exe
2016-09-07 05:44:49	2681200	----a-w-	C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-07 05:44:43	2049480	----a-w-	C:\WINDOWS\System32\wmpmde.dll
2016-09-07 05:41:42	172528	----a-w-	C:\WINDOWS\System32\sspicli.dll
2016-09-07 05:41:34	303968	----a-w-	C:\WINDOWS\System32\invagent.dll
2016-09-07 05:39:48	1217880	----a-w-	C:\WINDOWS\System32\aeinv.dll
2016-09-07 05:39:33	996192	----a-w-	C:\WINDOWS\System32\SecConfig.efi
2016-09-07 05:37:33	1966288	----a-w-	C:\WINDOWS\SysWow64\hevcdecoder.dll
2016-09-07 05:36:47	187232	----a-w-	C:\WINDOWS\System32\drivers\dumpsd.sys
2016-09-07 05:36:21	405344	----a-w-	C:\WINDOWS\System32\msv1_0.dll
2016-09-07 05:34:55	360040	----a-w-	C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2016-09-07 05:34:35	658272	----a-w-	C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-09-07 05:34:27	1738040	----a-w-	C:\WINDOWS\System32\WindowsCodecs.dll
2016-09-07 05:34:26	178528	----a-w-	C:\WINDOWS\System32\CloudExperienceHostUser.dll
2016-09-07 05:34:22	1859264	----a-w-	C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2016-09-07 05:34:10	7219672	----a-w-	C:\WINDOWS\System32\windows.storage.dll
2016-09-07 05:34:06	857440	----a-w-	C:\WINDOWS\System32\WWAHost.exe
2016-09-07 05:34:06	1280352	----a-w-	C:\WINDOWS\System32\LicenseManager.dll
2016-09-07 05:34:05	584544	----a-w-	C:\WINDOWS\System32\SettingSyncHost.exe
2016-09-07 05:33:15	681304	----a-w-	C:\WINDOWS\System32\drivers\ClipSp.sys
2016-09-07 05:33:13	450392	----a-w-	C:\WINDOWS\System32\drivers\mrxsmb.sys
2016-09-07 05:33:04	2446696	----a-w-	C:\WINDOWS\System32\msxml6.dll
2016-09-07 05:33:04	224096	----a-w-	C:\WINDOWS\System32\drivers\mrxsmb20.sys
2016-09-07 05:32:44	1099616	----a-w-	C:\WINDOWS\System32\hvix64.exe
2016-09-07 05:32:42	807776	----a-w-	C:\WINDOWS\System32\hvloader.exe
2016-09-07 05:32:40	1267504	----a-w-	C:\WINDOWS\System32\WinTypes.dll
2016-09-07 05:32:39	988000	----a-w-	C:\WINDOWS\System32\hvax64.exe
2016-09-07 05:32:38	942432	----a-w-	C:\WINDOWS\System32\hvloader.efi
2016-09-07 05:32:37	2913104	----a-w-	C:\WINDOWS\System32\combase.dll
2016-09-07 05:32:34	2206496	----a-w-	C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2016-09-07 05:30:48	92512	----a-w-	C:\WINDOWS\System32\rdpudd.dll
2016-09-07 05:30:41	601200	----a-w-	C:\WINDOWS\SysWow64\oleaut32.dll
2016-09-07 05:30:38	1707512	----a-w-	C:\WINDOWS\SysWow64\KernelBase.dll
2016-09-07 05:27:23	2048496	----a-w-	C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-09-07 05:27:21	1362504	----a-w-	C:\WINDOWS\SysWow64\wmpmde.dll
2016-09-07 05:25:28	1418304	----a-w-	C:\WINDOWS\System32\msctf.dll
2016-09-07 05:24:44	587968	----a-w-	C:\WINDOWS\System32\generaltel.dll
2016-09-07 05:24:38	50880	----a-w-	C:\WINDOWS\System32\CompatTelRunner.exe
2016-09-07 05:24:38	2537824	----a-w-	C:\WINDOWS\System32\drivers\tcpip.sys
2016-09-07 05:24:38	1469120	----a-w-	C:\WINDOWS\System32\appraiser.dll
2016-09-07 05:24:28	57400	----a-w-	C:\WINDOWS\System32\lsass.exe
2016-09-07 05:20:35	340832	----a-w-	C:\WINDOWS\SysWow64\msv1_0.dll
2016-09-07 05:18:20	1503032	----a-w-	C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-09-07 05:18:06	1430208	----a-w-	C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2016-09-07 05:17:55	782176	----a-w-	C:\WINDOWS\SysWow64\WWAHost.exe
2016-09-07 05:17:55	5721808	----a-w-	C:\WINDOWS\SysWow64\windows.storage.dll
2016-09-07 05:17:53	509792	----a-w-	C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-09-07 05:17:49	853344	----a-w-	C:\WINDOWS\SysWow64\LicenseManager.dll
