Chrome and Firefox not loading

[woodson]

I have a PC I'm trying to help someone with where both Chrome and Firefox open, but pages won't load. Chrome doesn't load anything at all (pages, settings, bookmarks etc), whilst in Firefox I can access settings etc, but pages won't load (just sits on the loading symbol). Other browsers on the PC work fine.

I've tried:

Un-installing and re-installing both browsers
Running Malware Bytes, Junkware Removal, ADW Cleaner, CCleaner
Removing the user profile for both browsers

Funny thing is, they are both fine in Safe mode - I removed a couple of extensions from Chrome in safe mode (two Norton extensions and some janky "Mapsgalaxy" one), and also noted the "start Chrome on a specific page" setting was linking to some random search page, so I fixed that too. Then logged back in normally, still no luck.

Could it be that even after uninstalling the browser, there's still some stuff hanging around in the app data folder, that I need to remove?

Any help would be very much appreciated!

[GuiltySpark]

Download and run DDS attach both log files to next post.

[woodson]

(04-11-2017, 10:07 PM)GuiltySpark Wrote:  Download and run DDS attach both log files to next post.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.14393.953
Run by David or Heather at 10:12:01 on 2017-04-12
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.3510.1446 [GMT 12:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton 360 Premier *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Norton 360\Engine\22.9.1.12\N360.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton 360\Engine\22.9.1.12\N360.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\vVX1000.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Users\David or Heather\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\David or Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\David or Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\SkypeHost.ex​e
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_230d5c666974907c\TiWorker.e​xe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
.
============== Pseudo HJT Report ===============
.
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\22.9.1.12\coieplg.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\22.9.1.12\coieplg.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\22.9.1.12\coieplg.dll
uRun: [EPSON TX120 NX120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiggp.exe /fu "c:\windows\temp\E_SB3D7.tmp" /EF "HKCU"
uRun: [Dropbox Update] "c:\users\david or heather\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [OneDrive] "c:\users\david or heather\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [iCloudServices] "c:\program files\common files\apple\internet services\iCloudServices.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\davido~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dro​pbox.lnk - c:\users\david or heather\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office\office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{80b18a61-5a0f-48c4-94b2-34594c17e4c8} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = wvauth msv1_0
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\57.0.2987.133\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david or heather\appdata\roaming\mozilla\firefox\profiles\y8dfymtj.default-1491887149008\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.nz/
FF - plugin: c:\progra~1\micros~3\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50905.0\npctrlui.dll
FF - plugin: c:\program files\sony\readerdesktop\npreaderdetectmoz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\david or heather\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_25_0_0_127.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSM.dll
FF - plugin: c:\windows\system32\NPSMDesktopProvider.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorAV;Intel® SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2016-7-16 524640]
R0 intelpep;Intel® Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2016-7-16 42520]
R0 iorate;iorate;c:\windows\system32\drivers\iorate.sys [2016-11-9 42336]
R0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\n360\1609010.00c\symefasi.sys [2017-3-29 1348256]
R0 volume;Volume driver;c:\windows\system32\drivers\volume.sys [2016-7-16 14176]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;c:\windows\system32\drivers\WindowsTrustedRT.sys [2016-7-16 86040]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;c:\windows\system32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 15384]
R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2016-10-3 173408]
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-10-29 188928]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\22.5.0.124\definitions\bashdefs\20170410.001\BHDrvx86.sys [2017-4-12 1334424]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1609010.00c\ccsetx86.sys [2017-3-29 137888]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-1-28 59904]
