I don't understand where this is coming from. Edge is jumping to this page. I've scanned over and over with Windows Defender and it doesn't find anything. This started about the same time as another warning began regarding a needed Flash Player update.

I have Mozilla Firefox installed also. None of this is happening with it.

Note: When I tried to preview this post, it jumped to a different page, mostly blue, saying there was an issue with Windows Defender.

Attached Thumbnails

   

First off, I am not a newbie, so don't treat me like one. I've been doing this for nearly 30 years.

This all seemed to start when I received a notification in MS Edge that a Flash Player update was needed. The update was loaded with "junk" as I would call it. Chromium, Byte Fence, and something from Yahoo. The Flash update never finished, and I doubt that it was an update at all.

I managed to uninstall Chromium and Byte Fence. At the bottom of the list application list was something which started with Yahoo! I don't remember the rest. It would not uninstall.

I did some digging on my own. I opened a command prompt and did a folder search for anything containing the word yahoo. It went like this. "dir c:\ yahoo*.* /s" This search found one thing. A scheduled task in the Windows\Tasks folder. The name was "Yahoo! Powered tonis.job" I deleted it and did a system restart. The only scheduled task I should have had was an Epson printer driver update check. It was still there. There is still a reference to this in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures. I left it.

After I removed the task, Edges' behavior seemed to improve. Since I was not able to perform a proper uninstall of the Yahoo process, some of it is still floating around somewhere.

So, that's it. Take a look at the logs and let me know what you think. I have a fall-back: An Acronis TrueImage full backup from late January which I can restore.

=======================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Norman at 19:14:04 on 2017-02-07
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.2057.18.4040.2465 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
C:\Misc\Sleeper.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWoW64\DllHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uLocal Page = %11%\blank.htm
mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series" /EF "HKCU"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\Users\Norman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sleeper.lnk - C:\Misc\Sleeper.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{c346502b-5e9f-4502-9f9c-ffe0ec1d3f44} : DHCPNameServer = 192.168.254.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\usyvoq48.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;Acronis File Tracker Driver;C:\WINDOWS\System32\drivers\file_tracker.sys [2017-1-24 375136]
R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\drivers\fltsrv.sys [2017-1-24 181088]
R0 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-22 48992]
R0 tib;Acronis TIB Manager;C:\WINDOWS\System32\drivers\tib.sys [2017-1-24 1267544]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-22 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-22 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2017-1-24 6086232]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_568e42;CDPUserSvc_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2016-8-2 677376]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-1-25 144560]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-7-28 21184]
R2 mmsminisrv;Acronis Managed Machine Service Mini;C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [2016-8-15 4692840]
R2 mobile_backup_server;Acronis Mobile Backup Server;C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2016-7-18 7717528]
R2 mobile_backup_status_server;Acronis Mobile Backup Status Server;C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2016-9-13 1510712]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-24 459832]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-24 1163712]
R2 OneSyncSvc_568e42;Sync Host_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2016-8-11 9729272]
R2 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\drivers\tib_mounter.sys [2017-1-24 212320]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 virtual_file;Acronis Virtual File Driver;C:\WINDOWS\System32\drivers\virtual_file.sys [2017-1-24 331104]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-22 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_568e42;Contact Data_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_568e42;User Data Storage_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_568e42;User Data Access_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-11-22 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-22 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MDA_NTDRV;MDA_NTDRV;C:\WINDOWS\System32\MDA_NTDRV.sys [2013-2-25 21208]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-22 64352]
S3 MessagingService_568e42;MessagingService_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-22 113152]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-24 27584]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-24 46016]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-22 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-11-22 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-22 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [2016-7-27 139264]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tnd;Acronis Try&Decide filter;C:\WINDOWS\System32\drivers\tnd.sys [2017-1-24 687968]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-22 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_568e42;Windows Push Notifications User Service_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-1-24 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-22 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-24 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-08 00:06:34 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B5B9B13-CA86-41EC-AB52-67E62B9D8AE7}\mpengine.dll
2017-02-07 16:45:42 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-02-07 02:57:53 -------- d-----w- C:\Users\Norman\AppData\Local\Mozilla
2017-02-07 02:57:48 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 02:57:27 -------- d-----w- C:\Users\Norman\AppData\Local\Chromium
2017-02-07 02:15:51 -------- d-----w- C:\Users\Norman\AppData\Local\Adobe
2017-02-07 02:15:40 -------- d-----w- C:\ProgramData\{EEE42B87-64A6-A141-E260-3F037822B4CD}
2017-02-07 02:15:34 -------- d-----w- C:\Users\Norman\AppData\Local\lafe
2017-02-07 01:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\SONY Digital Images
2017-02-07 01:01:26 -------- d-----w- C:\Program Files (x86)\Ulead Systems
2017-02-06 17:50:09 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2017-02-06 17:50:03 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2017-02-06 07:46:08 -------- d-----w- C:\Users\Norman\AppData\Roaming\Digiarty
2017-02-06 07:45:53 -------- d-----w- C:\Program Files (x86)\Digiarty
2017-02-05 19:16:21 -------- d-----w- C:\ProgramData\BSD
2017-02-05 19:15:37 -------- d-----w- C:\Program Files (x86)\Auslogics
2017-02-01 15:37:49 -------- d-----w- C:\Users\Norman\AppData\Roaming\Big Angry Dog
2017-02-01 15:37:46 -------- d---a-w- C:\Program Files\Hardwipe
2017-02-01 13:26:27 82432 ----a-w- C:\WINDOWS\System32\VSD3DWARP12Debug.dll
2017-02-01 13:26:27 6583296 ----a-w- C:\WINDOWS\System32\d3d12warp.dll
2017-02-01 13:26:27 61952 ----a-w- C:\WINDOWS\System32\VSD3DWARPDebug.dll
2017-02-01 13:26:27 5850624 ----a-w- C:\WINDOWS\System32\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 4978176 ----a-w- C:\WINDOWS\SysWow64\d3d12warp.dll
2017-02-01 13:26:27 4596224 ----a-w- C:\WINDOWS\SysWow64\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 2795520 ----a-w- C:\WINDOWS\System32\d3d12SDKLayers.dll
2017-02-01 13:26:27 2220032 ----a-w- C:\WINDOWS\SysWow64\d3d12SDKLayers.dll
2017-02-01 13:26:26 64000 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARP12Debug.dll
2017-02-01 13:26:26 60928 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARPDebug.dll
2017-02-01 13:26:26 384000 ----a-w- C:\WINDOWS\System32\DXCpl.exe
2017-02-01 13:26:26 362496 ----a-w- C:\WINDOWS\SysWow64\DXCpl.exe
2017-02-01 07:08:45 -------- d-----w- C:\Users\Norman\AppData\Roaming\NuGet
2017-02-01 03:47:26 1654528 ----a-w- C:\ProgramData\Microsoft\WDExpress\14.0\1033\ResourceCache.dll
2017-02-01 03:35:31 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files\Application Verifier
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files (x86)\Application Verifier
2017-02-01 03:31:17 -------- d---a-w- C:\ProgramData\Windows App Certification Kit
2017-02-01 03:04:29 -------- d---a-w- C:\Program Files\IIS
2017-02-01 03:04:29 -------- d-----w- C:\Program Files (x86)\IIS
2017-02-01 02:41:18 -------- d-----w- C:\ProgramData\NuGet
2017-02-01 02:41:18 -------- d-----w- C:\Program Files (x86)\NuGet
2017-02-01 02:20:54 -------- d---a-w- C:\Program Files (x86)\Common Files\Merge Modules
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Windows Kits
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2017-02-01 01:34:19 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\SysWow64\1033
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\System32\1033
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files\Microsoft SQL Server
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files (x86)\Microsoft SQL Server
2017-02-01 01:28:21 -------- d---a-w- C:\Program Files\Microsoft SQL Server Compact Edition
2017-02-01 01:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-02-01 01:27:56 -------- d---a-w- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-01-31 18:39:10 -------- d-----w- C:\Users\Norman\AppData\Local\N_A
2017-01-27 17:10:03 -------- d-----w- C:\Users\Norman\AppData\Roaming\log
2017-01-26 01:26:29 -------- d---a-w- C:\Program Files (x86)\ExactFile
2017-01-25 19:21:52 -------- d-----w- C:\Program Files\Macrorit
2017-01-25 18:59:51 -------- d-----w- C:\ProgramData\Auslogics
2017-01-25 18:53:20 -------- d-----w- C:\Program Files\Common Files\EPSON
2017-01-25 18:51:14 -------- d-----w- C:\Program Files\EPSON
2017-01-25 18:50:44 -------- d---a-w- C:\Program Files (x86)\EPSON Software
2017-01-25 18:50:37 -------- d-----w- C:\Program Files\EpsonNet
2017-01-25 18:50:25 466944 ----a-w- C:\WINDOWS\System32\esxw2ud.dll
2017-01-25 18:50:25 147472 ----a-w- C:\WINDOWS\SysWow64\twaindsm.dll
2017-01-25 18:50:25 144560 ----a-w- C:\WINDOWS\System32\escsvc64.exe
2017-01-25 18:50:25 -------- d-----w- C:\Program Files (x86)\epson
2017-01-25 18:49:55 10752 ----a-w- C:\WINDOWS\System32\E_GCINST.DLL
2017-01-25 18:49:53 83968 ----a-w- C:\WINDOWS\System32\E_YD4BMBE.DLL
2017-01-25 18:49:53 179712 ----a-w- C:\WINDOWS\System32\E_YLMBMBE.DLL
2017-01-25 18:49:50 -------- d-----w- C:\ProgramData\EPSON
2017-01-25 18:44:24 -------- d---a-w- C:\Program Files (x86)\Microsoft ActiveSync
2017-01-25 18:44:21 -------- d-----w- C:\WINDOWS\SHELLNEW
2017-01-25 18:43:25 -------- d-----w- C:\WINDOWS\PCHEALTH
2017-01-25 18:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2017-01-25 18:39:41 -------- d-----w- C:\Program Files (x86)\Corel
2017-01-25 18:37:30 -------- d-----w- C:\WINDOWS\Downloaded Installations
2017-01-25 06:02:12 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 06:02:12 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-25 03:59:04 -------- d-----w- C:\Users\Norman\AppData\Local\ConnectedDevicesPlatform
2017-01-25 03:44:20 -------- d--h--w- C:\Users\Norman\AppData
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Temp
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Microsoft
2017-01-25 03:41:50 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2017-01-25 03:41:50 7639617 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2017-01-25 03:41:50 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2017-01-25 03:41:50 6384576 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2017-01-25 03:41:50 548408 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2017-01-25 03:41:50 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2017-01-25 03:41:50 2475968 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2017-01-25 03:41:50 1764408 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2017-01-25 03:41:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 02:27:58 73032 ----a-w- C:\WINDOWS\System32\e1cmsg.dll
2017-01-25 02:27:58 36472 ----a-w- C:\WINDOWS\System32\NicCo36.dll
2017-01-25 02:27:58 101224 ----a-w- C:\WINDOWS\System32\NicInstC.dll
2017-01-25 02:27:57 452432 ----a-w- C:\WINDOWS\System32\drivers\e1c63x64.sys
2017-01-25 01:12:38 -------- d-----w- C:\Users\Norman\AppData\Local\PackageStaging
2017-01-25 01:10:30 -------- d-----w- C:\Users\Norman\AppData\Local\Comms
2017-01-25 00:57:22 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2017-01-24 22:39:07 -------- d-sh--w- C:\Recovery
2017-01-24 22:39:00 -------- dc----w- C:\WINDOWS\Panther
2017-01-24 22:37:04 -------- d-----w- C:\Windows.old
2017-01-24 21:04:09 -------- d-----w- C:\Users\Norman\AppData\Local\ElevatedDiagnostics
2017-01-24 11:22:06 -------- d-----w- C:\Weather Pictures
2017-01-24 11:22:05 -------- d-----w- C:\VB.Net
2017-01-24 11:22:03 -------- d-----w- C:\VB Projects
2017-01-24 11:22:03 -------- d-----w- C:\Temp4
2017-01-24 11:22:03 -------- d-----w- C:\Temp3
2017-01-24 11:22:01 -------- d-----w- C:\Temp2
2017-01-24 11:22:00 -------- d-----w- C:\Temp
2017-01-24 11:21:59 -------- d-----w- C:\Prime95
2017-01-24 11:21:53 -------- d-----w- C:\Photos
2017-01-24 11:21:00 -------- d-----w- C:\Blowfish
2017-01-24 11:20:59 -------- d-----w- C:\audiograbber
2017-01-24 11:20:57 -------- d-----w- C:\clucas
2017-01-24 11:20:16 -------- d-----w- C:\kodak
2017-01-24 11:20:12 -------- d-----w- C:\IrfanView
2017-01-24 11:19:59 -------- d-----w- C:\IconForge
2017-01-24 11:19:59 -------- d-----w- C:\Hold
2017-01-24 11:19:51 -------- d-----w- C:\Misc
2017-01-24 11:16:30 -------- d-----w- C:\Program Files (x86)\VideoLAN
2017-01-24 11:15:07 -------- d---a-w- C:\Program Files (x86)\BurnAware Free
2017-01-24 11:14:36 -------- d-----w- C:\Program Files\Axantum
2017-01-24 11:11:54 99384 ----a-w- C:\Users\Norman\AppData\Roaming\inst.exe
2017-01-24 11:11:54 82816 ----a-w- C:\Users\Norman\AppData\Roaming\pcouffin.sys
2017-01-24 11:11:52 -------- d-----w- C:\Program Files (x86)\vso
2017-01-24 11:11:22 -------- d-----w- C:\Users\Norman\AppData\Roaming\IrfanView
2017-01-24 11:11:21 -------- d---a-w- C:\Program Files (x86)\IrfanView
2017-01-24 11:10:51 -------- d---a-w- C:\Program Files (x86)\HxD
2017-01-24 11:07:27 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2017-01-24 11:06:00 -------- d---a-w- C:\Program Files\Defraggler
2017-01-24 11:05:09 -------- d---a-w- C:\Program Files (x86)\CrystalDiskInfo
2017-01-24 11:04:56 -------- d-----w- C:\Users\Norman\AppData\Local\Programs
2017-01-24 11:01:28 -------- d---a-w- C:\Program Files\CCleaner
2017-01-24 10:43:49 -------- d-----w- C:\Users\Norman\AppData\Local\Diagnostics
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files\Bonjour
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files (x86)\Bonjour
2017-01-24 10:37:57 375136 ----a-w- C:\WINDOWS\System32\drivers\file_tracker.sys
2017-01-24 10:37:57 -------- d-----w- C:\ProgramData\Acronis Mobile Backup Data
2017-01-24 10:37:54 331104 ----a-w- C:\WINDOWS\System32\drivers\virtual_file.sys
2017-01-24 10:37:53 687968 ----a-w- C:\WINDOWS\System32\drivers\tnd.sys
2017-01-24 10:37:53 212320 ----a-w- C:\WINDOWS\System32\drivers\tib_mounter.sys
2017-01-24 10:37:52 1267544 ----a-w- C:\WINDOWS\System32\drivers\tib.sys
2017-01-24 10:37:50 368480 ----a-w- C:\WINDOWS\System32\drivers\snapman.sys
2017-01-24 10:37:49 181088 ----a-w- C:\WINDOWS\System32\drivers\fltsrv.sys
2017-01-24 10:00:56 -------- d-----w- C:\WINDOWS\System32\MRT
2017-01-24 09:59:52 -------- d-----r- C:\Users\Norman\OneDrive
2017-01-24 09:58:29 -------- d-----w- C:\Users\Norman\AppData\Local\Publishers
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Searches
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Contacts
2017-01-24 09:54:39 41472 ------w- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll
2017-01-24 08:05:05 -------- d-----w- C:\Users\Norman\AppData\Local\PeerDistRepub
2017-01-24 07:57:18 202032 ----a-w- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
2017-01-24 07:50:46 -------- d-----w- C:\Users\Norman\AppData\Roaming\NVIDIA
2017-01-24 07:46:50 -------- d-----w- C:\mfaktc
2017-01-24 07:44:27 -------- d-----w- C:\Users\Norman\AppData\Local\CEF
2017-01-24 07:44:16 120256 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2017-01-24 07:44:15 1854400 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2017-01-24 07:44:15 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2017-01-24 07:44:15 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2017-01-24 07:44:14 1452480 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2017-01-24 07:43:40 269600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2017-01-24 07:43:40 261920 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2017-01-24 07:43:40 125216 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2017-01-24 07:43:40 110880 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2017-01-24 07:43:40 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-01-24 07:43:10 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2017-01-24 07:42:04 -------- d-----w- C:\ProgramData\Package Cache
2017-01-24 07:35:09 511328 ----a-w- C:\WINDOWS\System32\d3dx10_43.dll
2017-01-24 07:35:09 470880 ----a-w- C:\WINDOWS\SysWow64\d3dx10_43.dll
2017-01-24 07:35:09 276832 ----a-w- C:\WINDOWS\System32\d3dx11_43.dll
2017-01-24 07:35:09 248672 ----a-w- C:\WINDOWS\SysWow64\d3dx11_43.dll
2017-01-24 07:35:08 2401112 ----a-w- C:\WINDOWS\System32\D3DX9_43.dll
2017-01-24 07:35:08 1998168 ----a-w- C:\WINDOWS\SysWow64\D3DX9_43.dll
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA Corporation
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA
2017-01-24 07:33:58 838224 ----a-w- C:\WINDOWS\System32\msvcr110.dll
2017-01-24 07:33:58 670800 ----a-w- C:\WINDOWS\System32\msvcp110.dll
2017-01-24 07:33:58 3942864 ----a-w- C:\WINDOWS\System32\LogiLDA.DLL
2017-01-24 07:33:58 363616 ----a-w- C:\WINDOWS\System32\vccorlib110.dll
2017-01-24 07:33:58 2468304 ----a-w- C:\WINDOWS\System32\LdaCx2.dll
2017-01-24 07:33:52 1558648 ----a-w- C:\WINDOWS\System32\nvdispgenco6435582.dll
2017-01-24 07:33:51 1898104 ----a-w- C:\WINDOWS\System32\nvdispco6435582.dll
2017-01-24 07:30:52 1187344 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-01-24 07:30:52 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7505EA83-1D9D-46FB-BA41-7AD0082355EF}\gapaengine.dll
2017-01-24 07:30:29 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-01-24 07:20:32 -------- d-----w- C:\Users\Norman\AppData\Local\MicrosoftEdge
2017-01-19 03:08:52 712096 ----a-w- C:\WINDOWS\System32\ndm-fre.exe
.
==================== Find3M ====================
.
2017-01-24 22:32:30 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-01-24 09:57:57 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-GPOV9FN_defaultuser0_HistoryPrediction.bin
2017-01-24 09:20:41 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-24 09:20:41 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-12-29 08:21:02 97784 ----a-w- C:\WINDOWS\suite.vssMgr.exe
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-11-22 23:20:16 583680 ----a-w- C:\WINDOWS\System32\quickassist.exe
2016-11-22 23:16:11 27136 ----a-w- C:\WINDOWS\SysWow64\opencl.dll
2016-11-22 23:14:59 99840 ----a-w- C:\WINDOWS\SysWow64\rdvgumd32.dll
2016-11-22 22:56:38 6354944 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2016-11-22 22:55:59 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-22 22:54:33 75104 ----a-w- C:\WINDOWS\System32\SyncAppvPublishingServer.exe
2016-11-22 22:54:33 291680 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.exe
2016-11-22 22:54:33 268128 ----a-w- C:\WINDOWS\System32\AppVFileSystemMetadata.dll
2016-11-22 22:54:33 236384 ----a-w- C:\WINDOWS\System32\AppVStreamMap.dll
2016-11-22 22:54:33 21856 ----a-w- C:\WINDOWS\System32\ScriptRunner.exe
2016-11-22 22:54:33 202592 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.dll
2016-11-22 22:54:33 178528 ----a-w- C:\WINDOWS\System32\AppVNice.exe
2016-11-22 22:54:33 157024 ----a-w- C:\WINDOWS\System32\drivers\AppvVemgr.sys
2016-11-22 22:54:33 141152 ----a-w- C:\WINDOWS\System32\drivers\AppvVfs.sys
2016-11-22 22:54:33 13824 ----a-w- C:\WINDOWS\System32\appvetwstreamingux.dll
2016-11-22 22:54:33 129024 ----a-w- C:\WINDOWS\System32\appvetwclientres.dll
2016-11-22 22:54:17 88064 ----a-w- C:\WINDOWS\System32\rdpsign.exe
2016-11-22 22:49:49 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2016-11-22 22:49:49 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\SysWow64\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\System32\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:45 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-GB\NdisImPlatform.sys.mui
2016-11-22 22:48:44 8192 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2016-11-22 22:48:44 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2016-11-22 22:48:44 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2016-11-22 22:48:44 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-GB\SensorsCx.dll.mui
.
============= FINISH: 19:14:47.16 ===============

