≫ Next: Laptop extremely slow, disk usage 100%, hangs randomly

≪ Previous: Really invisible malware that survives Win10 clean install?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by Alain at 8:17:11 on 2017-04-05
Microsoft Windows 10 Home 10.0.14393.0.1252.2.1033.18.6027.3856 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.408.0 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 9.0.408.0 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Alain\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\WINDOWS\splwow64.exe
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.com/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://toshiba13.msn.com
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Alain\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [TPUReg] "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [qlu] C:\Program Files (x86)\QLU\qlu.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
StartupFolder: C:\Users\Alain\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
TCP: NameServer = 192.168.1.254 75.153.171.114
TCP: Interfaces\{d4cb7153-97c6-4f4c-b510-571ffffb50a0} : DHCPNameServer = 64.59.135.133 64.59.128.120
TCP: Interfaces\{f32ee33e-832e-4880-9f6d-9e39ff0eb870} : DHCPNameServer = 192.168.1.254 75.153.171.114
TCP: Interfaces\{f32ee33e-832e-4880-9f6d-9e39ff0eb870}\2656C6B696E6E2734383 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - <orphaned>
x64-Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - <orphaned>
x64-Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\q1ql6pp4.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\WINDOWS\System32\drivers\edevmon.sys [2015-7-13 199304]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-11-22 645952]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\WINDOWS\System32\drivers\tos_sps64.sys [2012-11-22 499096]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-18 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2015-1-30 262792]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-3-17 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_2a6e9e7;CDPUserSvc_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-20 3042032]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-3-10 46408]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-11-27 2770312]
R2 epfwwfpr;epfwwfpr;C:\WINDOWS\System32\drivers\epfwwfpr.sys [2015-1-30 181384]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [2011-10-13 156672]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-11-22 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-22 166720]
R2 OneSyncSvc_2a6e9e7;Sync Host_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [2009-9-11 14344]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-9-2 790368]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-9-12 246472]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-8-9 328544]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-22 365376]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-7-29 38896]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_2a6e9e7;Contact Data_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 rtwlane_13;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane_13.sys [2016-7-16 3717120]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-9-12 42696]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2013-9-4 466504]
R3 UnistoreSvc_2a6e9e7;User Data Storage_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_2a6e9e7;User Data Access_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S0 eelam;eelam;C:\WINDOWS\System32\drivers\eelam.sys [2015-7-30 15488]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-3-7 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-3-7 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_2a6e9e7;MessagingService_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2012-11-22 252048]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-4-30 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_2a6e9e7;Windows Push Notifications User Service_2a6e9e7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-18 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-04-05 13:42:49 -------- d--h--w- C:\OneDriveTemp
2017-04-03 04:46:53 -------- d-----w- C:\WINDOWS\Panther
2017-04-02 17:43:07 -------- d-----w- C:\Program Files (x86)\Kodi
2017-04-02 05:58:22 -------- d-----w- C:\Users\Alain\AppData\Roaming\Kodi
2017-03-25 12:02:49 -------- d-----w- C:\Program Files\iPod
2017-03-25 12:02:48 -------- d---a-w- C:\Program Files\iTunes
2017-03-15 17:20:08 6667528 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-03-15 17:20:07 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-15 17:20:06 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-03-15 17:20:05 6109184 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2017-03-15 17:20:05 13873664 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-03-15 17:20:04 3307008 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2017-03-15 17:20:03 5380608 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2017-03-15 17:20:02 2643456 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-03-15 17:20:02 2483200 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2017-03-15 17:20:00 2646528 ----a-w- C:\WINDOWS\SysWow64\CertEnroll.dll
2017-03-15 17:18:59 783360 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2017-03-15 17:17:59 8076288 ----a-w- C:\WINDOWS\System32\mstscax.dll
2017-03-15 17:16:59 825024 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2017-03-15 17:15:59 95232 ----a-w- C:\WINDOWS\System32\tzautoupdate.dll
2017-03-15 17:14:49 8886976 ----a-w- C:\WINDOWS\SysWow64\OneDriveSetup.exe
2017-03-10 23:17:46 46408 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-03-10 23:17:46 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2017-03-10 23:17:46 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2017-03-10 23:17:46 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2017-03-07 15:24:00 -------- d-----w- C:\Program Files (x86)\Dropbox
2017-03-07 15:23:55 -------- d-----w- C:\Users\Alain\AppData\Local\Dropbox
2017-03-07 15:23:55 -------- d-----w- C:\ProgramData\Dropbox
.
==================== Find3M ====================
.
