I am getting like 15 ad windows and tabs popping up every 20 seconds on all three of my browsers (chrome / opera / firefox). It slows them down a lot and I could barely make this post. Please help!

I also can't install some programs (like notepad++) as they give an error.

I tried scanning with malwarebytes, super antispyware, and spybot and they all said I was clean...

I have access to a Windows 10 install DVD.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by Eagleheart at 19:32:31 on 2017-05-06
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.4087.1319 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\nalserv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\nlssrv32.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe
C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe
C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InputMethod\CHS\ChsIME.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\ProgramData\{E39C195D-5437-AEF6-E760-32D15EAA0A04}\67D4855E-D07F-32F5-F3B5-C59E6BD3F961.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Avid\Application Manager\AvidApplicationManager.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
svchost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\Users\EAGLEH~1\AppData\Local\Temp\nse13F0.tmp\PEV.DAT
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uSearch Page = Google
uProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = wscript,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
uRun: [Google Update] C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [Spotify Web Helper] "C:\Users\Eagleheart\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Eagleheart\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Dropbox Update] "C:\Users\Eagleheart\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN47N3933Q05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
uRun: [need] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [kareem] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [spheres] "C:\Program Files (x86)\smee\spheres.exe"
uRun: [quickens] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [AppManHelper] C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BestCleaner] "C:\Program Files (x86)\BestCleaner\BestCleaner.exe"
mRun: [shylock] "C:\Program Files (x86)\gigas\commonality.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
mRunOnce: [DeleteOnReboot] C:\Users\EAGLEH~1\AppData\Local\Temp\DeleteOnReboot.bat
mRunOnce: [LaunchWUApp] C:\AMD\WU-CCC2\ccc2_install\LaunchWLApp.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AVIDAP~1.LNK - C:\Windows\Installer\{A59C0B17-6673-46E6-9E00-BB25E755A299}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 82.163.143.176 82.163.142.178
TCP: NameServer = 192.168.29.1
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} : DHCPNameServer = 192.168.29.1
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f}\F42716E676560284F6573756 : DHCPNameServer = 192.168.29.1
TCP: Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} : DHCPNameServer = 82.163.143.176
TCP: Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} : DHCPNameServer = 82.163.143.176
TCP: Interfaces\{b11b382c-d1e7-4a40-80c5-10bf9282c46d} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C00E5376-78AD-4525-B01C-2B76BDF8A052} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\ProgramData\Hotfresh\Roundfresh.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mWinlogon: Userinit = wscript,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [DigidesignMMERefresh] C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [mollison] "C:\Program Files (x86)\gigas\commonality.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} -
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eagleheart\AppData\Roaming\Mozilla\Firefox\Profiles\8orza2nr.default-1479765709963\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eagleheart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Eagleheart\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Eagleheart\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\System32\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2012-4-18 55856]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\WINDOWS\System32\drivers\vsflt53.sys [2013-8-30 141920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-27 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 cbfs3;cbfs3;C:\WINDOWS\System32\drivers\cbfs3.sys [2013-6-27 352008]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2016-11-21 155016]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2227312]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-4-22 305176]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AvidAssetDeliveryService;Avid Asset Delivery Service;C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe [2015-7-23 6748936]
R2 AvidProjectSyncService;Avid Project Sync Service;C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe [2015-7-23 6651656]
R2 AvidTransportClient;Avid Transport Client;C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [2015-7-23 6526728]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_e4ff5c;CDPUserSvc_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 cpuz135;cpuz135;C:\WINDOWS\System32\drivers\cpuz135_x64.sys [2012-5-27 21992]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\System32\drivers\diginet.sys [2015-10-13 21520]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2012-6-29 135168]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-29 66560]
R2 OneSyncSvc_e4ff5c;Sync Host_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2015-8-10 19552672]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2016-11-5 1153368]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-1 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2016-12-27 671696]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\WINDOWS\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S2 Hotfresh;Hotfresh;C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f "C:\ProgramData\\Hotfresh\\Hotfresh.dat" -l -a --> C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f C:\ProgramData\\Hotfresh\\Hotfresh.dat [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-1 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-12-30 131912]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 digiSPTIService64;digiSPTIService64;C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [2015-9-18 190464]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\WINDOWS\System32\drivers\evolve.sys [2013-9-7 21656]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-22 1432400]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-27 135584]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2016-12-27 32480]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-4 54736]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2011-9-1 15128]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-1-18 351520]
S3 LVUVC64;@oem55.inf,%PID_0824_DD%(UVC);Logitech Webcam C160(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-1-18 4758176]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-11-4 192216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_e4ff5c;MessagingService_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-8 2078216]
S3 paeusbaudio;paeusbaudio;C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [2015-10-13 260096]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [2015-10-13 62464]
S3 paeusbaudioks;paeusbaudioks;C:\WINDOWS\System32\drivers\paeusbaudioks_x64.sys [2015-10-13 46080]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_e4ff5c;Contact Data_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-1 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-14 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-1 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TesSafe;TesSafe;C:\WINDOWS\System32\TesSafe.sys [2013-8-2 159160]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-12 745368]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_e4ff5c;User Data Storage_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UserDataSvc_e4ff5c;User Data Access_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WacHidRouterPro;Wacom Hid Router Pro;C:\WINDOWS\System32\drivers\wachidrouter.sys [2016-12-27 119448]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2016-12-27 33960]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-14 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-4-12 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_e4ff5c;Windows Push Notifications User Service_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-14 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-5 43520]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2016-7-16 95744]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-10 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2017-05-07 01:52:00 -------- d-----w- C:\ProgramData\{F5C5B8F0-426E-0F5B-D86A-E08D30CDDC0F}
2017-05-07 01:52:00 -------- d-----w- C:\ProgramData\{E39C195D-5437-AEF6-E760-32D15EAA0A04}
2017-05-07 01:51:55 -------- d-----w- C:\ProgramData\{25ac6690-612c-1}
2017-05-07 01:51:55 -------- d-----w- C:\ProgramData\{115450ef-012c-0}
2017-04-14 16:35:41 -------- d-----w- C:\ProgramData\6ba54107-4d71-0
2017-04-14 16:35:40 -------- d-----w- C:\ProgramData\6ba54107-28d5-1
2017-04-14 10:34:18 -------- d-----w- C:\ProgramData\6ba54107-5337-0
2017-04-14 10:34:18 -------- d-----w- C:\ProgramData\6ba54107-36a5-1
2017-04-14 04:34:18 -------- d-----w- C:\ProgramData\6ba54107-4963-1
2017-04-14 04:34:18 -------- d-----w- C:\ProgramData\6ba54107-0b77-0
2017-04-13 19:45:51 -------- d-----w- C:\ProgramData\{4e4a7fdd-512c-0}
2017-04-13 19:45:51 -------- d-----w- C:\ProgramData\{0fbb199b-312c-1}
2017-04-12 14:25:03 6667520 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-04-12 14:23:59 7655424 ----a-w- C:\WINDOWS\System32\mos.dll
2017-04-12 14:22:59 2187616 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-04-12 14:21:59 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2017-04-12 14:21:59 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-04-12 14:21:59 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-04-12 14:21:58 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-12 14:21:58 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2017-04-12 14:21:58 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
.
==================== Find3M ====================
.
2017-05-06 21:24:07 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-04-01 18:52:38 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-28 06:36:11 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-28 06:36:08 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-28 06:36:05 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-28 06:36:05 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-28 06:36:05 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-28 06:35:59 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-28 06:32:26 198856 ----a-w- C:\WINDOWS\System32\wscapi.dll
2017-03-28 06:29:11 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-28 06:28:05 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-28 06:28:03 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-03-28 06:26:23 573280 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2017-03-28 06:26:21 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:26:20 754528 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2017-03-28 06:26:11 218520 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2017-03-28 06:22:07 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-28 06:21:27 167848 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2017-03-28 06:20:43 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-03-28 06:20:11 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-28 06:20:04 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-28 06:19:26 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-03-28 06:18:07 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-28 06:15:53 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-28 06:12:54 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-28 06:11:30 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-28 06:11:14 1860288 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2017-03-28 06:11:11 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2017-03-28 06:11:09 402784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-03-28 06:10:53 178528 ----a-w- C:\WINDOWS\System32\CloudExperienceHostUser.dll
2017-03-28 06:10:44 1157008 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-03-28 06:10:42 146776 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2017-03-28 06:10:41 7220184 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-03-28 06:10:29 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2017-03-28 06:09:48 97128 ----a-w- C:\WINDOWS\System32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-03-28 06:09:40 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-28 06:09:22 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-03-28 06:09:18 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2017-03-28 06:08:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-03-28 06:08:43 1267504 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-03-28 06:08:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-03-28 06:07:35 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-28 06:06:47 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-03-28 06:05:31 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-03-28 06:05:29 8168512 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-28 06:05:17 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-03-28 06:05:15 1848584 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-03-28 06:05:14 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-03-28 06:05:14 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-03-28 06:05:11 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-03-28 06:05:07 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-03-28 06:04:59 277344 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2017-03-28 06:04:58 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:54 1276760 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-03-28 06:04:53 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-28 06:04:39 116568 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-03-28 06:04:38 5721808 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-28 06:04:31 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-03-28 06:04:30 160088 ----a-w- C:\WINDOWS\System32\CloudExperienceHostBroker.dll
2017-03-28 06:04:17 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-03-28 06:02:55 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-28 06:00:09 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-28 06:00:05 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-28 05:59:05 2533728 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-28 05:59:01 4023008 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2017-03-28 05:58:45 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-28 05:58:44 372440 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-28 05:58:27 961192 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-03-28 05:53:54 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-03-28 05:53:54 1414728 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-03-28 05:52:00 306800 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-03-28 05:44:50 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-28 05:42:28 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-03-28 05:41:51 372736 ----a-w- C:\WINDOWS\System32\RDXTaskFactory.dll
2017-03-28 05:41:51 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-03-28 05:41:49 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2017-03-28 05:41:47 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2017-03-28 05:40:58 49664 ----a-w- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
2017-03-28 05:40:53 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-03-28 05:40:19 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-03-28 05:39:48 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-03-28 05:39:17 40960 ----a-w- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
2017-03-28 05:38:36 70656 ----a-w- C:\WINDOWS\SysWow64\XblAuthTokenBrokerExt.dll
2017-03-28 05:38:26 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-03-28 05:38:05 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
.
============= FINISH: 19:36:21.99 ===============