Attached Files

attach.txt (16.8 KB)

Somebody used my credit card info to open an Amazon account. I'm not sure how they got the data. My main concern is whether there is some malware on my computer, in which case a new credit card won't do much good.
Any help will be appreciated.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Falko at 13:16:23 on 2017-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1409 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{D3284116-E7EA-4273-B08F-23EA62503736} : DHCPNameServer = 192.168.254.254
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\falko\application data\mozilla\firefox\profiles\ex9wq5lh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.siasl.org/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_194.dll
FF - ExtSQL: !HIDDEN! 2011-01-03 18:49; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2008-12-17 16896]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-10-13 11520]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2017-02-13 01:14:10 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-02-13 01:14:01 160256 ----a-w- c:\windows\system32\javacpl.cpl
2017-01-14 18:25:29 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-13 22:41:47 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-13 22:41:47 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:17:19.74 ===============

Attached Files

attach.txt (16.0 KB)

A lady I do a lot of tech work for just contacted me and said that when she starts her laptop she gets an audio message that says "But our support engineers can walk you through the removal process over the phone if you close this page before calling us we will be forced to disable your computer to prevent further damage to our network".

Any ideas? I don't trust her browsing, not that she goes to the wrong websites on purpose, but she insists on using Yahoo search engine and half of the time clicks the top results (ads).

My PC suddenly restarted in the middle of work yesterday. When windows restarts I immediately get this screen and I cannot do anything besides restarting. The screen is virtually frozen and all I can do is restart:banghead:

I thought it was a virus- reformatted my computer and reinstalled windows 10. After reinstalling Windows this didn't happen for a couple of hours before returning again. I did not connect my PC to any external hard drive or USB barring the Windows 10 bootable USB in the meanwhile. What would be my subsequent option? Thanks

Attached Thumbnails

 

Hi,
I am having trouble with some web pages playing up. Some I cant log into. Some I cant play sound cloud files. Noticed about 100 loopback addresses & connections when no apps alive for quiet a time. Login to email lags often mail wont open.

So I came here to run malwear fix.

Tried DDS.scr but I had eagle pcb design on, so I uninstalled it. Then dds.scr wanted to select program to open. Looked online a bit selected notepad. Now I am in jam how do I fix?

This was my original post:

http://www.techsupportforum.com/foru...t-1179401.html

I posted originally on Feb 5th, and per the instructions replied to my post with "Bump please" and that was a week ago and still no reply?

My computer has been starting up with lots of "application errors" and it seems like a lot of applications are not starting up. Also, Avast won't start for some reason when I'm not in safe-mode. It says the GUI is missing. Here is my DDS.txt and I've attached the Attach.txt.