2017-03-10 05:17:56 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-03-10 05:17:56 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-04 07:57:44 192352 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-03-04 07:57:43 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-04 07:57:40 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-04 07:40:53 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-03-04 07:35:25 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-04 07:35:25 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-04 07:35:22 86368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-03-04 07:35:22 655200 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-03-04 07:35:22 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-04 07:35:22 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-04 07:35:22 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-04 07:35:21 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-04 07:35:21 242528 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-03-04 07:35:15 590952 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2017-03-04 07:35:09 38240 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-03-04 07:35:09 315232 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-03-04 07:27:09 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-04 07:26:53 794416 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-03-04 07:25:44 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-03-04 07:24:33 90976 ----a-w- C:\WINDOWS\System32\drivers\IPMIDrv.sys
2017-03-04 07:24:33 354264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2017-03-04 07:24:27 108384 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2017-03-04 07:24:23 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2017-03-04 07:24:20 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2017-03-04 07:24:05 2186896 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
2017-03-04 07:24:04 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2017-03-04 07:23:13 2512304 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
2017-03-04 07:22:41 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-04 07:22:22 1354312 ----a-w- C:\WINDOWS\System32\winload.efi
2017-03-04 07:22:22 1172984 ----a-w- C:\WINDOWS\System32\winload.exe
2017-03-04 07:22:21 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-04 07:21:04 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-03-04 07:20:52 379744 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2017-03-04 07:20:50 128352 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2017-03-04 07:19:11 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-04 07:19:02 2049480 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-03-04 07:18:48 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-04 07:18:47 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-04 07:18:27 118624 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-03-04 07:17:22 409952 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2017-03-04 07:15:25 63328 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
2017-03-04 07:15:14 404320 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-03-04 07:15:08 1000280 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2017-03-04 07:13:27 635456 ----a-w- C:\WINDOWS\System32\ci.dll
2017-03-04 07:11:48 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-04 07:11:41 266544 ----a-w- C:\WINDOWS\System32\policymanager.dll
2017-03-04 07:10:08 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-04 07:10:08 2828384 ----a-w- C:\WINDOWS\System32\d3d11.dll
2017-03-04 07:10:01 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-03-04 07:08:59 130912 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2017-03-04 07:08:20 342456 ----a-w- C:\WINDOWS\System32\wintrust.dll
2017-03-04 07:08:18 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-04 07:08:17 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-03-04 07:08:07 450400 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2017-03-04 07:08:02 223584 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-03-04 07:06:36 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-04 07:04:33 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-04 07:04:24 1362512 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-03-04 07:04:19 8169536 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-04 07:04:03 1063472 ----a-w- C:\WINDOWS\System32\mfds.dll
2017-03-04 07:01:57 137936 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2017-03-04 07:01:53 128648 ----a-w- C:\WINDOWS\System32\gpapi.dll
2017-03-04 07:01:52 201568 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-03-04 06:59:01 1570208 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-04 06:58:58 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-04 06:58:58 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-03-04 06:58:49 1416224 ----a-w- C:\WINDOWS\System32\msctf.dll
2017-03-04 06:57:36 2536288 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-04 06:57:26 372432 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-04 06:57:17 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-04 06:56:04 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-04 06:56:03 248992 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2017-03-04 06:54:12 2277288 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
2017-03-04 06:54:03 524776 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2017-03-04 06:53:38 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-04 06:53:33 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-04 06:53:19 781152 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-03-04 06:53:11 493912 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-03-04 06:53:08 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-04 06:53:07 313568 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
2017-03-04 06:53:03 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-04 06:52:59 549088 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2017-03-04 06:52:02 272720 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2017-03-04 06:51:38 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-04 06:51:37 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-04 06:50:44 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-04 06:46:40 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-03-04 06:46:40 321792 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2017-03-04 06:45:15 173408 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-03-04 06:45:07 112120 ----a-w- C:\WINDOWS\SysWow64\gpapi.dll
2017-03-04 06:42:57 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-04 06:42:41 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-03-04 06:42:39 1415240 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-03-04 06:42:35 321888 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2017-03-04 06:42:30 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-03-04 06:42:29 1260784 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2017-03-04 06:40:36 306800 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
2017-03-04 06:39:58 372736 ----a-w- C:\WINDOWS\System32\RDXTaskFactory.dll
.
============= FINISH: 8:18:36.97 ===============

I do not have access to a boot disc or OS disc. I upgraded my Win 8 to Win 10.
My pc is slower than usual and when I delete my internet history it does not eliminate the history at all. I use eset nod 32 and it has worked very well over the last 2-4 years. Looking forward to your help.