Attached Files

attach.txt (20.8 KB)

Hello!

Brand new computer (well, used, but new to me) and the same old virus problems.

The Avast Behavior Shield turns itself off every time I hit "Connect" on VZAccess manager during the last 24 hours. Avast does warn me that it's off and I click it back on manually. Says it's back on, but I have my doubts.

Particularly as when I tried to surf eBay, the website suddenly thought I lived in the Czech Republic. Yeah, I've changed my eBay password and my PayPal on a friend's clean computer already.

So here's the DDS log with the ATTACH, err, attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Lois at 19:58:07 on 2017-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2302.1316 [GMT -7:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [appnhost] C:\Users\Lois\AppData\Local\Mixesoft\AppNHost\appnhost.exe
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
StartupFolder: C:\Users\Lois\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
TCP: Interfaces\{F95CEED0-1F7A-4F22-8ADB-56E509B2E268} : NameServer = 77.234.40.79
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-2-9 311808]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2015-4-17 32600]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\aswNetSec.sys [2017-4-9 507928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-15 1007160]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-15 569192]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-15 128648]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-5-3 263304]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-5-3 310496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2016-8-12 5911720]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-4-9 29432]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-16 243744]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-16 158368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-5-3 7346208]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3;C:\Windows\System32\drivers\aswTap.sys [2014-9-27 44640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-10-7 114688]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2012-8-17 70672]
S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2012-8-17 173456]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2012-8-17 173456]
S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2012-8-17 12688]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2012-8-17 141840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-05-08 02:25:55 -------- d-sh--w- C:\$RECYCLE.BIN
2017-04-29 04:13:15 -------- d-----w- C:\Program Files (x86)\Fitbit Connect
2017-04-28 04:14:36 -------- d-----w- C:\Users\Lois\AppData\Roaming\Verizon
2017-04-28 04:13:31 -------- d-----w- C:\Program Files (x86)\Verizon
2017-04-12 03:24:42 -------- d-----w- C:\ProgramData\Visan
2017-04-10 03:27:20 507928 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2017-04-10 03:24:46 29432 ----a-w- C:\Windows\System32\drivers\aswNetNd6.sys
.
==================== Find3M ====================
.
2017-05-04 05:48:20 158368 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2017-05-04 05:48:19 339696 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-05-04 05:48:18 75704 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-05-04 05:48:18 38296 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-05-04 05:48:18 128648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-05-04 05:48:16 101152 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-05-04 05:46:07 1007160 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-05-04 05:46:06 32600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2017-05-04 05:45:17 49016 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-05-04 05:45:16 334576 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-05-04 05:45:14 190256 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-05-04 05:45:13 311808 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-04-12 02:56:27 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-04-12 02:56:27 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-29 16:21:48 478720 ----a-w- C:\Program Files (x86)\setup.exe
2016-09-29 16:21:44 2310144 ----a-w- C:\Program Files (x86)\openoffice413.msi
2015-10-09 04:08:14 6420480 ----a-w- C:\Program Files (x86)\GUT23E6.tmp
.
============= FINISH: 19:59:10.22 ===============