Please help!
----------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.14393.0
Run by KaelGK at 21:46:26 on 2017-02-20
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8104.5823 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall *Enabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\helppane.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify] "C:\Users\Kael\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [OneDrive] "C:\Users\Kael\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\Kael\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [Yoga Picks] C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe -s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
StartupFolder: C:\Users\Kael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.169.169.1 8.8.8.8
TCP: Interfaces\{208fb71f-1dba-4a91-977a-b047d70c0463} : DHCPNameServer = 150.201.1.3
TCP: Interfaces\{409936e6-e490-440f-a3f5-cebcabc2fe28} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590} : DHCPNameServer = 10.169.169.1 8.8.8.8
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\14454533057335438343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\2556E61696373716E63656F534F4E464542554E43454 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\2556E61696373716E63656F57455543545 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\2556E61696373716E63656F5C4F4242495 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\3484946494D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76 75.75.75.75 75.75.76.76
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\348696058696D25376 : DHCPNameServer = 10.169.169.1 8.8.8.8
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\5514D275051423 : DHCPNameServer = 10.40.73.200 10.40.8.88
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\5574F4F5C4C434D253 : DHCPNameServer = 75.75.75.75 75.75.76.76 75.75.75.75 75.75.76.76
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\C496E6B63797371343339373 : DHCPNameServer = 12.127.16.67 10.130.0.1
TCP: Interfaces\{6c715c09-10b6-4252-b845-17b2d64c0590}\E45445745414250373 : DHCPNameServer = 209.18.47.62 209.18.47.61
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
x64-Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Yoga PhoneCompanion] C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
x64-Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
x64-Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-11 48992]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-2-18 251848]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-11 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-11 227328]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2016-7-30 32088]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\WINDOWS\System32\drivers\cmderd.sys [2016-9-8 40960]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\WINDOWS\System32\drivers\cmdhlp.sys [2016-9-8 54336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-2-18 176584]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-2-18 4355024]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2013-2-17 35600]
R3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
R3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\WINDOWS\System32\drivers\ikbevent.sys [2013-8-1 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\WINDOWS\System32\drivers\imsevent.sys [2013-8-1 21920]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-8-1 46568]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-8-22 26008]
R3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
R3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
R3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-11 64352]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2016-7-16 3485696]
R3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
R3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
R3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-3 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-11 81760]
R3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-2-17 309784]
S1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2016-7-30 991496]
S1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2016-7-30 547904]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\System32\drivers\cmdguard.sys [2016-9-8 862648]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-2-18 77416]
S1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
S1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
S1 GUBootStartup;GUBootStartup;C:\WINDOWS\System32\drivers\GUBootStartup.sys [2016-12-5 20160]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
S2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2016-7-30 126088]
S2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2016-7-30 162528]
S2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-2-17 262736]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-3-26 1206648]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-3-26 1165688]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 CDPUserSvc_32813;CDPUserSvc_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-8-10 2946304]
S2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
S2 DAMSvc;DragonAssistant3 Maintenance Service;C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [2014-1-27 4279056]
S2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\WINDOWS\System32\DptfParticipantProcessorService.exe [2014-6-2 115632]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe [2014-6-2 116656]
S2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;C:\WINDOWS\System32\DptfPolicyCriticalService.exe [2014-6-2 148688]
S2 DptfPolicyLpmService;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application;C:\WINDOWS\System32\DptfPolicyLpmService.exe [2014-6-2 124880]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
S2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
S2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-11-1 373744]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-8-1 198120]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-6-3 169432]
S2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service;C:\WINDOWS\System32\LenovoWiFiHotspotSvr.exe [2014-6-3 198192]
S2 LsvUIService;LsvUIService;C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [2014-6-3 70416]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 MSSQL$SQLSERVER1;SQL Server (SQLSERVER1);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLSERVER1\MSSQL\Binn\sqlservr.exe [2016-11-19 392896]
S2 MSSQLLaunchpad;SQL Server Launchpad (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\Launchpad.exe [2016-10-29 1015496]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-12-12 230920]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-12-12 69640]
S2 OneSyncSvc_32813;Sync Host_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S2 PG_Service_Launcher;PG_Service_Launcher;C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [2014-2-24 512776]
S2 PGService;PGService;C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [2014-2-24 167176]
S2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service;C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [2014-6-3 249872]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS13.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2016-4-30 2571976]
S2 ReportServer$SQLSERVER1;SQL Server Reporting Services (SQLSERVER1);C:\Program Files\Microsoft SQL Server\MSRS13.SQLSERVER1\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2016-4-30 2571976]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2016-4-30 2571976]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-6-3 390632]
S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-6-3 288472]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2017-2-18 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2017-2-18 4088608]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2017-2-18 235984]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-1-16 317400]
S2 SQLTELEMETRY$SQLSERVER1;SQL Server CEIP service (SQLSERVER1);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLSERVER1\MSSQL\Binn\sqlceip.exe [2016-10-29 249032]
S2 SQLTELEMETRY;SQL Server CEIP service (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [2016-10-29 249032]
S2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
S2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-6-3 249032]
S2 VeriFaceSrv;VeriFaceSrv;C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [2014-6-3 68368]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-9-9 576400]
S2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-11 119648]
S2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
S2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 ymc;ymc;C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [2014-6-3 34576]
S2 YogaPicks.AppService;YogaPicks.AppService;C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [2014-6-3 19440]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-17 3816176]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 acsock;acsock;C:\WINDOWS\System32\drivers\acsock64.sys [2017-1-30 129520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-2-17 7142136]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2016-7-30 38296]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-11-11 168448]
S3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-7-16 37376]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-11-11 249856]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\WINDOWS\System32\drivers\btmaux.sys [2014-3-26 140600]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-11 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-9-14 2271928]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DptfDevPch;DptfDevPch;C:\WINDOWS\System32\drivers\DptfDevPch.sys [2014-6-2 114680]
S3 DptfDevProc;DptfDevProc;C:\WINDOWS\System32\drivers\DptfDevProc.sys [2014-6-2 287160]
S3 DptfManager;DptfManager;C:\WINDOWS\System32\drivers\DptfManager.sys [2014-6-2 494272]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-11-11 230656]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 INETMON;INETMON;C:\WINDOWS\System32\drivers\INETMON.sys [2014-6-3 29088]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-8-22 39320]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-2-18 110536]
S3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-2-18 43968]
S3 MessagingService_32813;MessagingService_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsMpiLaunchSvc;MS-MPI Launch Service;C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [2016-3-4 23040]
S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2016-4-30 51392]
S3 MSSQLFDLauncher$SQLSERVER1;SQL Full-text Filter Daemon Launcher (SQLSERVER1);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLSERVER1\MSSQL\Binn\fdlauncher.exe [2016-4-30 51392]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2016-4-30 51392]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-17 284912]
S3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2016-12-25 251096]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service;C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [2014-6-3 328720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_32813;Contact Data_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-6-3 8247640]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 scvad_simple;SplitCam Virtual Microphone (WDM);C:\WINDOWS\System32\drivers\SplitCamAudio.sys [2016-2-8 23552]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-11-11 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 splitcam_hd_driver;SplitCam Virtual Video Driver;C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [2016-2-8 37600]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2016-9-26 13920]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_32813;User Data Storage_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 UserDataSvc_32813;User Data Access_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-9-6 108776]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-11 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_32813;Windows Push Notifications User Service_32813;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-6-3 102376]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-11 43520]
S4 RsFx0410;RsFx0410 Driver;C:\WINDOWS\System32\drivers\RsFx0410.sys [2016-10-20 261840]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2016-11-19 565952]
S4 SQLAgent$SQLSERVER1;SQL Server Agent (SQLSERVER1);C:\Program Files\Microsoft SQL Server\MSSQL13.SQLSERVER1\MSSQL\Binn\SQLAGENT.EXE [2016-11-19 565952]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-02-21 04:50:58 -------- d-----w- C:\$WINDOWS.~BT
2017-02-21 04:49:51 -------- d--h--w- C:\$SysReset
2017-02-21 01:28:49 -------- d-----w- C:\Users\Kael\AppData\Local\Programs
2017-02-21 01:21:12 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-20 18:13:28 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76C53FB8-A974-44C7-B439-FA360A95C30D}\mpengine.dll
2017-02-20 18:13:17 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-02-20 18:12:17 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
2017-02-20 18:12:16 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47679874-B5A5-47D7-8547-048EAD4A1D48}\gapaengine.dll
2017-02-20 07:19:55 -------- d-----w- C:\Users\Kael\AppData\Local\ElevatedDiagnostics
2017-02-19 07:26:20 -------- d-----w- C:\Users\Kael\AppData\Local\VirtualStore
2017-02-19 07:25:06 -------- d-----w- C:\Users\Kael\AppData\Roaming\Intel
2017-02-19 04:39:15 91584 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-02-19 04:39:15 176584 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-02-19 04:39:15 110536 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-02-19 04:39:10 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-02-19 04:39:07 251848 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-02-19 04:39:01 77416 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-02-19 04:38:56 -------- d-----w- C:\ProgramData\Malwarebytes
2017-02-19 04:38:56 -------- d-----w- C:\Program Files\Malwarebytes
2017-02-19 03:58:52 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2017-02-19 03:58:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2017-02-19 03:58:46 -------- d---a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-17 09:12:12 48528 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys
2017-02-17 09:12:12 334600 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys
2017-02-17 09:12:12 309784 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys
2017-02-17 09:12:12 189768 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys
2017-02-16 17:57:20 84992 ----a-w- C:\WINDOWS\SysWow64\atl70.dll
2017-02-16 17:57:20 24064 ----a-w- C:\WINDOWS\SysWow64\msxml3a.dll
2017-02-16 17:57:20 -------- d-----w- C:\Program Files (x86)\Jabber
2017-02-16 12:29:37 -------- d-----w- C:\WINDOWS\Panther
2017-02-16 08:43:10 -------- d-----w- C:\Users\Kael\AppData\Local\Power BI
2017-02-16 08:34:14 -------- d-----w- C:\Program Files\Microsoft Power BI Desktop
2017-02-14 05:13:23 58560 ----a-w- C:\WINDOWS\System32\perf-ReportServer$SQLSERVER1-rsctr13.1.4001.0.dll
2017-02-14 05:13:23 51400 ----a-w- C:\WINDOWS\SysWow64\perf-ReportServer$SQLSERVER1-rsctr13.1.4001.0.dll
2017-02-14 05:12:30 51912 ----a-w- C:\WINDOWS\System32\perf-MSSQL13.SQLSERVER1-sqlagtctr.dll
2017-02-14 05:12:30 44232 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL13.SQLSERVER1-sqlagtctr.dll
2017-02-14 05:12:18 118472 ----a-w- C:\WINDOWS\System32\perf-MSSQL$SQLSERVER1-sqlctr13.1.4001.0.dll
2017-02-14 05:12:18 103624 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL$SQLSERVER1-sqlctr13.1.4001.0.dll
2017-02-14 04:52:54 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2017-02-14 04:52:54 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2017-02-14 04:35:12 58560 ----a-w- C:\WINDOWS\System32\perf-ReportServer$SQLEXPRESS-rsctr13.1.4001.0.dll
2017-02-14 04:35:12 51400 ----a-w- C:\WINDOWS\SysWow64\perf-ReportServer$SQLEXPRESS-rsctr13.1.4001.0.dll
2017-02-14 04:33:14 44232 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL13.SQLEXPRESS-sqlagtctr.dll
2017-02-14 04:33:13 51912 ----a-w- C:\WINDOWS\System32\perf-MSSQL13.SQLEXPRESS-sqlagtctr.dll
2017-02-14 04:33:00 118472 ----a-w- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr13.1.4001.0.dll
2017-02-14 04:33:00 103624 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr13.1.4001.0.dll
2017-02-07 20:43:31 -------- d-----w- C:\Users\Kael\AppData\Roaming\WhatsApp
2017-02-07 20:43:22 -------- d-----w- C:\Users\Kael\AppData\Local\WhatsApp
2017-02-07 20:43:19 -------- d-----w- C:\Users\Kael\AppData\Local\SquirrelTemp
2017-02-05 06:38:42 251072 ----a-w- C:\WINDOWS\System32\SQSRVRES.DLL
2017-02-02 17:59:06 58560 ----a-w- C:\WINDOWS\System32\perf-ReportServer-rsctr13.1.4001.0.dll
2017-02-02 17:59:06 51400 ----a-w- C:\WINDOWS\SysWow64\perf-ReportServer-rsctr13.1.4001.0.dll
2017-02-02 17:56:42 44232 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL13.MSSQLSERVER-sqlagtctr.dll
2017-02-02 17:56:41 51912 ----a-w- C:\WINDOWS\System32\perf-MSSQL13.MSSQLSERVER-sqlagtctr.dll
2017-02-02 17:56:30 118472 ----a-w- C:\WINDOWS\System32\perf-MSSQLSERVER-sqlctr13.1.4001.0.dll
2017-02-02 17:56:30 103624 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQLSERVER-sqlctr13.1.4001.0.dll
2017-02-02 17:56:24 81600 ----a-w- C:\WINDOWS\System32\fssres.dll
2017-02-02 17:56:23 177856 ----a-w- C:\WINDOWS\System32\hadrres.dll
2017-02-02 17:53:26 -------- d-----w- C:\WINDOWS\System32\RsFx
2017-02-02 17:50:16 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2017-02-02 17:50:16 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2017-02-02 17:49:52 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2017-02-02 17:49:45 -------- d---a-w- C:\Program Files\Microsoft MPI
2017-02-02 17:09:26 -------- d-----w- C:\SQLServer2016Media
2017-01-30 20:31:26 129520 ----a-r- C:\WINDOWS\System32\drivers\acsock64.sys
2017-01-29 05:35:09 -------- d-----w- C:\Program Files\Common Files\AV
2017-01-25 07:01:35 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 07:01:35 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-24 05:38:45 -------- d-----w- C:\TFS
2017-01-24 05:38:17 -------- d-----w- C:\ProgramData\Microsoft Team Foundation Local Workspaces
2017-01-24 05:31:43 -------- d-----w- C:\Users\Kael\.cisco
2017-01-24 05:31:42 -------- d-----w- C:\Program Files\Cisco
2017-01-24 05:31:27 -------- d-----w- C:\Users\Kael\AppData\Local\Cisco
2017-01-24 05:31:27 -------- d-----w- C:\ProgramData\Cisco
2017-01-24 05:31:20 -------- d-----w- C:\anyconnectInstall
2017-01-24 05:31:19 -------- d-----w- C:\ProgramData\Symantec
2017-01-24 05:30:08 -------- d--h--w- C:\VTRoot
2017-01-24 05:16:53 -------- d-----w- C:\Users\Kael\AppData\Local\Microsoft_Corporation
2017-01-24 01:08:19 82432 ----a-w- C:\WINDOWS\System32\VSD3DWARP12Debug.dll
2017-01-24 01:08:19 6583296 ----a-w- C:\WINDOWS\System32\d3d12warp.dll
2017-01-24 01:08:19 61952 ----a-w- C:\WINDOWS\System32\VSD3DWARPDebug.dll
2017-01-24 01:08:19 5850624 ----a-w- C:\WINDOWS\System32\VsGraphicsDesktopEngine.exe
2017-01-24 01:08:19 4978176 ----a-w- C:\WINDOWS\SysWow64\d3d12warp.dll
2017-01-24 01:08:19 4596224 ----a-w- C:\WINDOWS\SysWow64\VsGraphicsDesktopEngine.exe
2017-01-24 01:08:19 2795520 ----a-w- C:\WINDOWS\System32\d3d12SDKLayers.dll
2017-01-24 01:08:19 2220032 ----a-w- C:\WINDOWS\SysWow64\d3d12SDKLayers.dll
2017-01-24 01:08:18 64000 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARP12Debug.dll
2017-01-24 01:08:18 60928 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARPDebug.dll
2017-01-24 01:08:18 384000 ----a-w- C:\WINDOWS\System32\DXCpl.exe
2017-01-24 01:08:18 362496 ----a-w- C:\WINDOWS\SysWow64\DXCpl.exe
2017-01-23 21:34:56 -------- d-----w- C:\Program Files (x86)\AppInsights
2017-01-23 21:33:57 2572832 ----a-w- C:\ProgramData\Microsoft\VisualStudioSecondaryInstaller\14.0\installers\MicroUpdate3.5\en\0\vs14-kb3165756.exe
2017-01-23 21:33:52 6283264 ----a-w- C:\ProgramData\Microsoft\VisualStudioSecondaryInstaller\14.0\installers\AppInsightsToolsVisualStudio_HiddenVSU3RTMV1_7.0.20620.1\en\0\AppInsights_VisualStudio.msi
2017-01-23 21:33:47 1908736 ----a-w- C:\ProgramData\Microsoft\VisualStudioSecondaryInstaller\14.0\installers\JavaScriptProjectSystem_Hidden_14.0.25527\en\0\JavaScript_ProjectSystem.msi
2017-01-23 21:33:42 3985408 ----a-w- C:\ProgramData\Microsoft\VisualStudioSecondaryInstaller\14.0\installers\JavaScriptLanguageService_Hidden_14.0.25527\en\0\JavaScript_LanguageService.msi
2017-01-23 21:25:21 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2017-01-23 21:24:47 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2017-01-23 21:03:46 -------- d---a-w- C:\Program Files\IIS Express
2017-01-23 21:03:46 -------- d---a-w- C:\Program Files (x86)\IIS Express
2017-01-23 21:02:57 -------- d-----w- C:\Program Files (x86)\Microsoft Office365 Tools
2017-01-23 21:02:56 -------- d-----w- C:\Users\Kael\AppData\Local\VSIXInstaller
2017-01-23 21:02:17 -------- d-----w- C:\ProgramData\NuGet
2017-01-23 21:02:17 -------- d-----w- C:\Program Files (x86)\NuGet
2017-01-23 20:58:23 -------- d-----w- C:\Program Files\Microsoft Visual Studio 12.0
2017-01-23 20:58:22 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 12.0
.
==================== Find3M ====================
.
2017-02-21 01:38:40 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-17 09:12:20 337080 ----a-w- C:\WINDOWS\System32\drivers\aswvmm.sys
2017-02-17 09:12:02 162528 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2017-02-17 09:12:01 74680 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2017-02-17 09:12:01 38296 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2017-02-17 09:12:01 126088 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2017-02-17 09:12:01 100640 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2017-02-17 09:11:49 991496 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2017-02-17 09:11:49 32088 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2017-02-02 02:20:28 379136 ----a-w- C:\WINDOWS\System32\ibtproppage.dll
2017-02-02 02:20:28 230656 ----a-w- C:\WINDOWS\System32\drivers\ibtusb.sys
2017-02-02 02:20:28 184064 ----a-w- C:\WINDOWS\System32\ibtsiva.exe
2017-01-24 05:31:37 52592 ----a-w- C:\WINDOWS\System32\drivers\vpnva64-6.sys
2017-01-23 22:46:12 135488 ----a-w- C:\WINDOWS\System32\mfcm140ud.dll
2017-01-23 22:46:12 131920 ----a-w- C:\WINDOWS\System32\vcruntime140d.dll
2017-01-19 17:01:15 320696 ----a-w- C:\WINDOWS\SysWow64\vsjitdebugger.exe
2017-01-19 16:24:12 165352 ----a-w- C:\WINDOWS\System32\drivers\UMDF\SensorsSimulatorDriver.dll
2017-01-19 16:24:11 372920 ----a-w- C:\WINDOWS\System32\vsjitdebugger.exe
2017-01-11 18:25:45 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-01-11 18:25:45 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-01-11 10:12:59 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-09 20:00:11 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
2016-12-09 09:19:32 119296 ----a-w- C:\WINDOWS\System32\InputLocaleManager.dll
2016-12-09 09:18:38 3666432 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2016-12-09 09:18:36 2138112 ----a-w- C:\WINDOWS\SysWow64\InputService.dll
2016-12-09 09:18:23 165376 ----a-w- C:\WINDOWS\SysWow64\mdmregistration.dll
2016-12-09 09:17:08 566784 ----a-w- C:\WINDOWS\SysWow64\ShareHost.dll
2016-12-09 09:16:03 353280 ----a-w- C:\WINDOWS\SysWow64\TextInputFramework.dll
2016-12-09 09:15:59 206848 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
2016-12-09 09:15:51 68096 ----a-w- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
2016-12-09 09:15:49 92672 ----a-w- C:\WINDOWS\SysWow64\InputLocaleManager.dll
2016-12-09 08:54:48 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2016-12-05 07:50:03 20160 ----a-w- C:\WINDOWS\System32\drivers\GUBootStartup.sys
.
============= FINISH: 21:46:43.60 ===============