2016-09-07 05:16:26	1980768	----a-w-	C:\WINDOWS\SysWow64\msxml6.dll
2016-09-07 05:15:57	846560	----a-w-	C:\WINDOWS\SysWow64\WinTypes.dll
2016-09-07 05:15:51	2166232	----a-w-	C:\WINDOWS\SysWow64\combase.dll
2016-09-07 05:13:45	6653592	----a-w-	C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-09-07 05:13:43	3893376	----a-w-	C:\WINDOWS\SysWow64\mfcore.dll
2016-09-07 05:13:34	1853232	----a-w-	C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-09-07 05:13:34	1123360	----a-w-	C:\WINDOWS\SysWow64\mfplat.dll
2016-09-07 05:13:33	640976	----a-w-	C:\WINDOWS\SysWow64\evr.dll
2016-09-07 05:13:32	529928	----a-w-	C:\WINDOWS\SysWow64\mf.dll
2016-09-07 05:13:32	1557296	----a-w-	C:\WINDOWS\SysWow64\winmde.dll
2016-09-07 05:13:30	1360456	----a-w-	C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-09-07 05:13:29	980824	----a-w-	C:\WINDOWS\SysWow64\mfnetcore.dll
2016-09-07 05:13:29	955520	----a-w-	C:\WINDOWS\SysWow64\mfsvr.dll
2016-09-07 05:13:03	959104	----a-w-	C:\WINDOWS\SysWow64\ole32.dll
2016-09-07 05:12:45	321792	----a-w-	C:\WINDOWS\SysWow64\LockAppHost.exe
2016-09-07 05:09:08	1264912	----a-w-	C:\WINDOWS\SysWow64\msctf.dll
2016-09-07 05:08:42	7220224	----a-w-	C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-09-07 05:07:56	117240	----a-w-	C:\WINDOWS\SysWow64\sspicli.dll
2016-09-07 05:04:46	22566400	----a-w-	C:\WINDOWS\System32\edgehtml.dll
2016-09-07 05:04:24	9216	----a-w-	C:\WINDOWS\System32\Microsoft-Windows-MosHost.dll
2016-09-07 05:04:06	5684736	----a-w-	C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2016-09-07 05:03:57	409088	----a-w-	C:\WINDOWS\System32\MosResource.dll
2016-09-07 05:03:53	9728	----a-w-	C:\WINDOWS\System32\Microsoft-Windows-MosTrace.dll
2016-09-07 05:03:37	95232	----a-w-	C:\WINDOWS\System32\MapsCSP.dll
2016-09-07 05:03:37	1631232	----a-w-	C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll
2016-09-07 05:03:22	110080	----a-w-	C:\WINDOWS\System32\Microsoft-Windows-MapControls.dll
2016-09-07 05:03:09	8192	----a-w-	C:\WINDOWS\System32\UserDataAccessRes.dll
2016-09-07 05:02:59	2560	----a-w-	C:\WINDOWS\System32\PhoneServiceRes.dll
2016-09-07 05:02:58	23552	----a-w-	C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-09-07 05:02:51	118784	----a-w-	C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-09-07 05:02:49	2560	----a-w-	C:\WINDOWS\System32\PhoneutilRes.dll
2016-09-07 05:02:48	25088	----a-w-	C:\WINDOWS\System32\nativemap.dll
2016-09-07 05:02:47	2560	----a-w-	C:\WINDOWS\System32\tzres.dll
.
============= FINISH: 21:25:48.34 ===============



BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:41 PM

Posted 27 September 2016 - 03:24 AM

Hi, siddheshk! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

Farbar Recovery Scan Tool
 
First, let's have you run a scan with FRST. It's a lot like DDS, but we can use its log results to start cleaning with the same tool.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. If you are using Windows 8 or above, Windows will most likely attempt to block the program from running; if this occurs, click More info and then Run anyway. Once it opens, accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and Addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:41 PM

Posted 30 September 2016 - 05:07 AM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:41 PM

Posted 02 October 2016 - 08:17 AM

This topic is now locked due to the lack of feedback.

If you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users