R1 FileCrypt;FileCrypt;c:\windows\system32\drivers\filecrypt.sys [2016-7-16 77312]
R1 GpuEnergyDrv;GPU Energy Driver;c:\windows\system32\drivers\gpuenergydrv.sys [2016-7-16 7680]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\22.5.0.124\definitions\ipsdefs\20170408.002\IDSvix86.sys [2017-4-9 798928]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1609010.00c\ironx86.sys [2017-3-29 232600]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1609010.00c\symnets.sys [2017-3-29 423640]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 CDPSvc;Connected Devices Platform Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
R2 CDPUserSvc_359ac;CDPUserSvc_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
R2 clreg;Virtual Registry for Containers;c:\windows\system32\drivers\registry.sys [2016-7-16 58368]
R2 CoreMessagingRegistrar;CoreMessaging;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 38792]
R2 DiagTrack;Connected User Experiences and Telemetry;c:\windows\system32\svchost.exe -k utcsvc [2016-7-16 38792]
R2 DoSvc;Delivery Optimization;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-5-14 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-5-14 121856]
R2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [2017-1-28 161216]
R2 MBAMService;Malwarebytes Service;c:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-1-28 3303888]
R2 N360;Norton 360;c:\program files\norton 360\engine\22.9.1.12\n360.exe [2017-3-29 288512]
R2 OneSyncSvc_359ac;Sync Host_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
R2 storqosflt;Storage QoS Filter Driver;c:\windows\system32\drivers\storqosflt.sys [2016-7-16 62976]
R2 tiledatamodelsvc;Tile Data model server;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R2 UserManager;User Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R2 wcifs;Windows Container Isolation;c:\windows\system32\drivers\wcifs.sys [2016-10-3 95072]
R2 wcnfs;Windows Container Name Virtualization;c:\windows\system32\drivers\wcnfs.sys [2016-7-16 52736]
R2 WpnService;Windows Push Notifications System Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\drivers\e1k6332.sys [2013-2-20 407400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2017-1-28 124576]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-1 246272]
R3 lfsvc;Geolocation Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R3 LicenseManager;Windows License Manager Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-1-28 96704]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-1-28 39360]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 220088]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-1-28 73664]
R3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2016-7-16 15872]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2014-3-31 25328]
R3 SmsRouter;Microsoft Windows SMS Router Service.;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
R3 StateRepository;State Repository Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R3 TimeBrokerSvc;Time Broker;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
R3 UsoSvc;Update Orchestrator Service for Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\n360\1609010.00c\symelam.sys [2017-3-29 20520]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 MapsBroker;Downloaded Maps Manager;c:\windows\system32\svchost.exe -k NetworkService [2016-7-16 38792]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AcpiDev;ACPI Devices driver;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
S3 AJRouter;AllJoyn Router Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 applockerfltr;Smartlocker Filter Driver;c:\windows\system32\drivers\applockerfltr.sys [2016-7-16 12288]
S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2016-7-16 38792]
S3 AppvStrm;AppvStrm;c:\windows\system32\drivers\AppVStrm.sys [2016-10-3 94560]
S3 AppvVemgr;AppvVemgr;c:\windows\system32\drivers\AppvVemgr.sys [2016-7-16 118112]
S3 AppvVfs;AppvVfs;c:\windows\system32\drivers\AppvVfs.sys [2016-7-16 111456]
S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 bcmfn;bcmfn Service;c:\windows\system32\drivers\bcmfn.sys [2016-7-16 8192]
S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2016-7-16 8192]
S3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 38792]
S3 buttonconverter;Service for Portable Device Control devices;c:\windows\system32\drivers\buttonconverter.sys [2016-7-16 27648]
S3 CapImg;HID driver for CapImg touch screen;c:\windows\system32\drivers\capimg.sys [2016-10-29 97792]
S3 ClipSVC;Client License Service (ClipSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 DcpSvc;DataCollectionPublishingService;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DevQueryBroker;DevQuery Background Discovery Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;c:\windows\system32\diagsvcs\DiagnosticsHub.StandardCollector.Service.ex​e [2016-7-16 69632]