Attached Files

attach.txt (13.3 KB)

Hi. I've been using ESET NOD32 for years but I recently noticed that my computer is running slow/freezing a lot when I try to open a page.
Have anyone encoutered the same problem?

Hi,

I think I have been hacked, I've had all sorts of problems in the past months- then they stopped. Now they seem to have restarted.
Here is what happened today:

My computer became very slow.both online and off
I went to Event Viewer,

Here is what it said uder System:

Process **\MCUPDA~1.EXE pid (3800) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

McAfee is my antivirus program, isn't this strange?

I looked at past messages

Error 03/05/2017 15:27:43 Service Control Manager 7009 None
Error 03/05/2017 15:27:43 DistributedCOM 10005 None
Error 03/05/2017 15:27:43 Service Control Manager 7000 None
Error 03/05/2017 15:27:43 Service Control Manager 7009 None
Error 03/05/2017 15:27:43 DistributedCOM 10005 None
Error 03/05/2017 15:27:43 Service Control Manager 7000 None
Error 03/05/2017 15:27:43 Service Control Manager 7009 None
Error 03/05/2017 15:27:42 DistributedCOM 10005 None
Error 03/05/2017 15:27:42 Service Control Manager 7000 None
Error 03/05/2017 15:27:42 Service Control Manager 7009 None
Error 03/05/2017 15:27:42 DistributedCOM 10005 None
Error 03/05/2017 15:27:42 Service Control Manager 7000 None
Error 03/05/2017 15:27:42 Service Control Manager 7009 None
Error 03/05/2017 15:27:42 DistributedCOM 10005 None
Error 03/05/2017 15:27:42 Service Control Manager 7000 None
Error 03/05/2017 15:27:42 Service Control Manager 7009 None
Error 03/05/2017 15:27:41 DistributedCOM 10005 None
Error 03/05/2017 15:27:41 Service Control Manager 7000 None
Error 03/05/2017 15:27:41 Service Control Manager 7009 None
Error 03/05/2017 15:27:40 DistributedCOM 10005 None
Error 03/05/2017 15:27:40 Service Control Manager 7000 None
Error 03/05/2017 15:27:40 Service Control Manager 7009 None
Error 03/05/2017 15:27:40 DistributedCOM 10005 None
Error 03/05/2017 15:27:40 Service Control Manager 7000 None
Error 03/05/2017 15:27:40 Service Control Manager 7009 None
Error 03/05/2017 15:27:40 DistributedCOM 10005 None
Error 03/05/2017 15:27:40 Service Control Manager 7000 None
Error 03/05/2017 15:27:40 Service Control Manager 7009 None
Error 03/05/2017 15:27:39 DistributedCOM 10005 None
Error 03/05/2017 15:27:39 Service Control Manager 7000 None
Error 03/05/2017 15:27:39 Service Control Manager 7009 None
Error 03/05/2017 15:27:39 DistributedCOM 10005 None
Error 03/05/2017 15:27:39 Service Control Manager 7000 None
Error 03/05/2017 15:27:39 Service Control Manager 7009 None
Error 03/05/2017 15:27:38 DistributedCOM 10005 None
Error 03/05/2017 15:27:38 Service Control Manager 7000 None
Error 03/05/2017 15:27:38 Service Control Manager 7009 None
Error 03/05/2017 15:27:38 DistributedCOM 10005 None
Error 03/05/2017 15:27:38 Service Control Manager 7000 None
Error 03/05/2017 15:27:38 Service Control Manager 7009 None
Error 03/05/2017 15:27:38 DistributedCOM 10005 None
Error 03/05/2017 15:27:38 Service Control Manager 7000 None

This is just a chunk, there are more errors.

In task manager there was a program called 'program' that Action Center said was slowing down my computer.

What do you think? Isn't this hacking?
What should I do about it?