Attached Files

attach.txt (32.7 KB)

Hello,

I have an HP TPN-126 with Windows 10 OS. From Mozilla Firefox browser I clicked on a link that redirected me to a fake Microsoft site, which led to a popup window with audio alert advising that porn had been downloaded to my computer and advising that if I didn't provide credit information this porn activity would be reported to authorities.

I have used Malwarebytes in the past, so I did run it, and it uncovered a threat that is quarantined. It was not the problem, as reopening Mozilla resulted in the same behavior as prior.

I can't close the Mozilla windows and have to resort to shutting down my computer. I used Edge to get to your website, and I see no strange behavior from this browser.

I am not well versed in computer lingo, so I am hoping for little patience with questions I might have; but I sincerely want to thank you in advance for any assistance you can provide.

Cheer,
Amanogawa

_____________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Pat at 12:41:25 on 2017-02-24
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.7113.4269 [GMT 8:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\windows\system32\mfevtps.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\windows\system32\mfevtps.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\AMD\CNext\CNext\cnext.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Pat\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [OneDrive] "C:\Users\Pat\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series"
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
mRun: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
dRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.188.1
TCP: Interfaces\{f2c7b628-a719-4b1c-b47c-8d291840eb9e} : DHCPNameServer = 192.168.188.1
TCP: Interfaces\{f2c7b628-a719-4b1c-b47c-8d291840eb9e}\64F6E60275966496 : DHCPNameServer = 192.168.182.100 192.168.182.200
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [StartCN] "c:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2016-9-20 73976]
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2016-9-20 277240]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2017-1-19 48992]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2016-9-20 916432]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2016-9-20 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-1-19 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-1-19 227328]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-2-24 309784]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2017-2-24 32088]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2017-2-24 991496]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2017-2-24 547904]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-2-24 77416]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2016-3-27 138752]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-9-20 249344]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2017-2-24 126088]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2017-2-24 162528]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-2-24 262736]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_ccd2a;CDPUserSvc_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-4-16 3699904]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-1-4 144560]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-12-22 349728]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-21 31776]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [2016-1-12 606224]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-2-24 176584]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-2-24 4355024]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [2017-2-12 989632]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2016-9-20 383032]
R2 OneSyncSvc_ccd2a;Sync Host_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2016-9-20 389896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-9-20 310016]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-8-19 266872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-1-19 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-8-4 3732896]
R3 AmdAS4;AmdAS4 service;C:\WINDOWS\System32\drivers\AmdAS4.sys [2016-9-20 27384]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-2-24 7142136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-9-20 111120]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-10-15 250624]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-2-24 110536]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-2-24 43968]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-2-24 251848]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-2-24 91584]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2016-9-20 484576]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2016-9-20 366320]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2016-9-20 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2016-9-20 518184]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110248]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2016-9-20 342768]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-9-13 7308560]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-9-20 935168]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-9-20 68728]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-1-19 719360]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2015-8-13 30544]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2016-9-20 85048]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-16 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 HomeNetSvc;McAfee Home Network;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 mccspsvc;McAfee CSP Service;"C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe" --> C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [?]
S2 mcpltsvc;McAfee Platform Services;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 tbaseprovisioning;tbaseprovisioning;C:\Windows\SysWOW64\tbaseprovisioning.exe [2016-9-20 54808]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2016-9-20 101112]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2017-2-24 38296]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-1-19 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-1-19 118272]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2016-9-20 88456]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClientAnalyticsService;ClientAnalyticsService;"C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" --> C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [?]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-16 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-12-22 209952]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 McAWFwk;McAfee Activation Service;C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe --> C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [?]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-1-19 64352]
S3 MessagingService_ccd2a;MessagingService_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-8-4 268704]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_ccd2a;Contact Data_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-9-20 413912]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-1-19 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-9-20 62568]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-1-19 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_ccd2a;User Data Storage_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_ccd2a;User Data Access_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_ccd2a;Windows Push Notifications User Service_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-1-19 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-1-19 43520]
S4 McOobeSv2;McAfee OOBE Service2;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-02-24 03:33:19 176584 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-02-24 03:33:16 91584 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-02-24 03:33:16 110536 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-02-24 03:33:08 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-02-24 03:33:00 251848 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-02-24 03:32:47 77416 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-02-24 03:32:40 -------- d-----w- C:\ProgramData\Malwarebytes
2017-02-24 03:32:40 -------- d-----w- C:\Program Files\Malwarebytes
2017-02-24 03:32:00 -------- d-----w- C:\Users\Pat\AppData\Local\Programs
2017-02-24 02:52:18 -------- d-----w- C:\Users\Pat\AppData\Local\Google
2017-02-24 02:50:01 32088 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2017-02-24 02:48:48 -------- d-----w- C:\ProgramData\SWCUTemp
2017-02-24 02:48:36 -------- d-----w- C:\Users\Pat\AppData\Roaming\AVAST Software
2017-02-24 02:48:07 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2017-02-24 02:44:28 -------- d-----w- C:\Program Files\AVAST Software
2017-02-24 02:44:01 -------- d-----w- C:\ProgramData\AVAST Software
2017-02-16 03:12:31 -------- d-----w- C:\Users\Pat\AppData\Roaming\OpenOffice
2017-02-16 03:11:03 -------- d---a-w- C:\Program Files (x86)\OpenOffice 4
2017-01-31 02:31:01 -------- d-----w- C:\ProgramData\AMD
2017-01-25 08:01:25 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 08:01:25 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2017-02-24 02:48:10 337080 ----a-w- C:\WINDOWS\System32\drivers\aswvmm.sys
2017-02-24 02:47:01 74680 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2017-02-24 02:47:01 38296 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2017-02-24 02:47:01 162528 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2017-02-24 02:47:01 126088 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2017-02-24 02:47:00 100640 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2017-02-24 02:46:03 991496 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2017-02-24 02:45:35 48528 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys
2017-02-24 02:45:34 334600 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys
2017-02-24 02:45:34 309784 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys
2017-02-24 02:45:34 189768 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys
2017-02-15 03:13:29 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-01-19 08:40:58 983040 ----a-w- C:\WINDOWS\System32\RemoteNaturalLanguage.dll
2017-01-19 08:20:24 55296 ----a-w- C:\WINDOWS\System32\admwprox.dll
2017-01-19 08:20:24 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2017-01-19 08:20:24 203776 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2017-01-19 08:20:24 19456 ----a-w- C:\WINDOWS\System32\iisreset.exe
2017-01-19 08:20:24 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2017-01-19 08:20:24 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2017-01-19 08:20:22 50688 ----a-w- C:\WINDOWS\SysWow64\admwprox.dll
2017-01-19 08:20:22 26112 ----a-w- C:\WINDOWS\SysWow64\ahadmin.dll
2017-01-19 08:20:22 17408 ----a-w- C:\WINDOWS\SysWow64\iisreset.exe
2017-01-19 08:20:22 172032 ----a-w- C:\WINDOWS\SysWow64\iisRtl.dll
2017-01-19 08:20:22 11264 ----a-w- C:\WINDOWS\SysWow64\wamregps.dll
2017-01-19 08:20:22 10240 ----a-w- C:\WINDOWS\SysWow64\iisrstap.dll
2017-01-19 08:19:18 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2017-01-19 08:19:17 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2017-01-18 16:59:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2017-01-18 16:58:41 96286 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2017-01-01 03:41:30 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-01 03:41:30 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
.
============= FINISH: 12:43:50.47 ===============

Attached Files

attach.txt (7.3 KB)

Guys, how to get rid of the virus? my brother installed on the laptop some game and now every 5-10 minutes to open a page with advertising of some casino and games. Avast scanned and found nothing. And nonsense this all the time there.

My computer has been lagging at times for at least 2months now. It started when i tried downloading a game using a torrent website, and its been bad since. I've used avg,malwarebytes and other virus programs. They seem to help , but then it comes back, and they can never remove the viruses in the "system-32 or system based folders" I tried running DDS and it said not able to run in Compatibility mode. Im stuck, im a new user and i really need help. Thanks in advance.