S3 DmEnrollmentSvc;Device Management Enrollment Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 dmwappushservice;dmwappushsvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DsSvc;Data Sharing Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 embeddedmode;Embedded Mode;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 EntAppSvc;Enterprise App Management Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 FrameServer;Windows Camera Frame Server;c:\windows\system32\svchost.exe -k Camera [2016-7-16 38792]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-9-19 49088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 genericusbfn;Generic USB Function Class;c:\windows\system32\drivers\genericusbfn.sys [2016-7-16 17920]
S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2016-7-16 22016]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;c:\windows\system32\drivers\hidinterrupt.sys [2016-7-16 38240]
S3 iagpio;Intel Serial IO GPIO Controller Driver;c:\windows\system32\drivers\iagpio.sys [2016-7-16 25600]
S3 iai2c;Intel® Serial IO I2C Host Controller;c:\windows\system32\drivers\iai2c.sys [2016-7-16 66560]
S3 iaioi2c;Intel® Atom™ Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2016-7-16 61936]
S3 icssvc;Windows Mobile Hotspot Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-1 132480]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;c:\windows\system32\drivers\IndirectKmd.sys [2016-7-16 30208]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-3-30 21504]
S3 LSI_SAS2i;LSI_SAS2i;c:\windows\system32\drivers\lsi_sas2i.sys [2016-7-16 89952]
S3 LSI_SAS3i;LSI_SAS3i;c:\windows\system32\drivers\lsi_sas3i.sys [2016-7-16 85856]
S3 megasas2i;megasas2i;c:\windows\system32\drivers\MegaSas2i.sys [2016-10-14 56672]
S3 MessagingService_359ac;MessagingService_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;c:\windows\system32\drivers\mssecflt.sys [2016-7-16 159584]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;c:\windows\system32\drivers\NetAdapterCx.sys [2016-7-16 62976]
S3 NetSetupSvc;Network Setup Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 NgcCtnrSvc;Microsoft Passport Container;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 NgcSvc;Microsoft Passport;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 percsas2i;percsas2i;c:\windows\system32\drivers\percsas2i.sys [2016-7-16 51552]
S3 percsas3i;percsas3i;c:\windows\system32\drivers\percsas3i.sys [2016-7-16 54624]
S3 PhoneSvc;Phone Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 PimIndexMaintenanceSvc_359ac;Contact Data_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 RetailDemo;Retail Demo Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 Sense;Windows Defender Advanced Threat Protection Service;c:\program files\windows defender advanced threat protection\MsSense.exe [2016-10-3 1887272]
S3 SensorDataService;Sensor Data Service;c:\windows\system32\SensorDataService.exe [2017-3-16 894976]
S3 SensorService;Sensor Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2016-7-16 117600]
S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2016-7-16 38792]
S3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2016-7-16 66912]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;c:\windows\system32\drivers\storufs.sys [2016-7-16 26976]
S3 TieringEngineService;Storage Tiers Management;c:\windows\system32\TieringEngineService.exe [2016-7-16 253440]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;c:\windows\system32\drivers\UcmCx.sys [2016-7-16 68608]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;c:\windows\system32\drivers\UcmTcpciCx.sys [2016-7-16 76800]
S3 UcmUcsi;USB Connector Manager UCSI Client;c:\windows\system32\drivers\UcmUcsi.sys [2016-7-16 35840]
S3 UdeCx;USB Device Emulation Support Library;c:\windows\system32\drivers\Udecx.sys [2016-7-16 33280]
S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2016-7-16 23392]
S3 Ufx01000;USB Function Class Extension;c:\windows\system32\drivers\ufx01000.sys [2016-7-16 205152]
S3 UfxChipidea;USB Chipidea Controller;c:\windows\system32\drivers\UfxChipidea.sys [2016-7-16 75616]
S3 ufxsynopsys;USB Synopsys Controller;c:\windows\system32\drivers\ufxsynopsys.sys [2016-7-16 107360]
S3 UnistoreSvc_359ac;User Data Storage_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;c:\windows\system32\drivers\urschipidea.sys [2016-7-16 22880]
S3 UrsCx01000;USB Role-Switch Support Library;c:\windows\system32\drivers\urscx01000.sys [2016-7-16 42336]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;c:\windows\system32\drivers\urssynopsys.sys [2016-7-16 21856]
S3 UserDataSvc_359ac;User Data Access_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 vhf;Virtual HID Framework (VHF) Driver;c:\windows\system32\drivers\vhf.sys [2016-7-16 24064]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;c:\windows\system32\drivers\vmgid.sys [2016-7-16 8704]
S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 w3logsvc;W3C Logging Service;c:\windows\system32\svchost.exe -k apphost [2016-7-16 38792]