Thanks

Three Computers with AdwCleaner. Two work fine but one computer after the AdwCleaner scan will have a blue screen saying pc ran into a problem and will restart automatically. This happens when the "Clean" square is clicked.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by franc_000 at 17:57:39 on 2017-05-15
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.8100.5548 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AOMEI Backupper\ABService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\valWBFPolicyService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DPCardEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\vds.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DPAgent.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wsj.com/
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OneDrive] "C:\Users\franc_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series"
uRunOnce: [Uninstall C:\Users\franc_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\franc_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EaseUS TB Tray Agent] "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
mRun: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{7d925c13-4b86-4c70-910b-45229849cfb9} : DHCPNameServer = 209.18.47.62 209.18.47.61
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [CSFTrayApp] "C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" showtraymin
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - <orphaned>
x64-Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\WINDOWS\System32\ambakdrv.sys [2016-7-31 31192]
R0 CredFltL;CredFltL;C:\WINDOWS\System32\drivers\CredFltL.sys [2014-5-7 34048]
R0 EUBAKUP;EUBAKUP;C:\WINDOWS\System32\drivers\eubakup.sys [2014-4-5 60968]
R0 EUBKMON;EUBKMON;C:\WINDOWS\System32\drivers\EUBKMON.sys [2014-4-5 48168]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-11-24 791560]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symefasi64.sys [2017-3-23 1716896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-24 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20170510.003\BHDrvx64.sys [2017-5-11 1831064]
R1 ccSet_NS;NS Settings Manager;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ccsetx64.sys [2017-3-23 174240]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2014-3-24 92536]
R1 EUDSKACS;EUDSKACS;C:\WINDOWS\System32\drivers\eudskacs.sys [2014-4-5 18472]
R1 EUFDDISK;EUFDDISK;C:\WINDOWS\System32\drivers\EuFdDisk.sys [2014-4-5 192040]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170512.001\IDSvia64.sys [2017-5-12 1054872]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ironx64.sys [2017-3-23 291480]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symnets.sys [2017-3-23 567512]
R2 ammntdrv;ammntdrv;C:\WINDOWS\System32\ammntdrv.sys [2016-7-31 152024]
R2 amwrtdrv;amwrtdrv;C:\WINDOWS\System32\amwrtdrv.sys [2016-7-31 18392]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2016-7-31 52856]
R2 CDPUserSvc_49340;CDPUserSvc_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-4 3042544]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DellMgmtAgent;Dell Management Agent Service;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [2013-12-17 247136]
R2 DellMgmtLoader;Dell Security Framework Loader;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [2013-12-17 26464]
R2 DellMgmtServer;DELL Security Framework Local Server;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [2013-12-17 33632]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2014-3-20 33072]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2016-3-27 39616]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2014-4-5 135824]
R2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [2017-1-4 805632]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-9-11 382456]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-8-14 207648]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe [2017-3-23 326160]
R2 OneSyncSvc_49340;Sync Host_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-12-6 1248256]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [2016-11-17 156928]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2013-10-9 35328]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-3 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 cbfs3;EldoS Callback File System driver v3;C:\WINDOWS\System32\drivers\cbfs3.sys [2016-3-20 352144]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d65x64.sys [2015-9-12 547840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-5-10 156824]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2016-11-21 87696]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2017-1-4 23184]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_49340;Contact Data_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2017-1-4 21984]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_49340;User Data Storage_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_49340;User Data Access_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symelam.sys [2017-3-23 24616]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/03/24 20:58:09;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-11-17 19424]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S2 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [2017-1-4 805632]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2014-3-24 36520]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-3 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-12-26 38296]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\WINDOWS\System32\drivers\irstrtdv.sys [2014-3-24 43800]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2014-3-24 46568]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_49340;MessagingService_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-10 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-3 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SNXPPAMD;SUNIX Parallel Port Driver;C:\WINDOWS\System32\drivers\snxppamd.sys [2014-3-24 99424]
S3 SNXPSAMD;SUNIX Serial Port Driver;C:\WINDOWS\System32\drivers\snxpsamd.sys [2014-3-24 97888]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-3 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-10 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_49340;Windows Push Notifications User Service_49340;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-1 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-11 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== Created Last 30 ================
.
2017-05-14 20:41:17 -------- d---a-w- C:\Program Files (x86)\PrivaZer
2017-05-10 16:28:59 86528 ----a-w- C:\Program Files\Windows Defender\MpAsDesc.dll
2017-05-10 16:27:59 947712 ----a-w- C:\WINDOWS\System32\SystemSettings.Handlers.dll
.
==================== Find3M ====================
.
2017-05-15 21:37:41 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-15 21:37:24 150264 ------w- C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-05-14 13:51:33 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-05-14 13:24:23 1024 ---ha-w- C:\SYSTAG.BIN
2017-05-10 16:04:56 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-29 00:59:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-29 00:59:37 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:58:48 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-04-28 00:57:46 573280 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:17 704352 ----a-w- C:\WINDOWS\System32\AppVEntVirtualization.dll
2017-04-28 00:57:12 754528 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:56 2048488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:45 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-04-28 00:53:16 7784288 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:49:56 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-28 00:49:33 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:54 781144 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:58 601952 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:39:15 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2017-04-28 00:38:20 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-04-28 00:38:12 2915704 ----a-w- C:\WINDOWS\System32\combase.dll
2017-04-28 00:38:08 847200 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-04-28 00:36:34 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-04-28 00:36:29 408600 ----a-w- C:\WINDOWS\System32\tsmf.dll
2017-04-28 00:35:22 1414208 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-04-28 00:35:20 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-04-28 00:35:14 8170600 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-04-28 00:35:06 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-04-28 00:35:06 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-04-28 00:35:05 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-04-28 00:35:03 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-04-28 00:35:01 596040 ----a-w- C:\WINDOWS\System32\mf.dll
2017-04-28 00:34:58 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-04-28 00:34:57 443232 ----a-w- C:\WINDOWS\System32\MMDevAPI.dll
2017-04-28 00:34:56 244824 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-04-28 00:34:45 1277824 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-04-28 00:34:25 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-04-28 00:34:21 4674360 ----a-w- C:\WINDOWS\explorer.exe
2017-04-28 00:34:09 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-04-28 00:30:17 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-04-28 00:30:11 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-04-28 00:29:28 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-04-28 00:28:48 387864 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-04-28 00:28:41 453536 ----a-w- C:\WINDOWS\System32\services.exe
2017-04-28 00:28:39 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-28 00:23:19 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-04-28 00:23:10 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-04-28 00:22:46 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-04-28 00:22:16 165376 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2017-04-28 00:21:41 27648 ----a-w- C:\WINDOWS\SysWow64\BthTelemetry.dll
2017-04-28 00:21:26 73728 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2017-04-28 00:21:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-04-28 00:20:50 44032 ----a-w- C:\WINDOWS\SysWow64\virtdisk.dll
2017-04-28 00:20:47 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-04-28 00:19:26 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-28 00:19:15 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2017-04-28 00:19:05 138240 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2017-04-28 00:18:43 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2017-04-28 00:18:37 255488 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-04-28 00:18:35 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-04-28 00:17:57 136192 ----a-w- C:\WINDOWS\SysWow64\WinRtTracing.dll
2017-04-28 00:17:50 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2017-04-28 00:17:36 95232 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2017-04-28 00:17:30 328192 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-04-28 00:17:01 142336 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
.
============= FINISH: 17:58:12.86 ===============

Attached Files

attach.txt (6.1 KB)

I wasn't sure whether to post this in computer security or internet but I chose computer security because it most likely be a virus or malware of some sort. This hasn't happened before and all other devices run the same as before so I'm assuming it must be a virus/malware. Thanks for taking the time to read!

