hola Daniela…
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2020
Ran by dj (administrator) on DJHP (Hewlett-Packard HP Pavilion dv7 Notebook PC) (11-10-2020 12:37:09)
Running from C:\Users\dj\Desktop\antiV
Loaded Profiles: dj
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Media Player\wmpnetwk.exe
(Microsoft Corporation) [File not signed] C:\Windows\explorer.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\audiodg.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\csrss.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\dwm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsass.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\services.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\smss.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\svchost.exe <16>
(Microsoft Corporation) [File not signed] C:\Windows\System32\VSSVC.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wininit.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\winlogon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {19736cea-c740-11e0-ad2c-b6b7f73a5b37} - I:\AutoRun.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {19736cf8-c740-11e0-ad2c-b6b7f73a5b37} - I:\AutoRun.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {231b0a8b-edd6-11e4-bc30-00269ef9b1be} - F:\dlusb_launcherC120.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {30836291-fc33-11e4-967a-00269ef9b1be} - F:\Startme.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {38a3490f-efdf-11e2-a9db-fb1408114598} - I:\Windows\Install.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {e92740ea-d3e6-11e4-b455-00269ef9b1be} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {eca17917-dd9d-11e0-9d38-0023140b7bf4} - I:\AutoRun.exe
HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\...\MountPoints2: {f6c28fdf-8398-11e3-b188-a0e8f0db155e} - J:\Startme.exe
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\SYSTEM32\inetpp.dll [166912 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\SYSTEM32\win32spl.dll [751104 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\HPCP1020PP: C:\Windows\System32\spool\prtprocs\x64\HPCP1020PP.DLL [65024 2012-12-24] (Marvell Semiconductor, Inc.) [File not signed]
HKLM\...\Windows x64\Print Processors\hpfppw73: C:\Windows\System32\spool\prtprocs\x64\hpfppw73.dll [258048 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dll [39424 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\HP CP1020 LM: C:\WINDOWS\SYSTEM32\HPCP1020LM.DLL [129024 2012-12-24] () [File not signed]
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\WINDOWS\SYSTEM32\hpzllw71.dll [53248 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Print\Monitors\Local Port: C:\WINDOWS\SYSTEM32\localspl.dll [955904 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\WINDOWS\SYSTEM32\FXSMON.DLL [41984 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\PCL hpf3lw73: C:\WINDOWS\SYSTEM32\hpf3lw73.dll [48640 2009-07-14] (Hewlett-Packard Company) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\SYSTEM32\hpz3lw71.dll [46080 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Print\Monitors\PDFCreator: C:\WINDOWS\SYSTEM32\pdfcmnnt.dll [87040 2005-03-12] () [File not signed]
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\WINDOWS\SYSTEM32\tcpmon.dll [195072 2009-07-14] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\USB Monitor: C:\WINDOWS\SYSTEM32\usbmon.dll [45056 2009-07-14] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\WSD Port: C:\WINDOWS\SYSTEM32\WSDMon.dll [224768 2009-07-14] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.135\Installer\chrmstp.exe [2020-08-19] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00567336-D993-4546-9BE7-7E2AB4BE1654} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {00E584D5-E1A7-436C-9360-1408E88077F1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe [1475640 2020-08-28] (Adobe Inc. -> Adobe)
Task: {0379F202-7A45-4AE7-974C-440BB380483F} - System32\Tasks\RealCreateProcessScheduledTask85358879S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {07CB8A57-51E1-40D1-9B69-E860BC5682B4} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [183296 2009-07-14] (Microsoft Corp.) [File not signed]
Task: {0A6E4EA2-A477-4F19-BC57-FE622135A486} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-08-28] (Adobe Inc. -> Adobe)
Task: {0A86C1B3-8140-461D-B64E-D1EB4915CEA3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {0E1AE3C4-195E-40C7-BEA9-7AF1ADB9760E} - System32\Tasks\Microsoft\Windows\Wininet\CacheTask => {0358b920-0ac7-461f-98f4-58e32cd89148} C:\Windows\system32\wininet.dll [2426880 2020-03-08] (Microsoft Corporation) [File not signed]
Task: {13ADE6DB-3D57-4097-9A52-3850261B01FA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {18F3FEC2-F629-41D7-9CFD-3AC36F3C8F0C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {1A853ACE-86E0-4DF0-B993-E159C6FD0C2B} - no filepath
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - System32\Tasks\Microsoft\Windows\Task Manager\Interactive => {855fec53-d2e4-4999-9e87-3414e9cf0ff4} C:\Windows\system32\wdc.dll [1363968 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {2470470F-2634-478E-B181-571E98A789BB} - System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService => {2DEA658F-54C1-4227-AF9B-260AB5FC3543} C:\Windows\System32\PlaySndSrv.dll [84992 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) => {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} C:\Windows\system32\msdrm.dll [528384 2013-12-04] (Microsoft Corporation) [File not signed]