S3 WalletService;WalletService;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 wdiwifi;WDI Driver Framework;c:\windows\system32\drivers\WdiWiFi.sys [2017-3-16 518656]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2016-7-16 100192]
S3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2016-7-16 271496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2016-7-16 38792]
S3 wisvc;Windows Insider Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 WpnUserService_359ac;Windows Push Notifications User Service_359ac;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 XblAuthManager;Xbox Live Auth Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 XblGameSave;Xbox Live Game Save;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\drivers\xboxgip.sys [2017-3-16 216576]
S3 XboxNetApiSvc;XboxNetApiSvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xinputhid;XINPUT HID Filter Driver;c:\windows\system32\drivers\xinputhid.sys [2016-10-3 34304]
S4 AppVClient;Microsoft App-V Client;c:\windows\system32\AppVClient.exe [2017-1-11 615264]
S4 shpamsvc;Shared PC Account Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S4 tzautoupdate;Auto Time Zone Updater;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S4 UevAgentDriver;UevAgentDriver;c:\windows\system32\drivers\UevAgentDriver.sys [2016-7-16 36192]
S4 UevAgentService;User Experience Virtualization Service;c:\windows\system32\AgentService.exe [2016-7-16 858624]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-04-11 04:22:52 -------- d-----w- C:\AdwCleaner
2017-03-29 02:13:48 423640 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\symnets.sys
2017-03-29 02:13:48 20520 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\symelam.sys
2017-03-29 02:13:47 624288 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\srtsp.sys
2017-03-29 02:13:47 41112 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\srtspx.sys
2017-03-29 02:13:47 1348256 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\symefasi.sys
2017-03-29 02:13:46 232600 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\ironx86.sys
2017-03-29 02:13:46 137888 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\ccsetx86.sys
2017-03-29 02:12:19 492714 ----a-w- c:\windows\system32\drivers\n360\1609010.00c\symvtcer.dat
2017-03-29 02:12:19 -------- d-----w- c:\windows\system32\drivers\n360\1609010.00C
2017-03-16 03:08:59 90624 ----a-w- c:\windows\system32\olepro32.dll
2017-03-16 03:07:59 506368 ----a-w- c:\windows\system32\bcastdvr.exe
.
==================== Find3M ====================
.
2017-04-11 21:40:55 96704 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-04-11 21:40:52 73664 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-04-11 21:40:41 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-04-11 21:40:32 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-03 01:31:05 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-03-31 03:33:44 161216 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-03-10 05:17:56 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-10 05:17:56 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-09 02:15:02 89296 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2017-03-04 07:57:44 980320 ----a-w- c:\windows\system32\aeinv.dll
2017-03-04 07:57:44 73056 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-03-04 07:57:44 513888 ----a-w- c:\windows\system32\generaltel.dll
2017-03-04 07:57:44 450912 ----a-w- c:\windows\system32\devinv.dll
2017-03-04 07:57:44 279392 ----a-w- c:\windows\system32\invagent.dll
2017-03-04 07:57:44 192352 ----a-w- c:\windows\system32\aepic.dll
2017-03-04 07:57:44 1339744 ----a-w- c:\windows\system32\appraiser.dll
2017-03-04 07:57:44 113504 ----a-w- c:\windows\system32\acmigration.dll
2017-03-04 07:57:43 315744 ----a-w- c:\windows\system32\atmfd.dll
2017-03-04 07:57:40 484584 ----a-w- c:\windows\system32\AudioSes.dll
2017-03-04 07:57:36 31584 ----a-w- c:\windows\system32\DeviceCensus.exe
2017-03-04 07:57:36 229720 ----a-w- c:\windows\system32\dcntel.dll
2017-03-04 07:46:26 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
2017-03-04 07:44:57 1470816 ----a-w- c:\windows\system32\AppVEntSubsystems32.dll
2017-03-04 07:44:52 685440 ----a-w- c:\windows\system32\Windows.Internal.Shell.Broker.dll
2017-03-04 07:41:26 78176 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2017-03-04 07:40:53 965472 ----a-w- c:\windows\system32\ReAgent.dll
2017-03-04 07:09:54 320144 ----a-w- c:\windows\system32\systemreset.exe
2017-03-04 07:09:47 890984 ----a-w- c:\windows\system32\winresume.efi
2017-03-04 07:09:47 783552 ----a-w- c:\windows\system32\winresume.exe
2017-03-04 07:09:41 92000 ----a-w- c:\windows\system32\drivers\pdc.sys
2017-03-04 07:09:28 1969912 ----a-w- c:\windows\system32\hevcdecoder.dll
2017-03-04 07:09:27 2206496 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2017-03-04 07:08:10 36704 ----a-w- c:\windows\system32\SysResetErr.exe