Attached Files

	attach.txt (5.0 KB)
	dds.txt (32.3 KB)

[B]I was away from my computer with it being off, but on standby. Furthermore the Ethernet cable was still plugged in. Upon return, I have had internet problems. The issue has arisen between 28th March to 18th April.

• I have not done any of the following steps in safe-mode.
• No other users on this desktop have been utilized in years.
• It is not a problem of internet as several other devices work perfectly from my port and through my login (as it is university internet).
• On looking at the network connection properties, it is automatically obtaining an IPv6 address, a DNS server address and an IP address.

I am mildly computer fluent and have tried to follow many routes, but haven't had good results.
Is it possible that malware, virus, rootkit etc has been removed, but settings are still changed and therefore prohibiting my internet speeds?

I would really appreciate any help as being a student, this computer is my lifeline, especially during exam time at the moment.

Using SpeedOf.me, results shown below,
Latency:1685ms
Max Download 140kbps
Max Upload: 10kbps

Whilst pages load extremely slowly, the internet is still up and online. It feels like something is restricting the speeds. Also,my computer is running slower in relation to normal file browsing processes etc.

I have uninstalled and re-downloaded the Realtek PCIe GBE Family Controller Drivers before and after each of these steps.

• Bullguard antivrus full scan,
• Malware bytes 3
• Hitman Pro
• Kasperky tdsskiller

in this order.

This has applied to all browsers, even after deleting and reinstalling chrome. Chrome had its home page settings changed and after being changed, would revert to the homepage in question. After running malwarebytes and changing it back, this was no longer an issue.

I also discovered that Bullguard settings had been altered and had lowered security level for antivirus. I was able to change these without them reversing.

Tdss killer found no issues.

I have flushed the dns cache using ipconfig /flushdns in administrator CMD prompt.
I have performed this in adminstator CMD Prompt as well "netsh winsock reset".
I have restarted the computer and performed all updates, apart from windows 10.

Malware Bytes found and removed several issues, but the logs do not extend far back enough now, so I don't think there is a way for me to find out what it removed.

In Folder options, having selected:
Show hidden files, folders, and drives,
and unselected:
hide extensions for known file types
Hide protected operating system files (recommended)

I ran malwarebytes3 again with no more issues found.
I am not sure if it does it automatically, but
Hide protected operating system files (recommended)
has automatically been reselected.


Bullguard has reported on these issues.


---------------------------------------------



C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe

Details

Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:47:15

Actions

Move to quarantine: Succeeded


-------------------------------------

C:\Users\James\AppData\Local\Apowersoft\Online Video Converter\unins000.exe

Details

Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:46:35

Actions

Move to quarantine: Succeeded


--------------------------------------------

(handtyped this due to no export log)

ATTACK NAME- PORT SCAN
ATTACKER IP- 10.201.34.216 (v3749-0ac92d8.wifi.cf.ac.uk
EVENT TIME- 2017-05-12 14:14:12
ATTACKER MAC- 74-D4-35-E7-1F-89



--------------------------------


Malware Bytes discovered this.


Suspected file: unins000.exe

Risk: high
Path: C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe

Details
• The program unins000.exe attempted to delete itself.

Files modified
• C:\USERS\JAMES\APPDATA\LOCAL\TEMP\_IU14D2N.TMP (created)

Registry modified
• \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER:PendingFileRenameOperations (modified: old_value=[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log], new_value =[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log, \??\C:\Users\James\AppData\Local\Temp\_iu14D2N.tmp


--------------------------------------------
"_IU14D2N.TMP" is still in "C:\Users\James\AppData\Local\Temp"
1.13 MB and modified on 02/05/17.

whenever i try ti download some songs or software some unwanted file in system after those.system start react differently like some unwanted pop ups, some new type of home page set automatically,etc.

I've been referred here by a fellow member. The original post is located here;http://www.techsupportforum.com/foru...d-1193602.html I'm not convinced I have malware or Trojans as I always use Microsoft security essentials, and keep it updated. But I do seem to have problems completing the tasks Corday asked. I do not have a CD or install disk for my Win 7 Ultimate. I have a Bootable usb drive with it. I would like to restore my IE Explorer if possible without OS re install. Thank You
Ron