Task: {2862B17C-81E1-4CC4-A534-AD9503EE912F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [76800 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {2E5F0DB7-C279-4EFF-A8C2-D00E1B8C6B5F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [1264640 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {32147D69-BC96-4CFE-981F-D07F21A40F75} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {32A7701B-783C-4D1F-9BD4-510E1C0CFEBD} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} C:\Windows\System32\HotStartUserAgent.dll [27136 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {3B90F7DB-7345-48BE-A543-0538A4C1A6E4} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} C:\Windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {40AD211E-EE38-4D07-8511-35B18E6A7606} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4625674B-73B2-4F4F-8EBD-36D9D8BADB7E} - System32\Tasks\{E5365BF7-BC28-4B60-9A15-0F215A738A2E} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUn0415.exe -c -fC:\Codemasters\CMRally\Uninst.isu
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip => {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} C:\Windows\System32\usbceip.dll [27648 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} C:\Windows\System32\wpcmig.dll [17408 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {4A75CADC-317A-41FB-AF2C-36B2BACBC14E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [76800 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {4BA38F9A-8216-4F23-B99F-F567BE40DAE1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {4BEE29A4-F39F-4E63-8E21-2C9E5016A579} - System32\Tasks\RealCreateProcessScheduledTask231131S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor => {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} C:\Windows\system32\MsCtfMonitor.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {58170AB6-0912-4BF4-92CC-37AA60B4EFB6} - System32\Tasks\RealCreateProcessScheduledTask12436540S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} C:\Windows\System32\wpcumi.dll [188416 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {5BE64A16-1C97-4470-B340-BD3A32B554E2} - System32\Tasks\{7130D8B4-6B2B-4DAF-A127-4EC8ABBFABB5} => C:\Windows\system32\pcalua.exe -a "G:\DATA DISK\programas\REAL PLAYER\RealPlayer11GOLD_es.exe" -d "G:\DATA DISK\programas\REAL PLAYER"
Task: {5DCBF464-2450-43F8-BBBB-C0F9751553AA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [1264640 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\Windows\system32\dimsjob.dll [40448 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) => {CF2CF428-325B-48D3-8CA8-7633E36E5A32} C:\Windows\system32\msdrm.dll [528384 2013-12-04] (Microsoft Corporation) [File not signed]
Task: {662250CA-77AB-4E8E-B34C-F6434B85A65E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {689AF7A5-B3B2-4968-A3DB-6EE1A269AB94} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {6956D7A0-6986-4A9D-9F82-02B37A779AF1} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} C:\Windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {69B68D14-0C60-4548-8256-CF3623167040} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {6D98C2E6-97D5-4972-A3C3-DB401F43A20F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {6FDA3CFC-3F7C-46BF-9DA9-197C15E1C732} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {721ECF15-49D4-4944-83D0-F366EFA89FC2} - System32\Tasks\RealCreateProcessScheduledTask49297329S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {72AD0D5A-9088-4727-A79E-4E140CA2A8A5} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\Windows\system32\appidcertstorecheck.exe [17920 2019-02-21] (Microsoft Corporation) [File not signed]
Task: {7431F99F-EB20-4970-BE93-9E18A274EC0C} - System32\Tasks\{0382E760-B78D-4503-9B59-AAB8487FB55D} => C:\Windows\system32\pcalua.exe -a C:\Users\dj\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=adks <==== ATTENTION
Task: {750649C5-AC49-4EBD-B0F0-3A96B2BC9801} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {77E7F16D-B585-4F48-B76E-0B93819EEE37} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7A2AA004-C22B-4850-9652-C108993825F3} - no filepath
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\Windows\system32\dimsjob.dll [40448 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {7B126512-099E-4753-996F-9D7EA40E165B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7B1BCC78-7AAE-4293-8C29-627E53D3404A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7EBCA6DC-4FCE-43DA-87C7-685288195C83} - System32\Tasks\{6BD23002-A00F-4666-B8F2-764CFBBEA95C} => C:\Windows\system32\pcalua.exe -a "G:\programas\REAL PLAYER\RealPlayer11GOLD_es.exe" -d "G:\programas\REAL PLAYER"
Task: {7FCACA7D-D224-43BB-B196-38ACFFCAEFC7} - System32\Tasks\{5336320B-9D3D-4B6C-BF6D-029AD0C6854A} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\NUMARK~1\UNWISE.EXE -c C:\PROGRA~2\NUMARK~1\INSTALL.LOG
Task: {80D139B8-36AD-4273-A008-015B5F699B0D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {880575E4-033C-4C71-BB2D-03ADCC7DD2DC} - System32\Tasks\{9B7ACCF5-C408-46EF-BEEA-17ABBDDF6341} => C:\Windows\system32\pcalua.exe -a C:\Users\dj\AppData\Local\Temp\bc3dbd07-3e6f-426b-94e8-634ff0ef9606\InstallShieldUninstaller.exe -d C:\Users\dj\Downloads <==== ATTENTION
Task: {89AD6C86-12FA-4CAB-92E9-19CD000C4572} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - System32\Tasks\Microsoft\Windows\WDI\ResolutionHost => {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} C:\Windows\System32\wdi.dll [91136 2015-01-09] (Microsoft Corporation) [File not signed]
Task: {95C2F419-45B1-4541-A92E-CE614997AE15} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {985E235B-6B31-404B-8DB5-AA08190C3B52} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {98DBCC26-B66E-44A7-A496-7DA613D55735} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\Windows\system32\dimsjob.dll [40448 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {9B7AA255-2DAC-477C-8D2E-F996FF48F44F} - no filepath