Hello there,

Since I reinstalled Windows a few weeks ago, I've been having some issues. The issues regarding games have been fixed, but my browsers are almost unuseable now. At first I thought it was just Chrome, even though I had AdBlock, Pop-Up Blocker installed, but after my Chrome started refusing to open/reinstall, I found the same issue on Edge. Now I have regained access to Chrome, I have come to this forum for help. I think I may have downloaded a dodgy piece of software at some point when reinstalling my programs. Any help would be appreciated, because at this point I can't even click on the internet without a pop-up opening. I've tried all the obvious things like clean reinstalls, virus scans, etc.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by david at 23:48:18 on 2017-03-03
Microsoft Windows 10 Home 10.0.14393.0.1252.44.1033.18.16303.10604 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
C:\Users\david\AppData\Local\Temp\ds93_l\DisplayService.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
C:\Windows\SysWoW64\NetUtils2016.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
C:\Windows\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SettingSyncHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\david\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\david\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Users\david\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Windows\System32\fontdrvhost.exe
C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaAppManager.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Windows\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\smartscreen.exe
svchost.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\backgroundTaskHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [OneDrive] "C:\Users\david\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Discord] C:\Users\david\AppData\Local\Discord\app-0.0.297\Discord.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\david\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [ffdvox] rundll32.exe "C:\Users\david\AppData\Local\ffdvox.dll",ffdvox
uRun: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe" -silent
uRun: [GoogleChromeAutoLaunch_C8D43A3EEFF19C42AA31C68EEE7A5AF4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
mRun: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
mRun: [Kraken71ChromaHelper] C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe /start
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0189f978-6f52-4f4c-b880-eaac2c836213} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0189f978-6f52-4f4c-b880-eaac2c836213} : DHCPNameServer = 192.168.0.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\Windows\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\Windows\System32\drivers\iorate.sys [2017-2-13 48992]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\Windows\System32\drivers\klupd_klif_arkmon.sys [2017-2-23 218920]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\Windows\System32\drivers\klupd_klif_klbg.sys [2017-2-23 104720]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2017-2-13 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2017-2-13 227328]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2017-2-23 435032]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-6-20 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\Windows\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2016-6-2 134880]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2016-6-14 194480]
R1 NetUtils2016;NetUtils2016;C:\Windows\System32\drivers\NetUtils2016.sys [2017-2-17 909944]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [2016-6-28 241544]
R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_1c4d49f;CDPUserSvc_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\Windows\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 CtHdaSvc;Sound Blaster Audio Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2015-6-22 122880]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 Installer;Installer;C:\Users\david\AppData\Local\Temp\ds93_l\DisplayService.exe [2017-2-17 8192]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 NetUtils2016srv;NetUtils2016srv;C:\Windows\System32\NetUtils2016.exe --> C:\Windows\System32\NetUtils2016.exe [?]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-2-13 464440]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-13 464440]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-2-13 427064]
R2 OneSyncSvc_1c4d49f;Sync Host_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Origin Web Helper Service;Origin Web Helper Service;C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-2-13 2184208]
R2 Razer Chroma SDK Service;Razer Chroma SDK Service;C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [2017-1-17 63488]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2016-9-24 189264]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2017-2-13 44144]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2017-2-13 137840]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-2-18 10351856]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 Wallpaper Engine Service;Wallpaper Engine Service;C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe -x64 --> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe -x64 [?]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2017-2-13 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 cthda;Sound Blaster Audio Driver;C:\Windows\System32\drivers\cthda.sys [2015-6-22 1074984]
R3 cthdb;Sound Blaster Audio Controller Driver;C:\Windows\System32\drivers\cthdb.sys [2015-6-22 42792]
R3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2017-2-23 191312]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2017-2-23 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2016-5-19 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\Windows\System32\drivers\klupd_klif_kimul.sys [2017-2-23 85984]
R3 klupd_klif_klark;klupd_klif_klark;C:\Windows\System32\drivers\klupd_klif_klark.sys [2017-2-23 245512]
R3 klupd_klif_mark;klupd_klif_mark;C:\Windows\System32\drivers\klupd_klif_mark.sys [2017-2-23 164888]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2017-2-13 47672]
R3 nvvhci;NVVHCI Enumerator Service;C:\Windows\System32\drivers\nvvhci.sys [2017-2-13 59448]
R3 PimIndexMaintenanceSvc_1c4d49f;Contact Data_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 RtlWlanu_OldIC;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu_oldIC.sys [2016-7-16 3814400]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_1c4d49f;User Data Storage_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_1c4d49f;User Data Access_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 klelam;klelam;C:\Windows\System32\drivers\klelam.sys [2016-3-31 28792]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 MOh3iXFrKcal Updater;MOh3iXFrKcal Updater;C:\Program Files (x86)\MOh3iXFrKcal Updater\MOh3iXFrKcal Updater.exe --> C:\Program Files (x86)\MOh3iXFrKcal Updater\MOh3iXFrKcal Updater.exe [?]
S2 serverss;SSServiceComponent;C:\Windows\Temp\B22C.tmp --> C:\Windows\Temp\B22C.tmp [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-1-16 317400]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-2-25 1465352]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2017-2-13 118272]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2017-2-13 64352]
S3 MessagingService_1c4d49f;MessagingService_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-2-13 464440]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-2-13 29240]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2017-2-13 2122248]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\Windows\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2017-2-13 1312768]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2017-2-13 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2017-2-13 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_1c4d49f;Windows Push Notifications User Service_1c4d49f;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2017-2-13 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2017-2-13 43520]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-03-02 18:56:26 395024 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2017-02-28 16:14:44 -------- d-----w- C:\Users\david\AppData\Roaming\OBS
2017-02-25 22:17:46 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2017-02-25 22:15:22 -------- d-----w- C:\Users\david\AppData\Local\SCE
2017-02-25 22:15:21 -------- d-----w- C:\Users\david\AppData\Local\Daybreak Game Company
2017-02-24 14:32:46 -------- d-----w- C:\Program Files (x86)\Powght_
2017-02-24 14:32:46 -------- d-----w- C:\Program Files (x86)\Powght
2017-02-24 00:36:23 -------- d-----w- C:\Users\david\AppData\Local\Google
2017-02-23 23:22:23 245512 ----a-w- C:\Windows\System32\drivers\klupd_klif_klark.sys
2017-02-23 23:20:10 85984 ----a-w- C:\Windows\System32\drivers\klupd_klif_kimul.sys
2017-02-23 23:20:10 218920 ----a-w- C:\Windows\System32\drivers\klupd_klif_arkmon.sys
2017-02-23 23:20:10 164888 ----a-w- C:\Windows\System32\drivers\klupd_klif_mark.sys
2017-02-23 23:20:10 104720 ----a-w- C:\Windows\System32\drivers\klupd_klif_klbg.sys
2017-02-23 23:19:54 110176 ----a-w- C:\Windows\System32\klfphc.dll
2017-02-23 23:19:51 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2017-02-23 23:19:47 435032 ----a-w- C:\Windows\System32\drivers\klhk.sys
2017-02-23 23:19:47 191312 ----a-w- C:\Windows\System32\drivers\klflt.sys
2017-02-23 23:01:45 -------- d-----w- C:\Program Files (x86)\Platcerhesy_
2017-02-23 23:01:45 -------- d-----w- C:\Program Files (x86)\Platcerhesy
2017-02-23 23:01:07 -------- d-----w- C:\Users\david\AppData\Roaming\EasyAntiCheat
2017-02-23 18:01:34 -------- d-----w- C:\ProgramData\Electronic Arts
2017-02-23 11:01:49 -------- d-----w- C:\Program Files (x86)\Phudikthwisy_
2017-02-23 11:01:49 -------- d-----w- C:\Program Files (x86)\Phudikthwisy
2017-02-22 17:11:50 -------- d-----w- C:\Program Files (x86)\Rokaphdruzitain_
2017-02-22 17:11:50 -------- d-----w- C:\Program Files (x86)\Rokaphdruzitain
2017-02-20 10:43:18 -------- d--h--w- C:\$WINDOWS.~BT
2017-02-20 10:32:54 -------- d-----w- C:\Program Files (x86)\Werroge_
2017-02-20 10:32:54 -------- d-----w- C:\Program Files (x86)\Werroge
2017-02-19 20:24:50 -------- d-----w- C:\Users\david\AppData\Local\Deployment
2017-02-19 20:24:50 -------- d-----w- C:\Users\david\AppData\Local\Apps
2017-02-19 05:42:41 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2017-02-19 05:40:16 -------- d-----w- C:\Users\david\AppData\Local\Adobe
2017-02-19 05:29:06 778936 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2017-02-19 05:29:06 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2017-02-19 05:29:06 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 05:29:05 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2017-02-19 05:29:05 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 05:29:05 1166520 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2017-02-18 19:54:24 -------- d-----w- C:\Users\david\AppData\Roaming\TeamViewer
2017-02-18 19:54:21 -------- d---a-w- C:\Program Files (x86)\TeamViewer
2017-02-18 11:59:56 -------- d-----w- C:\Users\david\AppData\Local\My Games
2017-02-18 10:33:41 -------- d-----w- C:\Users\david\AppData\Local\Rockstar Games
2017-02-18 10:33:34 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2017-02-18 10:33:25 -------- d-----w- C:\Program Files\Rockstar Games
2017-02-17 23:25:22 -------- d-----w- C:\Program Files\Common Files\AV
2017-02-17 23:25:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2017-02-17 23:04:10 -------- d-----w- C:\Users\david\AppData\Local\app
2017-02-17 23:03:08 -------- d-----w- C:\ProgramData\Zaamlas
2017-02-17 23:03:03 2048 ----a-w- C:\Users\david\AppData\Local\uninstallro.exe
2017-02-17 23:03:02 -------- d-----w- C:\Program Files\Common Files\Noobzo
2017-02-17 23:01:57 -------- d-----w- C:\Microsoft
2017-02-17 23:01:56 -------- d-----w- C:\Windows\System32\SSL
2017-02-17 23:01:54 -------- d-----w- C:\Users\david\AppData\Local\AnonymizerLauncher
2017-02-17 23:01:54 -------- d-----w- C:\Users\david\.proxycheck
2017-02-17 23:01:54 -------- d-----w- C:\Users\david\.AnonymizerLauncher
2017-02-17 15:46:51 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3895A3A5-99A1-462F-8A29-65C0967B4E27}\mpengine.dll
2017-02-16 19:41:53 555048 ----a-w- C:\Windows\System32\drivers\EasyAntiCheat.sys
2017-02-16 17:23:48 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-02-15 13:18:43 285184 ---ha-w- C:\Windows\System32\BITCF4D.tmp
2017-02-15 13:18:43 285184 ---ha-w- C:\Windows\System32\BIT8EC.tmp
2017-02-14 20:49:50 -------- d--h--w- C:\Program Files\Common FilesEAInstaller
2017-02-14 17:37:04 -------- d-----w- C:\HammerAutosave
2017-02-14 07:20:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2017-02-14 04:57:00 -------- d-----w- C:\Windows\Panther
2017-02-14 04:48:24 -------- d-----w- C:\Windows.old
2017-02-14 00:48:11 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2017-02-13 22:11:54 -------- d--h--w- C:\Program Files\Common Files\EAInstaller
2017-02-13 21:59:16 -------- d-----w- C:\Users\david\AppData\Roaming\ROCCAT
2017-02-13 21:55:23 -------- d-----w- C:\Program Files (x86)\Origin Games
2017-02-13 21:54:44 -------- d-----w- C:\Users\david\AppData\Roaming\Origin
2017-02-13 21:54:24 -------- d---a-w- C:\Program Files (x86)\Origin
2017-02-13 21:53:53 -------- d-----w- C:\Users\david\AppData\Local\Ubisoft Game Launcher
2017-02-13 21:53:37 -------- d-----w- C:\Users\david\.QtWebEngineProcess
2017-02-13 21:53:37 -------- d-----w- C:\Users\david\.Origin
2017-02-13 21:53:35 -------- d-----w- C:\ProgramData\Origin
2017-02-13 21:53:33 -------- d-----w- C:\Users\david\AppData\Local\Origin
2017-02-13 21:53:32 134080 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2017-02-13 21:53:29 273696 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2017-02-13 21:53:29 266528 ----a-w- C:\Windows\System32\vulkan-1.dll
2017-02-13 21:53:29 125728 ----a-w- C:\Windows\System32\vulkaninfo.exe
2017-02-13 21:53:29 111392 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2017-02-13 21:52:08 90112 ------w- C:\Windows\Updreg.EXE
2017-02-13 21:52:08 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-02-13 21:52:08 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-02-13 21:52:08 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-02-13 21:52:07 1898496 ------w- C:\Windows\System32\Sens_oal.dll
2017-02-13 21:52:07 1609728 ------w- C:\Windows\SysWow64\Sens_oal.dll
2017-02-13 21:52:07 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-02-13 21:52:06 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2017-02-13 21:52:06 53248 ------w- C:\Windows\Ctregrun.exe
2017-02-13 21:52:03 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2017-02-13 21:52:00 42496 ------w- C:\Windows\System32\AddCat.exe
2017-02-13 21:52:00 183808 ------w- C:\Windows\System32\CTOPT352.dll
2017-02-13 21:49:38 137840 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2017-02-13 21:49:27 44144 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2017-02-13 21:49:12 -------- d---a-w- C:\Program Files\TeamSpeak 3 Client
2017-02-13 21:47:54 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-13 21:47:51 -------- d-----w- C:\ProgramData\Package Cache
2017-02-13 21:47:49 -------- d-----w- C:\Program Files\Razer Chroma SDK
2017-02-13 21:47:49 -------- d-----w- C:\Program Files (x86)\Razer Chroma SDK
2017-02-13 21:47:18 59448 ----a-w- C:\Windows\System32\drivers\nvvhci.sys
2017-02-13 21:47:18 47672 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2017-02-13 21:47:18 158264 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2017-02-13 21:47:18 126008 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2017-02-13 21:47:08 -------- d-----w- C:\ProgramData\ROCCAT
2017-02-13 21:46:43 -------- d-----w- C:\Program Files (x86)\ROCCAT
2017-02-13 21:46:32 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2017-02-13 21:46:32 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2017-02-13 21:46:32 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2017-02-13 21:46:32 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2017-02-13 21:46:32 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2017-02-13 21:44:43 -------- d-----w- C:\Users\david\AppData\Local\Razer
2017-02-13 21:37:51 -------- d-----w- C:\Users\david\Tracing
2017-02-13 21:37:49 -------- d-----r- C:\Program Files (x86)\Skype
2017-02-13 21:36:20 -------- d-----w- C:\Users\david\AppData\Roaming\discord
2017-02-13 21:36:16 -------- d-----w- C:\Users\david\AppData\Local\Discord
2017-02-13 21:36:15 -------- d-----w- C:\Users\david\AppData\Local\SquirrelTemp
2017-02-13 21:36:15 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2017-02-13 21:35:49 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-02-13 21:35:49 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F3BCB78-1F4E-4FF3-8AFD-BFDCD0902D8C}\gapaengine.dll
2017-02-13 21:35:28 485032 ------w- C:\Windows\System32\MpSigStub.exe
2017-02-13 21:35:17 -------- d-----w- C:\Users\david\AppData\Local\ClassicShell
2017-02-13 21:35:16 -------- d-----w- C:\Users\david\AppData\Roaming\ClassicShell
2017-02-13 21:34:45 -------- d-----w- C:\Windows\System32\MRT
2017-02-13 21:34:15 -------- d-----w- C:\ProgramData\ClassicShell
2017-02-13 21:32:41 -------- d-----w- C:\Program Files\Classic Shell
2017-02-13 21:29:26 -------- d-----w- C:\Users\david\AppData\Local\Steam
2017-02-13 21:29:10 -------- d-----w- C:\Program Files (x86)\Steam
2017-02-13 21:27:31 142848 ----a-w- C:\Windows\System32\poqexec.exe
2017-02-13 21:27:31 120320 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-02-13 21:23:18 -------- d-----w- C:\Users\david\AppData\Local\MicrosoftEdge
2017-02-13 21:21:59 57856 ----a-w- C:\Windows\SysWow64\LicenseManagerApi.dll
2017-02-13 21:18:39 -------- d-----w- C:\Users\david\AppData\Local\CrashDumps
2017-02-13 21:16:10 -------- d-----w- C:\Users\david\AppData\Local\CEF
2017-02-13 21:16:09 -------- d-----w- C:\Users\david\AppData\Local\Chromium
2017-02-13 21:16:08 -------- d-----w- C:\Users\david\AppData\Local\NVIDIA Corporation
2017-02-13 21:06:31 -------- d-----w- C:\Users\david\AppData\Local\Razer_Inc
2017-02-13 21:06:10 -------- d-----w- C:\Users\david\AppData\Local\PackageStaging
2017-02-13 21:02:54 -------- d-----w- C:\Users\david\AppData\Local\NetworkTiles
2017-02-13 21:02:19 -------- d-----w- C:\Windows\System32\wbem\Performance
2017-02-13 21:02:06 -------- d-----r- C:\Users\david\OneDrive
2017-02-13 21:02:00 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-02-13 21:00:23 -------- d-----w- C:\Users\david\AppData\Local\Publishers
2017-02-13 21:00:21 -------- d-----w- C:\Users\david\AppData\Local\Comms
2017-02-13 21:00:16 -------- d-----w- C:\Users\david\AppData\Local\VirtualStore
2017-02-13 21:00:16 -------- d-----w- C:\Users\david\AppData\Local\TileDataLayer
2017-02-13 21:00:16 -------- d-----w- C:\Users\david\AppData\Local\Packages
2017-02-13 21:00:16 -------- d-----w- C:\Users\david\AppData\Local\ConnectedDevicesPlatform
2017-02-13 21:00:16 -------- d-----r- C:\Users\david\Searches
2017-02-13 21:00:16 -------- d-----r- C:\Users\david\Contacts
2017-02-13 20:58:25 2716672 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2017-02-13 20:58:19 -------- d-sh--we C:\ProgramData\Documents
2017-02-13 20:58:19 -------- d-sh--we C:\Documents and Settings
2017-02-13 20:58:19 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2017-02-13 20:58:19 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2017-02-13 20:57:53 -------- d-sh--w- C:\Recovery
2017-02-13 20:57:24 -------- d-----w- C:\Windows\System32\wbem\MOF
2017-02-13 20:57:18 -------- d-s---w- C:\Windows\System32\Microsoft
2017-02-13 20:57:18 -------- d-----w- C:\Windows\System32\SleepStudy
2017-02-13 20:57:18 -------- d-----w- C:\Windows\ServiceProfiles
.
==================== Find3M ====================
.
2017-03-02 20:33:46 625272 ----a-w- C:\Windows\System32\NetUtils2016.dll
2017-02-23 23:21:11 134880 ----a-w- C:\Windows\System32\drivers\klwtp.sys
2017-02-23 23:21:09 57424 ----a-w- C:\Windows\System32\drivers\klim6.sys
2017-02-17 23:02:57 187904 ----a-w- C:\Windows\rsrcs.dll
2017-02-17 23:02:55 326144 ----a-w- C:\ProgramData\smp2.exe
2017-02-17 23:02:37 909944 ----a-w- C:\Windows\System32\drivers\NetUtils2016.sys
2017-02-17 23:02:37 470592 ----a-w- C:\Windows\SysWow64\NetUtils2016.exe
2017-02-06 19:48:07 835576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-24 00:00:01 47664 ----a-w- C:\Windows\System32\nvhdap64.dll
2017-01-24 00:00:01 217528 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2017-01-24 00:00:01 1600056 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2017-01-20 18:36:54 1873976 ----a-w- C:\Windows\System32\nvspcap64.dll
2017-01-20 18:36:54 1756728 ----a-w- C:\Windows\System32\nvspbridge64.dll
2017-01-20 18:36:54 1466424 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2017-01-20 18:36:53 1318968 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2017-01-20 18:36:53 121912 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2017-01-20 15:13:06 6401984 ----a-w- C:\Windows\System32\nvcpl.dll
2017-01-20 15:13:06 2479160 ----a-w- C:\Windows\System32\nvsvc64.dll
2017-01-20 15:13:04 83512 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2017-01-20 15:13:04 69568 ----a-w- C:\Windows\System32\nvshext.dll
2017-01-20 15:13:04 548800 ----a-w- C:\Windows\System32\nv3dappshext.dll
2017-01-20 15:13:04 393784 ----a-w- C:\Windows\System32\nvmctray.dll
2017-01-20 15:13:04 1762752 ----a-w- C:\Windows\System32\nvsvcr.dll
2017-01-20 14:04:17 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-01-18 12:57:23 7755067 ----a-w- C:\Windows\System32\nvcoproc.bin
2017-01-17 06:21:14 42496 ----a-w- C:\Windows\SysWow64\RzAPIChromaSDK.dll
2017-01-17 06:21:10 98304 ----a-w- C:\Windows\SysWow64\RzChromaSDK.dll
2017-01-17 06:21:00 108544 ----a-w- C:\Windows\System32\RzChromaSDK64.dll
2017-01-09 03:46:26 15816 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2017-01-04 15:19:08 1600056 ----a-w- C:\Windows\System32\nvdispgenco6437653.dll
2017-01-04 15:19:02 1964600 ----a-w- C:\Windows\System32\nvdispco6437653.dll
2016-12-21 08:08:31 245600 ----a-w- C:\Windows\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\Windows\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\Windows\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\Windows\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\Windows\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\Windows\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\Windows\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\Windows\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\Windows\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\Windows\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\Windows\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\Windows\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\Windows\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\Windows\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\Windows\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\Windows\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\Windows\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\Windows\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\Windows\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\Windows\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\Windows\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\Windows\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\Windows\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\Windows\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\Windows\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\Windows\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\Windows\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\Windows\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\Windows\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\Windows\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\Windows\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\Windows\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\Windows\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\Windows\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\Windows\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\Windows\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\Windows\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\Windows\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\Windows\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\Windows\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\Windows\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\Windows\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\Windows\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\Windows\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\Windows\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\Windows\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\Windows\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\Windows\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\Windows\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\Windows\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\Windows\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\Windows\SysWow64\LaunchWinApp.exe
.
============= FINISH: 23:48:33.70 ===============