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Ron at 13:07:39 on 2017-05-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24567.21691 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\M-Audio\Fast Track C600\AudioDevMon.exe
C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = myyahoo.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [HP Officejet Pro 8620 (NET)] "C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe" -deviceID "CN465C403H:NW" -scfn "HP Officejet Pro 8620 (NET)" -AutoStart 1
mRun: [Conime] C:\Windows\System32\conime.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1D52BABE-F82C-476C-8E19-10D2A4CEEC83} : NameServer = 172.20.1.1
TCP: Interfaces\{23EFABCA-111D-433B-9B6B-BBA04F546AFE} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - LocalServer32 - <no file>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - LocalServer32 - <no file>
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6uuus7.default-1494960953674\
FF - prefs.js: browser.startup.homepage - myyahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Users\Ron\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-9-1 26528]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-6-4 389968]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 FastTrackC600AudioDevMon;Fast Track C600 Audio Device Monitor;C:\Program Files (x86)\M-Audio\Fast Track C600\AudioDevMon.exe [2014-8-18 574184]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-9-13 47330344]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 GOLDFINGER;Service for M-Audio Fast Track C600;C:\Windows\System32\drivers\MAudioFastTrackC600.sys [2014-8-18 528104]
R3 GOLDFINGERDFU;Service for M-Audio Fast Track C600 DFU;C:\Windows\System32\drivers\MAudioFastTrackC600_DFU.sys [2014-8-18 31464]
R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\System32\drivers\L6TPortB64.sys [2015-8-21 777728]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-11-13 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 NIWinCDEmu;ISO Mounter driver;C:\Windows\System32\drivers\NIWinCDEmu.sys [2015-8-24 112408]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe --> C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [?]
S3 grmobileavs;Guitar Rig Mobile I/O WDM Audio;C:\Windows\System32\drivers\grmobileavs.sys [2011-4-11 358480]
S3 grmobileusb_svc;Guitar Rig Mobile I/O;C:\Windows\System32\drivers\grmobileusb.sys [2011-4-11 97360]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 26680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-5-17 116224]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [2015-4-27 1065312]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\drivers\KORGUM64.SYS [2011-3-30 33656]
S3 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-9-1 2909472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-12 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-12 29696]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2012-8-15 30208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-12 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-7 1255736]
S3 WsDrvInst;Wondershare Driver Install Service; [x]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2015-7-16 26776]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [2017-1-3 440832]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-05-17 16:23:51 -------- d--h--w- C:\Windows\msdownld.tmp
2017-05-16 18:32:43 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37FD5E11-9C66-415D-9CF1-5CEEF0501384}\gapaengine.dll
2017-05-16 18:32:31 12994104 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FAFC174-7499-4679-98A1-7F73D4FDE154}\mpengine.dll
2017-05-15 15:17:35 12994104 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-05-03 14:07:06 -------- dc-h--w- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
2017-04-28 19:29:13 -------- dc-h--w- C:\ProgramData\{F0F3660E-3963-4E9E-B44E-192B34C6DECD}
2017-04-27 16:26:45 -------- dc-h--w- C:\ProgramData\{6765FF4A-D3FF-48F4-8F6F-D61DA603637B}
2017-04-27 00:17:36 -------- dc-h--w- C:\ProgramData\{E71D880F-E3CD-4075-B318-369A8C1E916A}
.
==================== Find3M ====================
.
2017-05-16 19:34:05 803320 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-05-16 19:34:05 144888 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-05-15 18:22:19 272 ----a-w- C:\Users\Ron\AppData\Roaming\msregsvv.dll
2017-04-28 19:44:12 320 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2017-04-28 01:14:59 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-04-28 01:14:09 706792 ----a-w- C:\Windows\System32\winload.efi
2017-04-28 01:14:08 5547240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-04-28 01:14:05 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-04-28 01:14:05 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-04-28 01:11:49 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-04-28 01:09:59 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2017-04-28 00:36:36 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-04-28 00:36:36 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-04-28 00:34:21 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-04-28 00:19:29 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-04-28 00:19:26 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-04-28 00:19:25 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-04-28 00:18:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-04-28 00:15:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-04-28 00:14:54 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-04-28 00:12:14 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-04-28 00:11:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-04-28 00:11:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-04-28 00:11:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-04-28 00:10:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-04-28 00:10:53 112640 ----a-w- C:\Windows\System32\smss.exe
2017-04-28 00:08:07 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-04-28 00:08:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-04-28 00:08:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-04-28 00:08:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-04-28 00:07:21 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-04-28 00:07:13 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-04-28 00:07:13 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-28 00:07:13 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-28 00:07:13 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-04-26 14:59:15 3220992 ----a-w- C:\Windows\System32\win32k.sys
2017-04-21 15:34:00 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2017-04-21 15:15:28 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2017-04-17 15:37:31 512000 ----a-w- C:\Windows\System32\rpcss.dll
2017-04-17 15:37:29 876544 ----a-w- C:\Windows\System32\oleaut32.dll
2017-04-17 15:37:29 26112 ----a-w- C:\Windows\System32\oleres.dll
2017-04-17 15:37:29 2065408 ----a-w- C:\Windows\System32\ole32.dll
2017-04-17 15:37:20 8704 ----a-w- C:\Windows\System32\comcat.dll
2017-04-17 15:12:24 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2017-04-17 15:12:24 26112 ----a-w- C:\Windows\SysWow64\oleres.dll
2017-04-17 15:12:24 1417728 ----a-w- C:\Windows\SysWow64\ole32.dll
2017-04-17 14:54:48 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2017-04-16 09:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-04-16 09:16:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-04-16 08:57:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-04-16 08:55:41 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-04-16 08:55:24 417792 ----a-w- C:\Windows\System32\html.iec
2017-04-16 08:54:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-04-16 08:54:39 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-04-16 08:37:33 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-04-16 08:37:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-04-16 08:36:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-04-16 08:25:51 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-04-16 08:19:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-04-16 08:18:59 5977600 ----a-w- C:\Windows\System32\jscript9.dll
2017-04-16 08:11:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-04-16 08:10:56 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-04-16 08:02:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-04-16 08:01:42 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-04-16 08:01:40 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-04-16 08:01:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-04-16 08:00:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-04-16 07:47:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-04-16 07:46:56 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-04-16 07:37:51 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-04-16 07:37:40 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-04-16 07:30:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-04-16 07:29:28 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-04-16 07:08:57 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-04-16 07:08:30 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-04-16 07:08:11 4548608 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-04-16 07:04:52 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-04-16 06:37:47 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-04-12 15:32:24 229376 ----a-w- C:\Windows\System32\wintrust.dll
2017-04-12 15:32:10 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2017-04-12 15:32:10 1483776 ----a-w- C:\Windows\System32\crypt32.dll
2017-04-12 15:32:10 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2017-04-12 15:26:12 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2017-04-12 15:25:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2017-04-12 15:25:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2017-04-12 15:25:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2017-04-07 22:06:58 532136 ------w- C:\Windows\System32\MpSigStub.exe
2017-04-07 15:34:43 986856 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-04-07 15:34:43 265448 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2017-04-07 15:30:55 405504 ----a-w- C:\Windows\System32\gdi32.dll
2017-04-07 15:30:53 144384 ----a-w- C:\Windows\System32\cdd.dll
2017-04-07 15:22:12 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2017-04-05 14:55:36 460800 ----a-w- C:\Windows\System32\drivers\srv.sys
2017-04-05 14:55:28 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2017-04-05 14:55:23 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2017-04-04 15:34:38 1895656 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2017-04-04 15:34:36 377576 ----a-w- C:\Windows\System32\drivers\netio.sys
2017-04-04 15:34:36 287976 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2017-04-04 14:53:18 496128 ----a-w- C:\Windows\System32\drivers\afd.sys
2017-04-04 14:53:05 117760 ----a-w- C:\Windows\System32\drivers\tdx.sys
.
============= FINISH: 13:07:58.94 ===============

Attached Files

attach.txt (14.7 KB)

So I was told to bring this over here from here: http://www.techsupportforum.com/foru...w-1192673.html So I'm having a big issue right now getting rid of AVG. It has effectively become adware as all it does is hits me with ads every half hour. The ads are intrusive to other programs, even ones in full screen. They won't go away until you hit the close button and when you do, it forces you out of the program and back to the desktop. It has been causing quite a bit of aggravation so I'm on a mission to remove it. First I uninstalled it using it's own uninstaller (perhaps that was the mistake) and then downloaded the AVG Remover and used that hoping it would remove it entirely. It did not. Even after several runs of the remover, ads were still popping up. The ads stayed intact while the program itself was gone. AVG is officially Adware and I think it should be added to the list.