2017-03-04 07:08:10 1725136 ----a-w- c:\windows\system32\KernelBase.dll
2017-03-04 07:08:02 5999968 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-03-04 07:07:54 945760 ----a-w- c:\windows\system32\winload.exe
2017-03-04 07:07:52 1073816 ----a-w- c:\windows\system32\winload.efi
2017-03-04 07:06:28 1956704 ----a-w- c:\windows\system32\drivers\ntfs.sys
2017-03-04 07:06:18 106336 ----a-w- c:\windows\system32\drivers\partmgr.sys
2017-03-04 07:06:16 341336 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2017-03-04 07:04:33 2048496 ----a-w- c:\windows\system32\CoreUIComponents.dll
2017-03-04 07:04:24 1362512 ----a-w- c:\windows\system32\wmpmde.dll
2017-03-04 07:03:02 583136 ----a-w- c:\windows\system32\CoreMessaging.dll
2017-03-04 07:02:43 950112 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-03-04 07:02:34 95584 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-03-04 07:02:09 66560 ----a-w- c:\windows\system32\drivers\en-us\ndis.sys.mui
2017-03-04 06:59:36 55136 ----a-w- c:\windows\system32\drivers\dam.sys
2017-03-04 06:59:29 274272 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-03-04 06:59:17 869728 ----a-w- c:\windows\system32\SecConfig.efi
2017-03-04 06:57:53 581672 ----a-w- c:\windows\system32\ci.dll
2017-03-04 06:56:04 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
2017-03-04 06:56:03 248992 ----a-w- c:\windows\system32\policymanager.dll
2017-03-04 06:54:24 290272 ----a-w- c:\windows\system32\SystemSettingsAdminFlows.exe
2017-03-04 06:54:12 2277288 ----a-w- c:\windows\system32\d3d11.dll
2017-03-04 06:54:09 1897824 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-03-04 06:54:03 524776 ----a-w- c:\windows\system32\dxgi.dll
2017-03-04 06:53:58 342880 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-03-04 06:53:53 551264 ----a-w- c:\windows\system32\drivers\dxgmms2.sys
2017-03-04 06:53:38 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-03-04 06:53:19 781152 ----a-w- c:\windows\system32\WWAHost.exe
2017-03-04 06:53:19 5722320 ----a-w- c:\windows\system32\windows.storage.dll
2017-03-04 06:53:11 493912 ----a-w- c:\windows\system32\SettingSyncHost.exe
2017-03-04 06:53:08 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
2017-03-04 06:53:07 313568 ----a-w- c:\windows\system32\wlanapi.dll
2017-03-04 06:53:03 861024 ----a-w- c:\windows\system32\LicenseManager.dll
2017-03-04 06:52:45 111968 ----a-w- c:\windows\system32\drivers\storahci.sys
2017-03-04 06:52:02 272720 ----a-w- c:\windows\system32\wintrust.dll
2017-03-04 06:51:59 523784 ----a-w- c:\windows\system32\drivers\cng.sys
2017-03-04 06:51:51 454496 ----a-w- c:\windows\system32\drivers\storport.sys
2017-03-04 06:51:46 186720 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-03-04 06:51:45 399712 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-03-04 06:51:38 60768 ----a-w- c:\windows\system32\drivers\vmbkmcl.sys
2017-03-04 06:51:38 576408 ----a-w- c:\windows\system32\wer.dll
2017-03-04 06:51:37 1980768 ----a-w- c:\windows\system32\msxml6.dll
2017-03-04 06:51:31 86360 ----a-w- c:\windows\system32\drivers\hvsocket.sys
2017-03-04 06:51:31 458592 ----a-w- c:\windows\system32\drivers\spaceport.sys
2017-03-04 06:50:58 355680 ----a-w- c:\windows\system32\drivers\rdbss.sys
2017-03-04 06:50:44 846560 ----a-w- c:\windows\system32\WinTypes.dll
2017-03-04 06:50:41 100704 ----a-w- c:\windows\system32\icfupgd.dll
2017-03-04 06:46:50 1224104 ----a-w- c:\windows\system32\WpcMon.exe
2017-03-04 06:46:43 125792 ----a-w- c:\windows\system32\CloudExperienceHostBroker.dll
2017-03-04 06:46:41 198496 ----a-w- c:\windows\system32\CloudExperienceHost.dll
2017-03-04 06:46:40 4312248 ----a-w- c:\windows\explorer.exe
2017-03-04 06:46:40 321792 ----a-w- c:\windows\system32\LockAppHost.exe
2017-03-04 06:46:14 1384704 ----a-w- c:\windows\system32\sppobjs.dll
2017-03-04 06:45:42 93984 ----a-w- c:\windows\system32\phoneactivate.exe
2017-03-04 06:45:18 117280 ----a-w- c:\windows\system32\AuthHost.exe
2017-03-04 06:45:15 173408 ----a-w- c:\windows\system32\basecsp.dll
2017-03-04 06:45:07 112120 ----a-w- c:\windows\system32\gpapi.dll
2017-03-04 06:42:41 276832 ----a-w- c:\windows\system32\input.dll
2017-03-04 06:42:37 1411616 ----a-w- c:\windows\system32\gdi32full.dll
2017-03-04 06:42:35 321888 ----a-w- c:\windows\apppatch\AcRes.dll
2017-03-04 06:42:30 545944 ----a-w- c:\windows\system32\fontdrvhost.exe
2017-03-04 06:42:29 1260784 ----a-w- c:\windows\system32\msctf.dll
2017-03-04 06:40:53 1967968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-03-04 06:40:36 306800 ----a-w- c:\windows\system32\Windows.Media.MediaControl.dll
2017-03-04 06:36:39 5685760 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
2017-03-04 06:34:08 281088 ----a-w- c:\windows\system32\RDXTaskFactory.dll
2017-03-04 06:31:15 27648 ----a-w- c:\windows\system32\WindowsUpdateElevatedInstaller.exe
2017-03-04 06:30:44 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
.
============= FINISH: 10:13:50.58 ===============