Attached Files

attach.txt (7.2 KB)

Hello

first sorry for my English it's not my mother language

so lately I've been noticing problems with my laptop, when ever i start a video or a picture it takes so much time to open(the program opens but waiting to load). i'm not an expert when it comes to tech so i tried my best and no luck until one day i opened Task manager and saw Windows Command Processor and console windows host hundreds of them are working here's a picture of it:
Imgur: The most awesome images on the Internet
Imgur: The most awesome images on the Internet

so i don't know what is going on, tried everything i can think of but no luck.

Thank you.

Hello -

I used this site once before. You guys helped me with the laptop I'm on right now. I had to boot up this old laptop because my new one is a mess.

I need help with an ASUS Laptop I got about a year ago. It is running a legal version of Windows 10. The thing keeps rebooting itself over and over and over again. It was a challenge to use the dds.scr on it, but I got it done.

Last summer, I used a file share program (or some such program) to get some software I needed to get my nephew's Pitendo to work. I think that program was the culprit. I can't remember the name of the program. I haven't used that laptop since last year. I've been so annoyed at it I just figured to heck with it. I don't need anything on it. There's nothing sensitive on there or anything (that I know of).

I've attached the attach.txt file and below is the other file as requested. I'd appreciate any help whatsoever. This isn't a rush job - I would just be thrilled to be able to use that ASUS laptop again.

Thanks in advance!

Here is my DDS.txt log:
---
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.66.2
Run by Steve at 12:14:28 on 2017-03-08
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.8094.6345 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
C:\Windows\SysWOW64\esif_uf.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\WINDOWS\TEMP\DPTF\esif_assist.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9fd95d72-5bda-4b78-aa9b-a85397a67d96} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9fd95d72-5bda-4b78-aa9b-a85397a67d96}\450502C496E6B60225560756164756270223E2437484A7 : DHCPNameServer = 192.168.0.254
TCP: Interfaces\{9fd95d72-5bda-4b78-aa9b-a85397a67d96}\D4F445F425F4C414D29363135344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{f6ecdad2-2554-48f3-a8e4-fc18291bc9b5} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\5hfztofl.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-3-25 673520]
R0 IntelHSWPcc;IntelHSWPcc;C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-3-25 79528]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-7-2 19768]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [2014-8-20 71168]
R2 ASUSGiftBoxDekstop;Asus GiftBox Desktop;C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe [2015-7-20 315704]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2015-5-28 1037568]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-5-28 1148744]
R2 iBtSiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2014-10-28 124520]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-8-14 370088]
R2 IntelUSBoverIP;IntelUSBoverIP;C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2014-10-15 394184]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-5-28 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-5-28 19819848]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 ATP;ASUS Input Device;C:\WINDOWS\System32\drivers\AsusTP.sys [2015-3-18 97680]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-5-28 38720]
R3 dptf_pch;dptf_pch;C:\WINDOWS\System32\drivers\dptf_pch.sys [2015-5-28 38208]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2015-5-28 216360]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-3-25 20280]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-7-14 263952]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-10-30 3485696]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-5-28 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-5-28 38216]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-7 895256]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-7-1 410880]
R3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 usb3Hub;UoIP Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2014-10-15 213296]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-2-25 156960]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-11 117248]
S3 dc1-controller;Xbox Peripherals Driver;C:\WINDOWS\System32\drivers\dc1-controller.sys [2015-10-30 57344]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-5-28 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-11-17 42288]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-7-16 472872]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-10-3 881152]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2015-5-28 331992]
S3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-5-28 873688]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-30 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-30 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2017-03-08 17:12:55 47152 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_dfc9e5045bc6b5fe6c42eb77b965ea767ade278_0da3b32c_cab_19505544\GenLUT.dll
.
==================== Find3M ====================
.
2017-03-08 17:13:58 202 ----a-w- C:\Users\Steve\AppData\Roaming\sp_data.sys
2017-03-08 17:13:54 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
.
============= FINISH: 12:14:40.07 ===============

Attached Files

attach.txt (3.3 KB)

This morning I got the Zeus/zbot virus. I was locked down on Firefox. Call the toll free number, allegedly from Microsoft, for tech support. Do not shut down, restart, etc., or bad things will happen. I could still get on Bing, so I looked for info and found out it's a scam, as I suspected. I ran a complete scan with AVG, and it found something, but it didn't mention Zeus. Don't recall what it said, so I let it be deleted. I did also run the MS malicious malware finder tool, but it didn't find anything. I then shut down the pc and restarted it. Things appear to be normal, but wondering if there is anything else that should be done.

Having a lot of problem with high cpu usage and hang ups with all browsers.
Ran Sfc everything ok
Ran Dirm Same
noticed ten or so host processes running

Any help would be appreciated

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Owner at 8:36:51 on 2017-03-09
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8107.4886 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ibtsiva.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SysWoW64\esif_uf.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\NIS.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\NIS.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\WINDOWS\system32\igfxEM.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\YI3KZ4Y2\SymDiag.exe
C:\Users\Owner\AppData\Local\Temp\STSFX4F32\SymDiagUi4.exe
C:\Users\Owner\AppData\Local\Temp\STSFX4F32\NativeApiClientx64.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uLocal Page = %11%\blank.htm
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955}\1347576666F6C646D616E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955}\1347576666F6C646D616E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2017-2-2 48992]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\1609000.047\symefasi64.sys [2017-3-3 1716896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-2-2 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-2-2 227328]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170306.003\BHDrvx64.sys [2017-3-6 1874136]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\1609000.047\ccsetx64.sys [2017-3-3 174240]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 GUBootStartup;GUBootStartup;C:\WINDOWS\System32\drivers\GUBootStartup.sys [2017-3-8 20160]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170308.003\IDSviA64.sys [2017-3-9 1038024]
R1 SMR510;Symantec SMR Utility Service 5.1.0;C:\WINDOWS\System32\drivers\SMR510.SYS [2017-3-9 120024]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\ironx64.sys [2017-3-3 291480]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\symnets.sys [2017-3-3 567512]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_5f7b0;CDPUserSvc_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2015-11-21 1392792]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-3-8 1659592]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-1-30 382456]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\nis.exe [2017-3-3 326160]
R2 OneSyncSvc_5f7b0;Sync Host_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-2-2 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-2-2 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-12-27 3732896]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-2-2 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2015-11-21 19440]
R3 dptf_acpi;dptf_acpi;C:\WINDOWS\System32\drivers\dptf_acpi.sys [2015-11-21 57304]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-11-21 52200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-3-1 156824]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2015-11-21 260072]
R3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
R3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-1-13 253696]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-12-13 7923464]
R3 PimIndexMaintenanceSvc_5f7b0;Contact Data_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-11-21 42600]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_5f7b0;User Data Storage_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_5f7b0;User Data Access_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 VirtualButtons;Intel(R) Virtual Buttons;C:\WINDOWS\System32\drivers\VirtualButtons.sys [2015-11-21 31280]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-2-2 719360]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\symelam.sys [2017-3-3 24616]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-2-2 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-7 31776]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-2-2 64352]
S3 MessagingService_5f7b0;MessagingService_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-12-27 268704]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PSKMAD;PSKMAD;C:\WINDOWS\System32\drivers\PSKMAD.sys [2017-2-8 50320]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2017-1-31 21984]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-2-2 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-2-2 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_5f7b0;Windows Push Notifications User Service_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-2-2 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-2-2 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-03-08 12:16:22 20160 ----a-w- C:\WINDOWS\System32\drivers\GUBootStartup.sys
2017-03-08 12:16:21 -------- d-----w- C:\Users\Owner\AppData\Roaming\DiskDefrag
2017-03-08 12:02:21 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2017-03-08 11:48:55 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2017-03-07 15:58:02 -------- d-----w- C:\Users\Owner\Doctor Web
2017-03-03 13:00:03 567512 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symnets.sys
2017-03-03 13:00:03 24616 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symelam.sys
2017-03-03 13:00:03 1716896 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symefasi64.sys
2017-03-03 13:00:02 760992 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\srtsp64.sys
2017-03-03 13:00:02 49312 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\srtspx64.sys
2017-03-03 13:00:02 291480 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\ironx64.sys
2017-03-03 13:00:02 174240 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\ccsetx64.sys
2017-03-03 12:59:37 -------- d-----w- C:\WINDOWS\System32\drivers\NISx64\1609000.047
2017-03-02 12:55:58 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2017-02-27 01:12:40 -------- d-----w- C:\Users\Owner\Roaming
2017-02-27 01:12:40 -------- d-----w- C:\ProgramData\Roaming
2017-02-27 01:11:37 -------- d-----w- C:\Program Files\Common Files\Intel
2017-02-26 16:05:19 -------- d-----w- C:\FRST
2017-02-25 12:08:19 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2017-02-24 14:32:06 -------- d-----w- C:\WINDOWS\System32\DAX2
2017-02-24 14:31:27 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2017-02-22 23:42:01 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2017-02-22 21:25:24 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2017-02-22 21:20:22 -------- d-----w- C:\AdwCleaner
2017-02-21 14:38:22 -------- d-----w- C:\Users\Owner\AppData\Local\NetworkTiles
2017-02-21 10:35:40 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2017-02-21 10:31:51 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2017-02-21 10:21:22 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps
2017-02-21 10:21:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\Intel
2017-02-21 10:19:18 35792 ----a-w- C:\WINDOWS\System32\RegBootDefrag.exe
2017-02-21 10:13:39 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2017-02-21 10:13:36 -------- d-----w- C:\Users\Owner\AppData\Local\MicrosoftEdge
2017-02-17 19:47:47 -------- d-----w- C:\Program Files (x86)\Panda Security
2017-02-17 15:45:07 -------- d-----w- C:\Program Files\Reason
2017-02-16 05:24:02 40213960 ----a-w- C:\WINDOWS\System32\igdumdim64.dll
2017-02-16 05:24:02 39246776 ----a-w- C:\WINDOWS\SysWow64\igdumdim32.dll
2017-02-16 05:21:52 93200 ----a-w- C:\WINDOWS\System32\igfxDHLib.dll
2017-02-15 00:42:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2017-02-13 23:37:52 -------- d--h--w- C:\ProgramData\Common Files
2017-02-13 23:37:51 -------- d-----w- C:\Users\Owner\AppData\Local\AvgSetupLog
2017-02-12 09:25:52 -------- d-----w- C:\ProgramData\RogueKiller
2017-02-08 14:07:04 -------- d-----w- C:\Users\Owner\AppData\Local\ESET
2017-02-08 13:48:13 -------- d-----w- C:\EEK
2017-02-08 12:48:36 50320 ----a-w- C:\WINDOWS\System32\drivers\PSKMAD.sys
2017-02-08 12:48:30 39672 ----a-w- C:\WINDOWS\System32\drivers\DasPtct.SYS
2017-02-08 12:29:33 -------- d-----w- C:\ProgramData\HitmanPro
2017-02-08 11:02:22 -------- d--h--w- C:\OneDriveTemp
.
==================== Find3M ====================
.
2017-03-09 09:16:43 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 13:00:05 102608 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
2017-02-16 14:01:45 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-02-16 05:21:52 765456 ----a-w- C:\WINDOWS\System32\igfxDH.dll
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-02-05 15:26:28 58696 ----a-w- C:\WINDOWS\SysWow64\AOLParconLink.exe
2017-02-02 20:10:57 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2017-02-02 19:50:01 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2017-02-02 19:50:01 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2017-02-02 17:24:30 0 ----a-w- C:\WINDOWS\System32\GfxValDisplayLog.bin
2017-01-31 02:18:54 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-31 02:18:54 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
2017-01-30 18:08:52 212488 ----a-w- C:\WINDOWS\System32\igfxCoIn_v4531.dll
2017-01-30 18:08:47 5799386 ----a-w- C:\WINDOWS\System32\igdclbif.bin
2017-01-30 18:08:43 511260 ----a-w- C:\WINDOWS\System32\cp_resources.bin
2017-01-30 18:06:29 3942864 ----a-w- C:\WINDOWS\System32\LogiLDA.DLL
2017-01-30 18:06:29 2468304 ----a-w- C:\WINDOWS\System32\LdaCx2.dll
2017-01-30 02:03:04 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-RBR5GP3_defaultuser0_HistoryPrediction.bin
2017-01-20 14:04:58 7923464 ----a-w- C:\WINDOWS\System32\drivers\Netwtw04.sys
2017-01-13 22:44:12 379136 ----a-w- C:\WINDOWS\System32\ibtproppage.dll
2017-01-13 22:44:12 253696 ----a-w- C:\WINDOWS\System32\drivers\ibtusb.sys
2017-01-13 22:44:12 184064 ----a-w- C:\WINDOWS\System32\ibtsiva.exe
2016-12-27 08:32:50 4270496 ----a-w- C:\WINDOWS\System32\wlihvui.dll
2016-12-27 08:32:48 2540448 ----a-w- C:\WINDOWS\System32\iwmssvc.dll
2016-12-21 07:08:04 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2016-12-21 04:44:06 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
.
============= FINISH: 8:40:37.81 ===============