Going into the task manager, I found 2 processes related to AVG, "avgui.exe" and "AVGSvc.exe". All attempts to end these process result in this:



I even tried using the Command Prompt:




So I downloaded Revo Uninstaller to help remove the program. It found quite a bit of leftovers that the remover "missed" and removed them. But it seems even after 3 restarts, it missed whatever is allowing those 2 processes to remain. And it just so happens that apparently those processes are responsible for the ads. So I thought that maybe because they are running they can't be removed even by Revo. So maybe I have to get them to be not running, then remove them. So I went into MSConfig, went to the startup and unchecked anything related to AVG in hope that on my next restart, AVG would not come with it. Again, I was wrong. Even after removing AVG from the startup, it had no problem starting up avgui.exe and showing me those lovely always on top ads.

I don't know what to do from here, other than do a complete format on my PC which I really don't want to do as that means at least a few hours of reinstalling everything just to get rid of one Adware. The one thing I haven't tried is trying to shut it down a delete it in Safe Mode. Though I don't know if that will help. Any help at all in this matter would be greatly appreciated.

What is that? Colored orange for severity on my MBAM scan.

File: 2
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, No Action By User, [2544], [359410],1.0.1802
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, No Action By User, [2544], [359410],1.0.1802

Hi, I've been recently infected with that sticky virus (my IE 11 is keep opening this link) and actually I have no clue left, how do I get rid of this manace. :facepalm:
Will appreciate any help, I'm sure, I wouldn't be the only one...
Thanks in advance... :)

i5
4 GB RAM2
500 GB
Windows 7 Ultimate

For a few months now, at random intervals, there will be a knocking sound played through my headphones as if someone is knocking at my door. I have seen this audio used to prank people, but it is somewhere on my computer and I can't find the process responsible. Also, starting today a cmd prompt has been opening and closing randomly and it's too quick for me to catch, any ideas?

There is virus that is occurring that pops up a webpage that is very difficullt to close. It pertends to be a Microsoft Support site, but uses what seem to be random letter .us domains.

Examples-

lvsdigw._us
ffwzbv._us

Underbars added for safety.

OS = WIN-XT
Browser = Firefox 52.1.2
Computer = Dell Insperon 530

It's my mother's computer, she's 93, and doesn't need much.

---------------------
DDS.txt File -
---------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by SRB1 at 18:55:37 on 2017-05-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.1895 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
C:\Program Files\Raxco\PerfectUpdater\perfectupdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
E:\Internet\FireFox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071012
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = Google
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PDHookServer] c:\program files\avanquest\powerdesk\PDHookServer.exe
uRun: [PUReminder] c:\program files\raxco\perfectupdater\perfectupdater.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SystemTray] SysTray.Exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267575219265
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : NameServer = 207.177.24.2,207.177.24.3,8.8.8.8
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : NameServer = 207.177.24.2,167.142.225.3
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\windows\system32\FileMonitor32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\srb1\application data\mozilla\firefox\profiles\dcnu8t2q.default-1461271856187\
FF - prefs.js: browser.startup.homepage - file:///E:/Internet/momhome.htm
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1228198.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_221.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [2016-6-10 170840]
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-10-17 30808]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2016-6-2 165296]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2016-6-8 57264]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2016-6-15 77656]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2017-1-10 128496]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2017-1-10 796384]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2016-6-1 41392]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [2016-5-18 82352]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2016-5-18 71088]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2016-6-14 165088]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2016-6-28 241544]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2016-6-1 69000]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2017-1-10 159448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2016-5-23 50080]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2016-5-19 44976]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2015-6-7 37040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ab8d2cadb36d;Google Update Service (gupdate1c9ab8d2cadb36d);c:\program files\google\update\GoogleUpdate.exe [2009-3-23 144200]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [2016-6-22 42336]
S3 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [2016-6-28 241544]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\62A77F3E.sys [2016-8-23 170200]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-10-17 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-10-17 14336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2017-05-18 20:45:47 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-05-18 20:45:47 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 20:09:48 2404 ----a-w- c:\windows\system32\ASOROSet.bin
2017-04-11 10:32:02 159448 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-04-11 10:32:00 128496 ----a-w- c:\windows\system32\drivers\klhk.sys
2017-03-14 09:50:34 165088 ----a-w- c:\windows\system32\drivers\kneps.sys
.
============= FINISH: 18:56:08.62 ===============

ATTACH.txt file attached.
-------------------------

Steve/bluewizard

Attached Files

attach.txt (15.7 KB)

My computer has been running worse and worse. Slow, have to reboot a lot, now I am getting pop-up ads. I also get some windows box that pops up when I am playing chess. Sometimes I can hear an ad playing somewhere. I think I have some issues here. Can you please help me?
I read the instructions and ran the program you asked to run. I have attached the results.

Attached Files

	attach.txt (5.9 KB)
	dds.txt (18.8 KB)

https://www.flickr.com/photos/151373.../shares/7423K0

https://gyazo.com/ff587f08f12f50433f7a9159c0d36186

I think my win10 has a Trojan named "Cerberus.exe" (it tries to modify or run applications). I tried taskkilling it with command prompt, but it didn't work. I'd appreciate any help. And the folder my computer said it's in, happens to be empty..

Hello, I've just created this account because I have a potentially serious problem that I believe may be a virus. I'm a software engineer for a financial corporation. Without going into excessive detail, a virus (I suppose spyware specifically) on my work computer could lead to very sensitive information being stolen.

Due to this, I can only work with established and reputable users at this forum.

I know there is a thread on a taskeng.exe malware issue from a while back, but my issue is a little bit of a different animal.

So allow me to start from the beginning. In high school I used to use a program called "SCAR Divi" to write programs (bots) to play video games for me. I loved making bots and exploiting vulnerabilities in games to cheat/hack my way to the top back in those days. Now come to today, I work full-time as a software engineer. I wanted to find a way to automate many of my tasks that are repetitive to speed up my day-to-day work.

So I looked up SCAR Divi and found the main site (https://scar-divi.com/) and downloaded it (version 3.41.00). As I ran the program, it was slow, failed often, many features were no longer functioning. It was like the fast reliable version from the past had been corrupted or something. I uninstalled the program/deleted the files and went on with life, giving up on making automation scripts.