Attached Files

attach.txt (10.2 KB)

April 21, 2017, 7:34 pm

≫ Next: I have a virus on my computer because I can't go on firefox

≪ Previous: Check my system please

Hello,
I have an HP laptop running Windows 7 64-bit.

I believe I have some sort of malware or virus, though I am not sure. I can open some programs, like MS Outlook but for most all other programs, I get an error message like this:

"The procedure entry point_onexit could not be located in the dynamic link library msvcrt.dll"

I tried to follow the steps outlined in the sticky of this forum which says to download and run the DDS file, but I can't open my browser and get online because I get the error message. And when I tried to burn it onto a CD (using my other computer), and tried to run the program from the CD (on my infected laptop), I get this message:

"The procedure entry point wcschr could not be located in the dynamic link library msvcrt.dll:

Any help is greatly appreciated. I'm really not sure what to do at this point. Thank you in advance :)

↧

I have a virus on my computer because I can't go on firefox

April 21, 2017, 7:45 pm

≫ Next: sh4ldr folder??

≪ Previous: Error about procedure entry point & dll file

Hello, I have a virus on my emachine windows 7 desktop computer. I get this message saying Threat blocked! We've stopped this threat from spreading.
Win32:Mywebsearch-R[PUP]
in...6)\MyWebSearch\bar\1.bin\mwsoestb.dll
C:\Windows\SysWOW64\WerFault.exe
More threats may be lurking!
Scan Started

The AVG recommend me to scan my whole computer, but I can't because the scan doesn't go all the way through it's stops at 5%

Also, they said that the virus has been removed but it hasn't.
My computer has been running slower because of this virus, and I can't bring up firefox. It takes a long time for it to load, saying not responding.
So how can I get rid of this virus? thank you!

↧

sh4ldr folder??

April 23, 2017, 1:18 pm

≫ Next: PUP Optional NewTabTV

≪ Previous: I have a virus on my computer because I can't go on firefox

so i noticed this folder pop up in my C: drive. looking inside it has a few files, initrd.gz, shldr, shldr.mbr, and vmlinuz. ive learned that this is a folder for spy hunter.. but.. ive heard spy hunter is malicious (thanks to my boyfriend for telling me to download it.. i just use it to scan since it hasnt picked up anything.) so im not sure if this folder is safe. in fact i don't even know if spy hunter is safe.
i'm mainly worried because i was.. Borrowing.. some software illegally. i have removed all the software that i downloaded.
sometimes i hear my computer turn on by itself in the middle of the night. it's a laptop, when im asleep i keep it closed, but i can hear it make a ding noise sometimes and the screen light up while its closed. maybe im just paranoid but i dont think thats normal.

May 3, 2017, 2:57 pm

≫ Next: Do I have a (rootkit) virus?

≪ Previous: Checkup needed 5.2.17

For some weeks now, IE randomly goes black and a message appears saying that it has stopped working and it checks to see if it can solve the problem. Lately, a strange message has appeared about an adobe problem with an email address which looks odd. I'm wondering if I have an infection.
Can someone help me check this out please?

↧

Do I have a (rootkit) virus?

May 6, 2017, 4:46 pm

≫ Next: Crazy Popups Nonstop!

≪ Previous: IE randomly closes and reopens..

Hello there!

First of all, thanks ahead for time spent helping me with my problem, it is truly appreciated!

So, onto my problem..

Since a short period of barely 2 weeks my RAM usage has been sky-high. I have a total of 16GB memory, which has never let me down in the over 3 years that I've used it. During usage of my computer, my memory has normally (in idle situations) never really exceeded 20%, except recently it idles between 40-70%. Sometimes it even spikes up to 80-90% and occasionally it sits at 98-100%; which basically makes my computer un-usable (as you can see on this image; nothing using much memory, yet sitting at 98%). Whenever I reboot my computer, the problem 'resets' itself and after boot it sits on 40-70% again (rarely it sits on 98-100% again after rebooting!).