Attached Files

	attach.txt (13.6 KB)
	dds.txt (30.3 KB)

I recently installed MalwareBytes and I have noticed svchost.exe trying to connect to an IP in Israel, also, PowerShell opens randomly and tries connecting to a website blocked by MBAM.

I had run a scan with MBAM and after I restarted my PC, I was locked out of my Microsoft Windows Account, I use a fingerprint scanner to sign in. I was being signed into a temporary account automatically. I have since gained access back to it, and reset all my passwords.

I have also not noticed svchost trying to connect to the IP anymore. I have reason to believe it was a RAT and I doubt its gone.

I do have a clone of my HDD before the troubles started. I can just format and restore to that if needed.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.101.2
Run by Jonathan at 15:00:23 on 2017-03-11
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.15848.9043 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\SysWoW64\acs.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\valWBFPolicyService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Users\Jonathan\AppData\Roaming\Telegram Desktop\Telegram.exe
C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\Windows\helppane.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
svchost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\compattelrunner.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
C:\WINDOWS\system32\CompatTelRunner.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.ru/cnt/10445?gp=811013
uLocal Page = %11%\blank.htm
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [eblueMouseRun] "C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe" -runauto
uRun: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Jonathan\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Akamai NetSession Interface] "C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Discord] C:\Users\Jonathan\AppData\Local\Discord\app-0.0.297\Discord.exe
uRunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64"
uRunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
mRun: [CAM] C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
mRun: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Curse.lnk - C:\Users\Jonathan\AppData\Roaming\Curse Client\Bin\Curse.exe
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Telegram.lnk - C:\Users\Jonathan\AppData\Roaming\Telegram Desktop\Telegram.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: SafeModeBlockNonAdmins = dword:1
TCP: NameServer = 8.8.8.8
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{052c4934-e175-4ad3-9634-d50d950bb4ff} : NameServer = 8.8.8.8
TCP: Interfaces\{37432e34-f874-4511-8c50-04bdd236f0fc} : NameServer = 8.8.8.8
TCP: Interfaces\{53e2166c-6132-11e6-8326-806e6f6e6963} : NameServer = 8.8.8.8
TCP: Interfaces\{5b9eaab2-1097-4157-af8d-2c3689beba36} : NameServer = 8.8.8.8
TCP: Interfaces\{5b9eaab2-1097-4157-af8d-2c3689beba36} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{817598d6-2c04-4dcf-b3bd-fbb7b560bcdf} : NameServer = 8.8.8.8
TCP: Interfaces\{83c129f5-7b23-4b81-ba03-6873c6378cbd} : NameServer = 8.8.8.8
TCP: Interfaces\{8836c2e3-ddf2-4463-aee5-a6f31578cafa} : NameServer = 8.8.8.8
TCP: Interfaces\{8836c2e3-ddf2-4463-aee5-a6f31578cafa} : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{90fb77e0-aa49-4094-b36a-0b5c982a11bd} : NameServer = 8.8.8.8
TCP: Interfaces\{abdbc9fd-f4b2-4c8a-ae41-e6e4113b1620} : NameServer = 8.8.8.8
TCP: Interfaces\{cfa09707-3a48-4daf-bbd7-c8d36c12786a} : NameServer = 8.8.8.8
TCP: Interfaces\{cfa09707-3a48-4daf-bbd7-c8d36c12786a} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c} : NameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c}\14273686D4F6F666573723 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{d2915c86-e6c0-4c00-b8a6-5b8ecbd6804c}\A48435D2A4943544D27455543545 : DHCPNameServer = 10.99.2.17 10.99.2.18
TCP: Interfaces\{e975ad97-01fa-4fa7-9b8e-e566cd002882} : NameServer = 8.8.8.8
TCP: Interfaces\{f88c8413-dd42-41ea-8e49-2f0e5437a577} : NameServer = 8.8.8.8
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [Cm108BSound] "C:\Program Files\HAVIT 7.1 GAMING HEADSET\CPL\FaceLift_x64.exe" /h /d
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: FilterAdministratorToken = dword:1
x64-mPolicies-System: SafeModeBlockNonAdmins = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-11 48992]
R0 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-3-8 186304]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-3-8 251840]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-24 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-29 227328]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-3-8 77408]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SeLow;SoftEther Lightweight Network Protocol;C:\WINDOWS\System32\drivers\SeLow_x64.sys [2016-9-24 51024]
R2 AdAppMgrSvc;Autodesk Desktop App Service;C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-11-13 1295376]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-31 257032]
R2 AODDriver4.3.0;AODDriver4.3.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2014-9-19 60104]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [2016-9-6 425496]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_962d5;CDPUserSvc_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-7 31776]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-3-8 4355024]
R2 OneSyncSvc_962d5;Sync Host_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2016-9-24 5232072]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-27 253960]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2013-10-30 35328]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-2-11 111120]
R3 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [2016-9-6 152672]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-3-8 111544]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-3-8 43968]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-3-8 92088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [2016-9-24 38216]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 PimIndexMaintenanceSvc_962d5;Contact Data_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-29 310528]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-8-13 52392]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_962d5;User Data Storage_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_962d5;User Data Access_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2016-4-14 31656]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2014-9-19 137584]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-1-16 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BstHdAndroidSvc;BlueStacks Android Service ;C:\Program Files (x86)\Bluestacks\HD-Service.exe [2016-9-6 445976]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ;C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [2016-9-6 462360]
S3 BstkDrv;BlueStacks Plus Hypervisor;C:\Program Files (x86)\Bluestacks\BstkDrv.sys [2016-9-6 307768]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-9-30 168448]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-30 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-29 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 CMUAC;USB Audio Class 1.0 and 2.0 Device Driver;C:\WINDOWS\System32\drivers\CMUAC.SYS [2016-11-21 613888]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2016-11-5 1369856]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2016-8-11 342456]
S3 GenericMount;Generic Mount Driver;C:\WINDOWS\System32\drivers\GenericMount.sys [2009-9-21 54320]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hpqcaslwmiex;HP CASL Framework Service;C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-6-3 1031704]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 kmloop;Microsoft KM-TEST Loopback Adapter Driver;C:\WINDOWS\System32\drivers\loop.sys [2016-7-16 16384]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_962d5;MessagingService_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2015-6-12 2554528]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\WINDOWS\System32\drivers\rtbth.sys [2015-6-3 1219200]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-8-13 52904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.sys [2016-8-30 14544]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_962d5;Windows Push Notifications User Service_962d5;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-10 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-8-31 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-03-10 15:40:17 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E98B6CE5-B692-46C0-A839-96A07A386EA6}\mpengine.dll
2017-03-10 14:37:13 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D53E70F-20C5-44E7-B2F6-230A2386CC4F}\gapaengine.dll
2017-03-10 13:36:39 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2017-03-10 06:05:40 -------- d-----w- C:\Program Files\Common Files\VST2
2017-03-10 06:05:38 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2017-03-10 06:05:38 -------- d-----w- C:\Program Files (x86)\VstPlugins
2017-03-10 06:05:38 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2017-03-10 06:00:22 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Image-Line
2017-03-10 06:00:17 -------- d-----w- C:\Program Files\Image-Line
2017-03-10 05:43:09 -------- d-----w- C:\Program Files (x86)\Image-Line
2017-03-09 23:11:53 12654400 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-03-09 03:01:40 186304 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-03-09 03:01:21 92088 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-03-09 03:01:21 111544 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-03-09 03:01:11 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-03-09 03:01:05 251840 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-03-09 03:00:51 77408 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-03-09 03:00:37 -------- d-----w- C:\ProgramData\Malwarebytes
2017-03-09 03:00:37 -------- d-----w- C:\Program Files\Malwarebytes
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{C22773BE-758C-C415-BDEC-45EB824447DD}
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{BE5B4011-09F0-F7BA-3DA1-332F53AB3C02}
2017-03-09 02:53:22 -------- d-----w- C:\ProgramData\{002B8BCE-B780-3C65-E855-C914BCD11649}
2017-03-09 02:53:18 -------- d-----w- C:\ProgramData\{A6F1748C-115A-C327-2C54-C417BCFEBF96}
2017-03-05 19:59:48 -------- d-----w- C:\Users\Jonathan\AppData\Local\HP_Development_Company,_L
2017-03-05 07:32:49 -------- d---a-w- C:\Python27
2017-03-05 06:58:00 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Hex-Rays
2017-03-05 06:57:34 -------- d---a-w- C:\Program Files (x86)\IDA Free
2017-03-05 06:48:21 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\RC7
2017-03-04 22:06:16 -------- d-----w- C:\Users\Jonathan\AppData\Local\Hewlett-Packard
2017-03-04 21:07:45 -------- d-----w- C:\System.sav
2017-03-04 21:06:26 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\hpqLog
2017-03-01 03:31:57 -------- d-----w- C:\ProgramData\417525ec
.
==================== Find3M ====================
.
2017-03-10 22:52:31 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-03-04 04:53:17 4317112 ----a-w- C:\WINDOWS\System32\drivers\athw10x.sys
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-02-05 23:04:25 0 ----a-w- C:\WINDOWS\SysWow64\OCLEE.tmp
2017-02-05 04:38:22 11376 ----a-w- C:\WINDOWS\SysWow64\drivers\SECDRV.SYS
2017-01-06 21:37:42 0 ----a-w- C:\WINDOWS\SysWow64\OCL21F5.tmp
2017-01-06 21:33:25 0 ----a-w- C:\WINDOWS\SysWow64\OCL3707.tmp
2017-01-06 21:32:23 0 ----a-w- C:\WINDOWS\SysWow64\OCL465E.tmp
2017-01-06 20:12:17 0 ----a-w- C:\WINDOWS\SysWow64\OCLEF77.tmp
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:04 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-12-21 04:44:06 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2016-12-21 04:43:09 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\WINDOWS\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\WINDOWS\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\WINDOWS\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\WINDOWS\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\WINDOWS\SysWow64\mspaint.exe
.
============= FINISH: 15:01:28.38 ===============

Attached Files

attach.txt (13.0 KB)

Hi guys, so basically I have a few usb's which are infected with the folder virus, as in the folder has become an .exe and I cannot view the files inside. Now I'm pretty sure it's in this laptop as well because I inserted the usb and used it.