Task: {9DDCC645-5965-4D81-85A6-E623441045CA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {9F9424C5-A33D-45A3-BF7A-1C3A7F402A75} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader => {B210D694-C8DF-490d-9576-9E20CDBC20BD} C:\Windows\System32\mscms.dll [625664 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [148480 2019-02-21] (Microsoft Corporation) [File not signed]
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [90112 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {A9FE06F7-D54B-4B3C-B1C6-93F8256EFA30} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\WINDOWS\SYSTEM32\aitagent.exe [122880 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC615EE8-3977-4FE8-91FB-1E003B825913} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2009-10-07] (Hewlett-Packard Company -> )
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - System32\Tasks\Microsoft\Windows\Ras\MobilityManager => {c463a0fc-794f-4fdf-9201-01938ceacafa} C:\Windows\system32\rasmbmgr.dll [57344 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {AD480C71-53FA-483F-AD46-FC131E35C905} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {ADA9F6F4-A3C0-4F0D-B39E-7BCBC46A9E47} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AF364794-7876-44BD-974A-5B0A0F259C44} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} C:\Windows\System32\perftrack.dll [950272 2015-01-09] (Microsoft Corporation) [File not signed]
Task: {B2E47E14-722F-4ADB-90E9-43C29EEE88E6} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} C:\Windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {B37AB87A-454B-40C5-89A7-0C2698D7F0C2} - System32\Tasks\{2876E453-CDD6-4561-ABE5-98BAA0D7A74A} => C:\Windows\system32\pcalua.exe -a C:\Users\Public\Documents\710_b042_multilanguage.exe -d C:\Users\Public\Documents
Task: {BA4282C0-D5A6-43A9-AA73-92E6C6838485} - System32\Tasks\{363D17E4-4B82-436F-8598-D31C75031182} => msiexec.exe /package "G:\Game.msi"
Task: {BA88FF08-31C5-4994-AAE9-E6607EDF1B65} - System32\Tasks\AdwCleaner_onReboot => G:\SOFTWARESSSSS\((( W7 CLEAN OK )))\02 adwcleaner\adwcleaner_8.0.8.exe [8447152 2020-10-10] (Malwarebytes Inc -> Malwarebytes)
Task: {BBB30C7B-F756-430A-B951-D31DE615C522} - System32\Tasks\{7FF484A2-866A-4B8D-A1AC-E8D8ADFF554D} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\VIRTUA~1\UNWISE.EXE -c C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Task: {BD1C4EFA-2EDA-438D-85DD-484E7D806F81} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [198656 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled => {C1F85EF8-BCC2-4606-BB39-70C523715EB3} C:\Windows\System32\sdiagschd.dll [51200 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [293888 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup => {ca767aa8-9157-4604-b64b-40747123d5f2} C:\Windows\System32\regidle.dll [14336 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {CAFBB0DA-88C1-4A51-BF2E-3C2FFD31CC53} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3994139564-2437849967-1822899332-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [125952 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {CB8CC51E-7912-4F51-B501-741C8E6E8A46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CBD2757C-1693-47D8-9A88-A4E58142203D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\Windows\system32\schtasks.exe [285696 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CE5117A5-A3F6-4570-ABC1-272E780BAB00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\Windows\System32\memdiag.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [50688 2009-07-14] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {D287E980-3E04-4E78-8ACA-61CE02571687} - System32\Tasks\{BC85293A-1BD0-4DB7-954B-CFDD20216819} => C:\Windows\system32\pcalua.exe -a "C:\Users\dj\Downloads\yahtzee deluxe.exe" -d C:\Users\dj\Downloads
Task: {D3E63068-D215-4F93-9321-FB9ABFEF7728} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {D4B563AE-B917-4AD9-A84E-44620807AEC6} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-09] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D4EC3DB6-740C-49AB-B003-71D7C483EDD2} - System32\Tasks\RealCreateProcessScheduledTask358864S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {D638C166-4003-47D3-8178-FB92A9228855} - no filepath
Task: {D6ECE471-ADDB-46D9-8459-C79415EE9636} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8F43898-9DD4-4FF1-A16C-D3246A67E38F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {D91D7A18-7B3D-4DAD-A8CB-2C3043809B7C} - System32\Tasks\RealCreateProcessScheduledTask92121726S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D} C:\Windows\system32\WinSATAPI.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {DD02EEFD-0BD0-4099-A16E-57E8E7389BB5} - System32\Tasks\RealCreateProcessScheduledTask70955229S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {E0325069-2AD7-4A22-B967-78EADFAFED53} - System32\Tasks\RealCreateProcessScheduledTask64353516S-1-5-21-3994139564-2437849967-1822899332-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\SYSTEM32\BthUdTask.exe [36864 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {E890BCB7-DBD2-4AD2-8C03-A38D847ED0A8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} C:\Windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E8BC146E-F1D7-4A86-959F-3FE7BCC6A41A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - System32\Tasks\Microsoft\Windows\RAC\RacTask => {42060D27-CA53-41f5-96E4-B1E8169308A6} C:\Windows\system32\RacEngn.dll [1556992 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [71168 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\Windows\System32\memdiag.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [71168 2009-07-14] (Microsoft Corporation) [File not signed]