[GuiltySpark]

Well there's nothing that jumps out that would be causing an issue with those programs but to be sure can you download and run a scan with FRST  (this is the x86 version, if you need the 64bit version : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ but it looks like a 32bit system).

Post the results of the scan please and we'll see if there are any malware remnants.

And G'day

[woodson]

(04-11-2017, 10:36 PM)GuiltySpark Wrote:  Well there's nothing that jumps out that would be causing an issue with those programs but to be sure can you download and run a scan with FRST  (this is the x86 version, if you need the 64bit version : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ but it looks like a 32bit system).

Post the results of the scan please and we'll see if there are any malware remnants.

And G'day

G'day guiltyspark (apologies for being so remiss in regards to politeness!)

I ran that scan, files are attached. Thank you so much for your time

[Compton]

I sse you are using windows 10 did you install any updates

[woodson]

(04-11-2017, 11:05 PM)Compton Wrote:  I sse you are using windows 10 did you install any updates

Hi Compton...looks like last Windows update was kb3150513 on 18th March - is that of any help?

[GuiltySpark]

Wow! There are quite a few issues there bare with me and I'll create a Fixlist for you.

In the meantime I'd like you to create a Folder on your desktop and name it FRST.

Next, drop the FRST program (executable) into that newly created FRST folder.

Next drop both the FRST.TXT and the ADDITIONAL.TXT into the FRST folder.

Fixlist will follow shortly....

[woodson]

(04-11-2017, 11:14 PM)GuiltySpark Wrote:  Wow! There are quite a few issues there bare with me and I'll create a Fixlist for you.

In the meantime I'd like you to create a Folder on your desktop and name it FRST.

Next, drop the FRST program (executable) into that newly created FRST folder.

Next drop both the FRST.TXT and the ADDITIONAL.TXT into the FRST folder.

Fixlist will follow shortly....

Wow, ok...

[GuiltySpark]

Open Notepad and copy and paste the following:

Quote:Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
Task: {006D6EA8-7EB3-4109-86D2-E952C7D271FF} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {013A6A54-E124-412B-9C04-B52F2AACBC1F} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {018E0EB1-FB1A-4279-BA19-964B9814EB72} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {02388FC8-E63B-4673-A06A-3148062C198D} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {0577595C-1CFD-423E-AA77-BDD784D08037} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0A4F8B42-08EE-4443-9924-F8AB530B7261} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {0BD133D5-49FB-4A84-AF64-353834F680B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {1041A3F6-F773-43DA-A754-E162D9F8D256} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {1F6EE15D-4392-4AC0-8CC5-082DBE376DB0} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {24CFD347-4FF7-47B1-BD20-21328D96F49D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {272C0CBE-8EE1-444B-8480-11BDF5721252} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {2760CB66-5881-4E9F-A539-DB5B1CC999C6} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {29DC8A80-8CDB-4B0A-96EF-375DF3F1C192} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {2EC88BEB-1F95-452B-A65B-8F0EEC7A5BBC} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {2ECAE00F-C4CC-4DBB-801B-EF47D6DD15B3} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {34CA48B7-144A-4CE5-9B9C-24ADAF1A2A6C} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {4AF83CDB-D85A-4099-B74A-110F36451579} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {4E1A4F09-4BA1-4FE2-A218-F6BFC547DA3F} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {586A2789-2382-4BD8-8643-32F69023487E} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {5B2B3B10-6A56-4919-B57A-C1514C2C9F88} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5BC985E9-7EF8-4EB1-98C9-5F043EE32B61} - \User_Feed_Synchronization-{E7B81135-3673-4296-B347-2C2CF05D6A53} -> No File <==== ATTENTION
Task: {693D30D8-2319-4032-891D-4FCB1BE3A0B2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {706D6A73-F582-43C2-8A7F-DE21AC2DEEFA} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {7DEC5A0D-F5EA-4EA2-9896-05222DD90D8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {838871B1-93ED-4FE6-8F41-8F08B0A18B44} - \SDMsgUpdate (Local) -> No File <==== ATTENTION
Task: {85D55925-2350-4B5B-8BF2-760EEA9D4922} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {87D137B2-0BCF-49FD-ACC7-987225970AD2} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {8873B132-985A-41EC-82C7-997C252610D0} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {898B04C4-C487-4437-A99E-A7AD980E6448} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {8B2D7A86-075F-4D5F-B785-44847DE7D78D} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {930E61DA-8EA7-432F-A98E-10019E479766} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {94C9CFBA-CB6A-4270-87DA-71361B1E7BEE} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {976653A2-5A70-4569-9B7E-D52F87E49AED} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {AA5B8A47-1EEF-438A-8E50-2773498DC0ED} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {ADED33A2-3DD1-47BD-9A5B-43FFFFF768A7} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {AF7A8427-11A1-47C6-89F5-995D850FE3C4} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {B6390E90-7B3F-4EE4-BE01-44F213F075BB} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {BA8B5CF8-11A2-4954-B8C3-91E69791B587} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BB8C5878-DC89-412E-BF1D-AF2F29E94E0C} - \SDMsgUpdate (TE) -> No File <==== ATTENTION
Task: {CD03C981-F6B8-4F2A-AC6B-FDDA9DB818DD} - \WPD\SqmUpload_S-1-5-21-2582839356-284551241-1480120633-1001 -> No File <==== ATTENTION
Task: {CE33EC79-3CCF-4CF4-8D97-2CDAAFA084B2} - \{C441900F-EC30-414B-BEDE-827B8D6B517D} -> No File <==== ATTENTION
Task: {CE733F42-D098-4752-9149-F9A916B1A429} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {CEC94E83-489A-4B54-800B-86B349B3B068} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {D2C4EB76-4C02-42B0-9C2C-9D592F3DE9C6} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {D4C7F3DB-1B29-4DB5-9AAE-8B3B5AC6342D} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {D53BC26A-6D9B-4464-8F68-1ADDA6CACB5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E324AD71-6423-4D4D-B635-6CCBACEBD2AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E37F2B3C-F734-4827-858D-768987E110C5} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {E5E33F7C-C992-4F7D-8C25-A4E15BACF923} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {E8E5068F-5F39-4F27-B4AF-61B68ABA9314} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {E920430D-CDAB-4E77-BEDF-D405D8EC85A9} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {F289D7DA-9682-4E3D-8C45-8C1BD47512FC} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {F685D49D-4F14-47A5-B383-04F8A119E43B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F8DAAEB1-C3B8-4578-9DFB-C1FE84E2DA8A} - \{581376D9-47A6-463B-AC77-CFA6E0B89540} -> No File <==== ATTENTION
Task: {FDF12A7B-7D27-4EB6-9A69-91540701EA9A} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
U3 mbr; C:\Users\David or Heather\AppData\Local\Temp\mbr.sys [25088 2017-04-12] () [File not signed] <==== ATTENTION
CMD: ipconfig /flushdns
End

Save this file as fixlist.txt and add it to the FRST folder with the others.

Next Open FRST.exe and select Fix

---

p.s.

Sorry it took so long but doing it on a Tablet was a joke (it wouldn't copy) had to transfer to laptop.