Much thanks!

Here is the dds:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by fareed ali at 1:20:25 on 2017-03-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.160 [GMT 5:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\fareed ali\AppData\Local\winlogon.exe
C:\Users\fareed ali\AppData\Local\services.exe
C:\Users\fareed ali\AppData\Local\lsass.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uRun: [uTorrent] "c:\users\fareed ali\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Tok-Cirrhatus] "c:\users\fareed ali\appdata\local\smss.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
StartupFolder: c:\users\fareed ali\appdata\roaming\microsoft\windows\start menu\programs\startup\Empty.pif
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44CC3E3C-AD27-4472-845B-D554415B0842} : DHCPNameServer = 10.101.10.5 10.101.10.10
TCP: Interfaces\{86F3D0D8-94D0-40B4-A881-D438BD1EC3E3} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\56.0.2924.87\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-3-17 59968]
R2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [2017-3-17 161216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-3-17 95672]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-3-17 39360]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-3-17 219584]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-3-17 64288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 MBAMService;Malwarebytes Service;c:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-3-17 3303888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-9 1343400]
.
=============== Created Last 30 ================
.
2017-03-16 20:17:20 448202 ----a-w- c:\users\fareed ali\appdata\local\Bron.tok.A12.em.bin
2017-03-16 20:16:44 448212 ----a-w- c:\users\fareed ali\appdata\local\Update.12.Bron.Tok.bin
2017-03-16 20:10:47 -------- d-----w- C:\UsbFix
2017-03-16 19:32:04 161216 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-03-16 19:31:52 95672 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-03-16 19:31:51 64288 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-03-16 19:31:38 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-03-16 19:31:32 219584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-16 19:30:40 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-03-16 19:30:29 -------- d-----w- c:\programdata\Malwarebytes
2017-03-16 19:30:29 -------- d-----w- c:\program files\Malwarebytes
2017-03-16 19:29:43 -------- d-----w- c:\users\fareed ali\appdata\local\Programs
2017-03-16 19:11:06 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-17
2017-03-15 20:19:04 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-16
2017-03-15 10:40:05 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-15
2017-03-13 19:00:01 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-14
2017-03-12 19:14:07 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-13
2017-03-12 09:22:33 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-12
2017-03-11 10:55:51 -------- d-----w- c:\users\fareed ali\appdata\local\Microsoft Games
2017-03-10 19:25:03 -------- d-----w- c:\users\fareed ali\appdata\local\Loc.Mail.Bron.Tok
2017-03-10 19:24:23 -------- d-----w- c:\users\fareed ali\appdata\local\Ok-SendMail-Bron-tok
2017-03-10 19:19:01 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-11
2017-03-10 15:58:23 -------- d-----w- c:\users\fareed ali\appdata\roaming\uTorrent
2017-03-09 17:47:26 9992952 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{85b45b92-d33e-4dc5-b5f2-8c4555ba49fa}\mpengine.dll
2017-03-09 17:47:26 407720 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
.
============= FINISH: 1:21:17.86 ===============

Attached Files

attach.txt (1.7 KB)

I have been working with Corday - your office forum - dealing with red x in attachments that will not open but will open in my hot mail acct. One of my emails to him contained a 5 min video out of the blue. I have been receiving 35-40 junk mails in the last 8m and it is increasing. I have run a variety of virus/spam local/on-line software but nothing has been effective.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by admin at 11:56:16 on 2017-03-17
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.3984.2392 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\IProsetMonitor.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Bill\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Users\Bill\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\WinZip\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [OneDrive] "C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FAH.lnk - C:\Program Files\WinZip\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\UPDATE~1.LNK - C:\Program Files\WinZip\WZUpdateNotifier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{73ddf6c9-5d23-4850-8c87-f6d583c1f0b1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-RunOnce: [DCERegBootClean64] C:\WINDOWS\RegBootClean64.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hsw0zzkn.default-1398603889828\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2012-7-7 53488]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-24 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 173472]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 CDPUserSvc_1d344d3;CDPUserSvc_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 25800]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\WINDOWS\System32\IPROSetMonitor.exe [2011-12-22 165032]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 OneSyncSvc_1d344d3;Sync Host_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-22 1128952]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2016-8-11 3764472]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-22 2656280]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WinisoCDBus;WinISO Virtual CD Drive;C:\WINDOWS\System32\drivers\WinisoCDBus.sys [2016-5-2 204032]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2011-12-22 317440]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 PimIndexMaintenanceSvc_1d344d3;Contact Data_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_1d344d3;User Data Storage_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_1d344d3;User Data Access_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-5-2 62184]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 ampa;ampa;C:\WINDOWS\System32\ampa.sys [2017-2-16 19568]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-29 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-7-24 57024]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2017-1-16 1039376]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 gfiark;gfiark;C:\WINDOWS\System32\drivers\gfiark.sys [2014-7-24 41032]
S3 gfiutil;gfiutil;C:\WINDOWS\System32\drivers\gfiutil.sys [2014-7-24 31264]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IFCoEMP;IFCoEMP;C:\WINDOWS\System32\drivers\ifM52x64.sys [2011-12-22 339728]
S3 IFCoEVB;IFCoEVB;C:\WINDOWS\System32\drivers\ifP52x64.sys [2011-12-22 65808]
S3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2011-12-22 158976]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_1d344d3;MessagingService_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 pmxdrv;pmxdrv;C:\WINDOWS\System32\drivers\pmxdrv.sys [2011-12-22 31152]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2016-10-22 21984]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-9-29 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-14 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-14 719872]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_1d344d3;Windows Push Notifications User Service_1d344d3;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-14 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-24 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-11 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== Created Last 30 ================
.
2017-03-17 14:48:20 -------- d-----w- C:\Users\admin\AppData\Local\WinZip
2017-03-17 14:47:21 -------- d-----w- C:\ProgramData\UniqueId
2017-03-16 21:04:04 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2917799C-2B70-4B5C-B0BB-65266C62F8EE}\mpengine.dll
2017-03-16 14:02:52 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-03-15 15:10:38 321480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep51E0.tmp
2017-03-14 22:03:34 6667528 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-03-14 22:02:59 968704 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2017-03-14 22:01:59 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-03-14 22:00:59 947712 ----a-w- C:\WINDOWS\System32\SystemSettings.Handlers.dll
2017-03-11 14:25:03 399360 ----a-w- C:\WINDOWS\RegBootClean64.exe
2017-03-11 14:02:55 -------- d-----w- C:\WINDOWS\Trend Micro
2017-03-11 14:00:20 332512 ----a-w- C:\WINDOWS\System32\drivers\tmcomm.sys
2017-03-11 13:48:44 -------- d-----w- C:\Program Files\WinPcap
2017-03-11 13:48:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2017-03-11 13:48:06 -------- d-----w- C:\ProgramData\Trend Micro
2017-03-10 23:35:43 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29BBE9CC-DE0E-4809-B006-B30CC7314F94}\gapaengine.dll
2017-03-09 18:58:15 -------- d-----w- C:\Program Files\iPod
2017-03-09 18:58:14 -------- d---a-w- C:\Program Files\iTunes
2017-03-09 06:17:08 12935296 ----a-w- C:\WINDOWS\System32\igdumd64.dll
2017-03-09 06:17:08 11330576 ----a-w- C:\WINDOWS\SysWow64\igdumd32.dll
2017-03-09 06:17:06 975184 ----a-w- C:\WINDOWS\SysWow64\igfxcmrt32.dll
2017-03-09 06:17:06 558728 ----a-w- C:\WINDOWS\System32\iglhsip64.dll
2017-03-09 06:17:06 553424 ----a-w- C:\WINDOWS\SysWow64\iglhsip32.dll
2017-03-09 06:17:06 51184 ----a-w- C:\WINDOWS\System32\igfxexps.dll
2017-03-09 06:17:06 242800 ----a-w- C:\WINDOWS\System32\iglhcp64.dll
2017-03-09 06:17:06 206000 ----a-w- C:\WINDOWS\SysWow64\iglhcp32.dll
2017-03-09 06:17:06 1086408 ----a-w- C:\WINDOWS\System32\igfxcmrt64.dll
2017-03-05 17:16:22 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2017-03-05 17:16:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-03-05 17:13:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2017-02-16 22:20:12 1024 ---h--w- C:\AMTAG.BIN
2017-02-16 22:19:57 19568 ----a-w- C:\WINDOWS\SysWow64\ampa.sys
2017-02-16 22:19:57 19568 ----a-w- C:\WINDOWS\System32\ampa.sys
2017-02-16 22:19:56 1920624 ----a-w- C:\WINDOWS\ampa.exe
2017-02-16 22:19:53 -------- d---a-w- C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.0
.
==================== Find3M ====================
.
2017-03-10 05:17:56 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-03-10 05:17:56 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-09 06:17:08 13182528 ----a-w- C:\WINDOWS\System32\igd10umd64.dll
2017-03-09 06:17:08 11460448 ----a-w- C:\WINDOWS\SysWow64\igd10umd32.dll
2017-03-04 07:57:44 192352 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-03-04 07:57:43 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-04 07:57:40 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-04 07:44:57 1470816 ----a-w- C:\WINDOWS\SysWow64\AppVEntSubsystems32.dll
2017-03-04 07:40:53 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-03-04 07:35:25 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-04 07:35:25 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-04 07:35:22 86368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-03-04 07:35:22 655200 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-03-04 07:35:22 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-04 07:35:22 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-04 07:35:22 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-04 07:35:21 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-04 07:35:21 242528 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-03-04 07:35:15 590952 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2017-03-04 07:35:09 38240 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-03-04 07:35:09 315232 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-03-04 07:27:29 2170720 ----a-w- C:\WINDOWS\System32\AppVEntSubsystems64.dll
2017-03-04 07:27:09 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-04 07:26:53 794416 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-03-04 07:25:44 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-03-04 07:24:33 90976 ----a-w- C:\WINDOWS\System32\drivers\IPMIDrv.sys
2017-03-04 07:24:33 354264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2017-03-04 07:24:27 108384 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2017-03-04 07:24:23 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2017-03-04 07:24:20 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2017-03-04 07:24:05 2186896 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
2017-03-04 07:24:04 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2017-03-04 07:23:13 2512304 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
2017-03-04 07:22:41 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-04 07:22:22 1354312 ----a-w- C:\WINDOWS\System32\winload.efi
2017-03-04 07:22:22 1172984 ----a-w- C:\WINDOWS\System32\winload.exe
2017-03-04 07:22:21 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-04 07:21:04 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-03-04 07:20:52 379744 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2017-03-04 07:20:50 128352 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2017-03-04 07:19:11 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-04 07:19:02 2049480 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-03-04 07:18:48 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-04 07:18:47 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-04 07:18:27 118624 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-03-04 07:17:22 409952 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2017-03-04 07:15:25 63328 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
2017-03-04 07:15:14 404320 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-03-04 07:15:08 1000280 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2017-03-04 07:13:27 635456 ----a-w- C:\WINDOWS\System32\ci.dll
2017-03-04 07:11:48 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-04 07:11:41 266544 ----a-w- C:\WINDOWS\System32\policymanager.dll
2017-03-04 07:10:08 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-04 07:10:08 2828384 ----a-w- C:\WINDOWS\System32\d3d11.dll
2017-03-04 07:10:01 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-03-04 07:08:59 130912 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2017-03-04 07:08:20 342456 ----a-w- C:\WINDOWS\System32\wintrust.dll
2017-03-04 07:08:18 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-04 07:08:17 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-03-04 07:08:07 450400 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2017-03-04 07:08:02 223584 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-03-04 07:06:36 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-04 07:04:33 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-04 07:04:24 1362512 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-03-04 07:04:19 8169536 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-04 07:04:03 1063472 ----a-w- C:\WINDOWS\System32\mfds.dll
2017-03-04 07:01:57 137936 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2017-03-04 07:01:53 128648 ----a-w- C:\WINDOWS\System32\gpapi.dll
2017-03-04 07:01:52 201568 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-03-04 06:59:01 1570208 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-04 06:58:58 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-04 06:58:58 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-03-04 06:58:49 1416224 ----a-w- C:\WINDOWS\System32\msctf.dll
2017-03-04 06:57:36 2536288 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-04 06:57:26 372432 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-04 06:57:17 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-04 06:56:04 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-04 06:56:03 248992 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2017-03-04 06:54:12 2277288 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
2017-03-04 06:54:03 524776 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2017-03-04 06:53:38 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-04 06:53:33 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-04 06:53:19 781152 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-03-04 06:53:19 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-04 06:53:11 493912 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-03-04 06:53:08 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-04 06:53:07 313568 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
2017-03-04 06:53:03 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-04 06:52:59 549088 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2017-03-04 06:52:02 272720 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2017-03-04 06:51:38 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-04 06:51:37 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-04 06:50:44 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-04 06:46:40 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-03-04 06:46:40 321792 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2017-03-04 06:45:15 173408 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-03-04 06:45:07 112120 ----a-w- C:\WINDOWS\SysWow64\gpapi.dll
2017-03-04 06:42:57 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-04 06:42:41 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-03-04 06:42:39 1415240 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
.
============= FINISH: 11:56:34.47 ===============

For the past few days now, I've had this problem. On my Chrome, I keep getting this safe surf thing, which I know I didn't download, and sometimes annoying ads pop up or show up in the search engine with everything I search on Google!
I've looked in my programs in the Control Panel, I don't have anything suspicious installed, I've tried uninstalling then reinstalling Chrome, it's still there. I've tried adwcleaner, it says it removes it but then it's still there! I've tried a virus scan, nothing. I can't seem to get rid of this!
Please help me, is there anything I can do to get rid of it!?