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask => {e7ed314f-2816-4c26-aeb5-54a34d02404c} C:\Windows\System32\kernelceip.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2012-01-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 01 C:\Windows\system32\NLAapi.dll [70656 2012-10-03] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [68096 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 04 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [28672 2009-07-14] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [47104 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 186.16.16.16 186.17.17.17
Tcpip\..\Interfaces\{69982FD6-88B4-4AF2-BFAE-679C95BC473F}: [DhcpNameServer] 186.16.16.16 186.17.17.17
Tcpip\..\Interfaces\{A51A3B70-C2B5-4C0F-9709-3593B12F3D10}: [DhcpNameServer] 201.217.1.230 201.217.1.231
FireFox:
========
FF DefaultProfile: 3mazn0aj.default
FF ProfilePath: C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\1csbwtpa.default-release [2020-10-11]
FF Homepage: Mozilla\Firefox\Profiles\1csbwtpa.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-08-20 11:42:19&bName=
FF NewTab: Mozilla\Firefox\Profiles\1csbwtpa.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-08-20 11:42:19&bName=
FF ProfilePath: C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\3mazn0aj.default [2020-10-11]
FF Homepage: Mozilla\Firefox\Profiles\3mazn0aj.default -> hxxp://google.com
FF Extension: (leethax.net extension) - C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\3mazn0aj.default\Extensions\[email protected] [2013-06-15] [Legacy] [not signed]
FF Extension: (Test Pilot) - C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\3mazn0aj.default\Extensions\[email protected] [2015-06-25] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\3mazn0aj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_414.dll [2020-08-28] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_414.dll [2020-08-28] (Adobe Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-12-17] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-12-17] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-14] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll [2007-03-10] (Yahoo! Inc. -> Yahoo! Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default [2020-10-11]
CHR Notifications: Default -> hxxps://forospyware.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (YouTube) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Búsqueda de Google) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tampermonkey) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-09-29]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-28]
CHR Extension: (Gmail) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\dj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-3994139564-2437849967-1822899332-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
Opera:
=======
OPR Extension: (alelhddbbhepgpmgidjdcjakblofbmce) - C:\Users\dj\AppData\Roaming\Opera Software\Opera Stable\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-09-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-03-09] (Adobe Systems) [File not signed]
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-05-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-08-28] (Adobe Inc. -> Adobe)
S4 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2019-02-21] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-05-04] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448 2019-02-10] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2019-02-10] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Browser; C:\Windows\System32\browser.dll [136704 2012-07-05] (Microsoft Corporation) [File not signed]
R2 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2019-02-10] (Microsoft Corporation) [File not signed]
R3 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [146432 2019-02-10] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed] [File is in use]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R2 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
S2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2020-03-08] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S4 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSIB352.tmp [102400 2011-07-08] () [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-06-16] () [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2019-02-21] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-10] (Malwarebytes Inc -> Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
S4 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\system32\msiexec.exe /V [128512 2016-05-04] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe /V [73216 2016-05-04] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R2 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2019-02-10] (Microsoft Corporation) [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2013-08-08] (PC Tools -> PC Tools)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-19] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] (RealNetworks, Inc. -> )
S4 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-20] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
R3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [681984 2014-07-17] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2019-02-21] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
R3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\WINDOWS\SYSTEM32\winhttp.dll [444928 2016-05-11] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351744 2016-05-11] (Microsoft Corporation) [File not signed]
R3 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation) [File not signed]