To add to this; I've also had a few blue screen crashes (which I normally never get). I have pictures of my phone of the stop codes and 'what failed' (I can supply the information if needed). The last time it crashed (6 days ago), it could not boot and wanted to do an automatic repair, after which booting succeeded. After this I used the program "WhoCrashed" to find out what the problem was, I have the logs from that saved on my desktop and can attach them if needed.

At first I thought it was a memory leak caused by a driver, but after reviewing/updating my drivers, the problem didn't go away and it didn't make sense (to me) that the problem re-occured after a reboot. I highly doubt my RAM sticks are broken, which caused me to search on the internet. After some research I found more and more 'results' regarding rootkit virusses and where they would be located/their actions. Seeing results about these virusses hiding in memory, made me 'paranoid' about the situation.

I've tried some programs on detecting a potential virus (TDSSKiller, GMER), including some 'manual' solutions such as checking bootlogs for weird stuff, but I found that I simply don't know enough about Windows 10 or this subject to find the potential issue. There were some odd results, however I decided not to post/attach the logs, as the 'instructions' topic requests "only attach the logs we've requested".

In addition; when installing my Windows 10 on my new SSD, I burned a disc with a Windows 10 ISO file. I guess this means that I do have access to a Windows boot disc (if it's the same thing?); however I really see using this as a last resort.

TL;DR: strange high memory usage on my computer, not sure if it's a virus or something else.

Thanks ahead,

Rob

--> Below dds.scr (and in attachement) after some stupid issues with Windows only recognizing it as a CAD script... :nonono:

======================
======================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.0 BrowserJavaVersion: 11.131.2
Run by Rob at 0:56:14 on 2017-05-07
Microsoft Windows 10 Home 10.0.15063.0.1252.31.1033.18.16325.11984 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan *Enabled/Updated* {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall *Enabled* {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Killer Networking\Network Manager\KillerService.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\program files\common files\mcafee\modulecore\modulecoreservice.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
C:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
C:\Windows\SysWoW64\vmnetdhcp.exe
C:\Windows\SysWoW64\vmnat.exe
C:\Windows\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\WINDOWS\system32\dashost.exe
C:\Windows\system32\mfevtps.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
C:\Windows\SearchIndexer.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\SysWoW64\muachost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\windows\system32\svchost.exe -k localservicepeernet -s p2pimsvc
c:\windows\system32\svchost.exe -k localservicepeernet -s PNRPsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\program files\common files\mcafee\modulecore\ModuleCoreService.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -s BITS
svchost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs -s Browser
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uProxyOverride = <local>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Akamai NetSession Interface] "C:\Users\Rob\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [RoccatKonePure] "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: Interfaces\{bf76f55c-b430-426e-8fc6-94fdb9e6c5a4} : DHCPNameServer = 172.18.12.1
TCP: Interfaces\{cf52085e-f5ae-4d14-93b5-e8e701f1fa70} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2016-8-2 923640]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2016-9-9 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 BfLwf;Killer Bandwidth Control;C:\WINDOWS\System32\drivers\bwcW10x64.sys [2016-1-22 144456]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2227312]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_393a4;CDPUserSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ClickToRunSvc;Klik-en-klaar-service van Microsoft Office;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-1-9 3801280]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 GamingApp_Service;GamingApp_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [2017-1-2 45008]
R2 GamingHotkey_Service;GamingHotkey_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2017-1-2 2019792]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2017-1-2 169432]
R2 Killer Service V2;Killer Service V2;C:\Program Files\Killer Networking\Network Manager\KillerService.exe [2016-1-28 454872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2017-5-1 188256]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [2017-2-5 994312]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe [2017-2-28 2054080]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2017-1-2 641520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2017-1-2 385112]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [2017-2-5 1551000]
R2 MSI_ActiveX_Service;MSI_ActiveX_Service;C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [2017-1-2 78776]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2017-1-2 105296]
R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2017-1-2 29728]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 492480]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-14 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-2 425408]
R2 OneSyncSvc_393a4;OneSyncSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 Origin Web Helper Service;Origin Web Helper Service;C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-1-2 3116440]
R2 PDFsam Manager;PDFsam Manager;C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [2015-11-13 1050224]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2017-1-2 1104304]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-3-18 335808]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2016-12-16 38272]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2017-1-2 339968]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2016-9-6 916040]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-3-18 141720]
R2 Windows Indexer;Windows Indexer;C:\Windows\SearchIndexer.exe [2017-3-27 64512]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_393a4;WpnUserService_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2016-9-9 88464]
R3 ClientAnalyticsService;ClientAnalyticsService;C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [2017-1-2 1752992]
R3 I2cHkBurn;I2cHkBurn;C:\WINDOWS\System32\drivers\I2cHkBurn.sys [2017-1-2 41760]
R3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e2xw10x64.sys [2017-3-18 145920]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2017-1-2 41088]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2016-8-2 487184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2016-8-2 366328]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2017-1-2 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2016-9-9 518704]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2017-1-19 498648]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110256]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2017-5-1 46240]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2017-1-2 343792]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2017-1-2 13368]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-14 47552]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2017-1-14 59448]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 tap-tb-0901;TunnelBear Adapter V9;C:\WINDOWS\System32\drivers\tap-tb-0901.sys [2016-10-17 38656]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2016-9-9 85048]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-2-22 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-3-18 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\WINDOWS\System32\drivers\CMUSBDAC.sys [2016-11-30 3792904]
S3 DevicesFlowUserSvc_393a4;DevicesFlowUserSvc_393a4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-1-9 1591264]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2017-1-2 207968]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2017-1-2 171632]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_393a4;MessagingService_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2017-1-19 109320]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-3-18 119296]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2017-1-2 13368]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 492480]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-5-1 30144]
S3 NVVADARM;NVIDIA Miracast Audio;C:\WINDOWS\System32\drivers\nvvadarm.sys [2017-1-2 39056]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2017-1-2 2147216]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 PimIndexMaintenanceSvc_393a4;PimIndexMaintenanceSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-3-18 104448]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-3-18 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UnistoreSvc_393a4;UnistoreSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UserDataSvc_393a4;UserDataSvc_393a4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-18 759808]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-18 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-05-06 21:17:50 -------- d-----w- C:\WINDOWS\pss
2017-05-06 21:02:39 134592 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2017-05-06 21:02:35 536864 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2017-05-06 21:02:35 525600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2017-05-06 21:02:35 254240 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2017-05-06 21:02:35 233760 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2017-05-06 21:02:35 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-05-06 21:02:17 -------- d-----w- C:\temp
2017-05-03 19:48:36 -------- d-----w- C:\Users\Rob\Valley
2017-05-03 19:47:51 -------- d-----w- C:\Program Files (x86)\Unigine
2017-05-01 12:19:35 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2017-05-01 12:18:30 1988216 ----a-w- C:\WINDOWS\System32\nvdispco6438189.dll
2017-05-01 12:18:30 1589880 ----a-w- C:\WINDOWS\System32\nvdispgenco6438189.dll
2017-05-01 12:10:57 -------- d---a-w- C:\Program Files\WhoCrashed
2017-04-29 20:24:39 -------- d-----w- C:\Users\Rob\AppData\Roaming\Jubler
2017-04-29 20:24:22 -------- d-----w- C:\Program Files\Jubler
2017-04-24 17:01:57 512960 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2017-04-24 17:01:57 420408 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2017-04-24 16:57:54 -------- d-----w- C:\Users\Rob\AppData\Roaming\MAXON
2017-04-23 21:53:33 1988032 ----a-w- C:\WINDOWS\System32\nvdispco6438165.dll
2017-04-23 21:53:33 1591352 ----a-w- C:\WINDOWS\System32\nvdispgenco6438165.dll
2017-04-23 21:41:43 153536 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2017-04-23 21:41:43 127424 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2017-04-23 12:48:19 110144 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
2017-04-19 00:15:42 447776 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-04-19 00:12:32 28408 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-04-19 00:04:32 207056 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-04-18 15:13:13 -------- d-----w- C:\Users\Rob\AppData\Roaming\TunnelBear
2017-04-18 15:13:13 -------- d-----w- C:\Users\Rob\AppData\Local\IsolatedStorage
2017-04-18 15:13:09 -------- d---a-w- C:\Program Files (x86)\TunnelBear
2017-04-15 21:28:52 9481728 ----a-w- C:\WINDOWS\System32\prm0013.dll
2017-04-15 21:28:50 543648 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-15 21:28:50 388000 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-04-15 21:28:32 -------- d-----w- C:\WINDOWS\System32\Microsoft
2017-04-15 21:28:32 -------- d-----w- C:\WINDOWS\ServiceProfiles
2017-04-15 11:42:58 -------- d-----w- C:\Users\Rob\AppData\Local\DBG
2017-04-15 11:42:54 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-04-15 11:42:12 -------- d-----w- C:\ProgramData\USOShared
2017-04-15 11:41:30 -------- d-----r- C:\Users\Rob\Music
2017-04-15 11:41:29 -------- d-----r- C:\Users\Rob\Videos
2017-04-15 11:41:29 -------- d-----r- C:\Users\Rob\Pictures
2017-04-15 11:41:21 -------- d-sh--we C:\ProgramData\Documents
2017-04-15 11:41:21 -------- d-sh--w- C:\Recovery
2017-04-15 11:36:40 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2017-04-15 11:36:40 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2017-04-15 11:33:09 2233344 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-15 11:30:59 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2017-04-13 15:55:12 -------- dc----w- C:\WINDOWS\Panther
2017-04-12 15:41:01 -------- d-----w- C:\Users\Rob\AppData\Local\UNP
2017-04-12 15:05:28 -------- d---a-w- C:\Program Files\UNP
2017-04-12 15:05:28 -------- d-----w- C:\WINDOWS\System32\UNP
2017-04-11 19:42:33 31232 ------w- C:\WINDOWS\System32\DdcWnsListener.dll
2017-04-11 19:42:33 261632 ------w- C:\WINDOWS\System32\indexeddbserver.dll
2017-04-10 16:09:41 -------- d-----w- C:\Users\Rob\AppData\Local\Jagex
2017-04-10 16:09:35 -------- d-----w- C:\ProgramData\Jagex
2017-04-10 16:08:37 -------- d-----w- C:\Program Files\Jagex
.
==================== Find3M ====================
.
2017-05-01 20:52:54 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 20:51:10 6437312 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2017-05-01 20:51:10 2479552 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2017-05-01 20:51:08 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2017-05-01 20:51:08 69752 ----a-w- C:\WINDOWS\System32\nvshext.dll
2017-05-01 20:51:08 548800 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2017-05-01 20:51:08 392312 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2017-05-01 20:51:08 1762752 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2017-04-26 05:40:34 1882048 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2017-04-26 05:40:34 1472960 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2017-04-26 05:40:33 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2017-04-26 05:40:33 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2017-04-26 05:40:33 121280 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2017-04-26 05:03:24 1951 ----a-w- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-04-25 21:11:41 7944687 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2017-04-25 15:02:11 348360 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.xtr
2017-04-25 15:02:11 348360 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2017-04-25 15:01:51 280904 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.ex0
2017-04-24 17:24:09 466456 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2017-04-24 17:24:09 444952 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2017-04-24 17:24:09 122904 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2017-04-24 17:24:09 109080 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2017-04-23 12:48:00 110144 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2017-04-23 12:47:43 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2017-04-20 01:59:14 59448 ----a-w- C:\WINDOWS\System32\drivers\nvvhci.sys
2017-04-15 21:28:04 8704 ----a-w- C:\WINDOWS\SysWow64\dpnhupnp.dll
2017-04-03 16:56:16 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-03 16:56:16 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-02 06:15:32 87904 ----a-w- C:\WINDOWS\System32\UNPUXWorker.exe
2017-03-28 03:32:48 47552 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2017-03-27 17:00:56 64512 ----a-w- C:\WINDOWS\SearchIndexer.exe
2017-03-26 18:35:58 76152 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2017-03-18 21:01:14 207872 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-03-18 21:01:13 230400 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-03-18 20:59:55 705024 ----a-w- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
2017-03-18 20:58:59 9728 ----a-w- C:\WINDOWS\SysWow64\nddeapi.dll
2017-03-18 20:57:58 97280 ----a-w- C:\WINDOWS\System32\WaaSAssessment.dll
2017-03-18 20:56:58 928712 ----a-w- C:\WINDOWS\SysWow64\mfreadwrite.dll
2017-03-18 11:40:24 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-03-18 11:40:23 140288 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-03-18 11:40:22 247200 ----a-w- C:\WINDOWS\System32\wdscore.dll
2017-03-18 11:40:21 846744 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2017-03-18 11:40:21 762784 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-03-18 11:40:21 206848 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2017-03-18 11:40:21 143776 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-03-18 11:40:21 133024 ----a-w- C:\WINDOWS\System32\SSShim.dll
2017-03-18 11:40:21 111616 ----a-w- C:\WINDOWS\System32\NetDriverInstall.dll
2017-03-18 05:54:00 2021680 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-03-18 05:46:20 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2017-03-18 05:45:24 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2017-03-18 05:44:56 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2017-03-18 05:40:28 276400 ----a-w- C:\WINDOWS\System32\wmpeffects.dll
2017-03-18 05:40:26 387416 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-18 05:11:52 1339352 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-03-18 05:09:30 8192 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2017-03-18 05:00:38 7168 ----a-w- C:\WINDOWS\System32\msdxm.ocx
2017-03-18 05:00:38 7168 ----a-w- C:\WINDOWS\System32\dxmasf.dll
2017-03-18 04:59:56 11264 ----a-w- C:\WINDOWS\System32\spwmp.dll
2017-03-18 04:59:52 2560 ----a-w- C:\WINDOWS\System32\wmerror.dll
2017-03-18 04:58:00 214528 ----a-w- C:\WINDOWS\System32\wmpdxm.dll
2017-03-18 04:57:26 249016 ----a-w- C:\WINDOWS\SysWow64\wmpeffects.dll
2017-03-18 04:57:26 153976 ----a-w- C:\WINDOWS\SysWow64\wmpps.dll
2017-03-18 04:56:26 9261568 ----a-w- C:\WINDOWS\System32\wmploc.DLL
2017-03-18 04:56:24 123904 ----a-w- C:\WINDOWS\System32\wmpshell.dll
2017-03-18 04:55:42 566272 ----a-w- C:\WINDOWS\System32\quickassist.exe
2017-03-18 04:54:52 231424 ----a-w- C:\WINDOWS\System32\unregmp2.exe
2017-03-18 04:44:58 5632 ----a-w- C:\WINDOWS\SysWow64\msdxm.ocx
2017-03-18 04:44:58 5632 ----a-w- C:\WINDOWS\SysWow64\dxmasf.dll
2017-03-18 04:44:14 9216 ----a-w- C:\WINDOWS\SysWow64\spwmp.dll
2017-03-18 04:44:10 2560 ----a-w- C:\WINDOWS\SysWow64\wmerror.dll
2017-03-18 04:42:36 172032 ----a-w- C:\WINDOWS\SysWow64\wmpdxm.dll
2017-03-18 04:41:12 100352 ----a-w- C:\WINDOWS\SysWow64\wmpshell.dll
2017-03-18 04:41:10 9261568 ----a-w- C:\WINDOWS\SysWow64\wmploc.DLL
2017-03-18 04:40:32 458752 ----a-w- C:\WINDOWS\SysWow64\quickassist.exe
2017-03-18 04:39:50 190976 ----a-w- C:\WINDOWS\SysWow64\unregmp2.exe
2017-03-18 03:00:30 44032 ----a-w- C:\WINDOWS\System32\msdxm.tlb
2017-03-18 03:00:30 18944 ----a-w- C:\WINDOWS\System32\amcompat.tlb
2017-03-18 02:52:46 44032 ----a-w- C:\WINDOWS\SysWow64\msdxm.tlb
2017-03-18 02:52:46 18944 ----a-w- C:\WINDOWS\SysWow64\amcompat.tlb
2017-03-10 21:17:28 525600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1-1-0-42-1.dll
2017-03-10 21:17:20 233760 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-42-1.exe
2017-03-10 21:17:14 536864 ----a-w- C:\WINDOWS\System32\vulkan-1-1-0-42-1.dll
2017-03-10 21:17:10 254240 ----a-w- C:\WINDOWS\System32\vulkaninfo-1-1-0-42-1.exe
2017-03-04 06:18:32 198656 ------w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2017-02-10 09:26:14 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2017-02-10 09:26:14 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2017-02-10 09:26:14 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2017-02-10 09:21:38 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2017-02-10 09:21:36 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2017-02-10 09:21:36 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 0:56:28,91 ===============

Attached Files

attach.txt (7.2 KB)

↧