Ever since that time, my computer has been half as fast, and freezes/hangs for frustratingly long periods of time during all tasks. I told people I thought I had a virus, but when Symantec (their AV) showed no virus, they told me I was fine. I don't have that much faith, but I had work to do so I ignored it and just dealt with the slowness (if I needed to wipe the hard drive and get a fresh new system it would be a serious headache for the company).

Then just today (6/5/17) I started having this phenomenon occur where taskeng.exe opened as a command prompt window, displayed nothing, and quickly closed. This has happened multiple times today. I've been told that this is often the result of malware. So now I'm back wondering if this is the virus that I suspected has been on my system for so long. OR it could be a separate malware altogether.

All antivirus programs say my system is clean, and I'm a Java developer and Database maintenance guy, not a virus expert so I'm not sure how to determine what kind of malware I have on my system, and the IT guy is inaccessible.

Can someone please help me?

I downloaded a well known video converter program but obviously not from a reliable source as it blocked me from opening edge, certain programs and folders etc. I did a scan with Kaspersky and found some threats which i deleted. I also did a scan with malwarebytes and that found a lot more than Kaspersky. Although laptop seems to be running ok, malwarebytes keeps finding infected files etc.

I do not have access to a install disc or boot CD

Thanks


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by Lee at 21:16:56 on 2017-06-06
Microsoft Windows 10 Home 10.0.14393.0.1252.44.2057.18.8109.5477 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHeciSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\openvpn.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uLocal Page = %11%\blank.htm
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
uRun: [OneDrive] "C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPAUDI~1.LNK - C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPJUMP~1.LNK - c:\windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{a6f62284-44ca-4a38-9934-3f0b4163ed90} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{bc60b223-6ff5-4156-a5f9-42e9775d88e9} : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2016-5-31 791560]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-12-1 48992]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-8 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2017-5-25 229288]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2017-6-6 112912]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-12-1 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-12-1 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2017-2-19 509728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2016-12-27 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-6-1 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2016-12-27 136416]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 199392]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [2016-6-28 241544]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_600bd;CDPUserSvc_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-7-6 3971264]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe [2016-12-6 480216]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 esifsvc;ESIF Upper Framework Service;C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [2016-9-5 1585784]
R2 HPJumpStartBridge;HP JumpStart Bridge;C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [2016-6-2 459800]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-4-26 33640]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [2016-1-11 606224]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 IDMWFP;IDMWFP;C:\WINDOWS\System32\drivers\idmwfp.sys [2017-5-25 223464]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe [2016-12-6 341976]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2016-5-16 215328]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-6-1 78216]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
R2 OneSyncSvc_600bd;Sync Host_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2016-9-5 614664]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-9-5 312576]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-5-19 266872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-12-1 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-5-3 3732896]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\WINDOWS\System32\drivers\anvsnddrv.sys [2016-11-26 34416]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-11 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-9-5 65088]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2016-9-5 343608]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-10-15 174600]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-10-7 822248]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2017-2-19 197336]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2017-6-6 168736]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-19 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 kltap;Kaspersky Security Data Escort Adapter;C:\WINDOWS\System32\drivers\kltap.sys [2016-6-7 52152]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2017-6-1 87584]
R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2017-6-6 251656]
R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2017-5-25 173144]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-6-7 7231248]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-9-5 935168]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-9-5 72824]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-16 719872]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2016-4-14 31656]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-31 28792]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-7-6 143144]
S2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2016-5-23 350064]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-12-1 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-7-6 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2016-5-23 210288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2016-2-19 974632]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-12-1 64352]
S3 MessagingService_600bd;MessagingService_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-5-3 268704]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_600bd;Contact Data_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-9-5 413912]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-11 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-16 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-9-5 60008]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-12-1 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_600bd;User Data Storage_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_600bd;User Data Access_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_600bd;Windows Push Notifications User Service_600bd;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-12-1 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-06 19:24:29 -------- d-----w- C:\Program Files (x86)\ChrisPC Free VideoTube Downloader
2017-06-06 10:51:26 251656 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_klark.sys
2017-06-06 10:50:20 112912 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys
2017-06-01 07:33:54 87584 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
2017-05-25 20:03:04 -------- d-----w- C:\Users\Lee\AppData\Local\UNP
2017-05-25 19:06:14 229288 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys
2017-05-25 19:06:14 173144 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_mark.sys
2017-05-25 18:58:02 -------- d---a-w- C:\Program Files\UNP
2017-05-25 18:58:02 -------- d-----w- C:\WINDOWS\System32\UNP
2017-05-25 15:54:35 223464 ----a-w- C:\WINDOWS\System32\drivers\idmwfp.sys
2017-05-14 15:01:04 446152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-05-14 14:59:34 28360 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-05-14 14:47:44 207040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-05-11 20:00:59 426496 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
2017-05-11 19:53:37 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2017-05-11 19:52:59 946688 ----a-w- C:\WINDOWS\System32\wsp_sr.dll
2017-05-11 19:51:59 30208 ----a-w- C:\WINDOWS\System32\odbcconf.dll
2017-05-11 19:50:59 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
.
==================== Find3M ====================
.
2017-04-30 08:57:06 23872 ----a-w- C:\WINDOWS\HPCUST2.exe
2017-04-29 00:59:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-29 00:59:37 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:58:48 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:56 2048488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:45 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-04-28 00:53:16 7784288 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:49:56 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-28 00:49:33 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:54 781144 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:58 601952 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:39:15 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2017-04-28 00:38:20 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-04-28 00:38:12 2915704 ----a-w- C:\WINDOWS\System32\combase.dll
2017-04-28 00:38:08 847200 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-04-28 00:36:34 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-04-28 00:36:29 408600 ----a-w- C:\WINDOWS\System32\tsmf.dll
2017-04-28 00:35:22 1414208 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-04-28 00:35:20 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-04-28 00:35:14 8170600 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-04-28 00:35:06 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-04-28 00:35:06 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-04-28 00:35:05 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-04-28 00:35:03 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-04-28 00:35:01 596040 ----a-w- C:\WINDOWS\System32\mf.dll
2017-04-28 00:34:58 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-04-28 00:34:57 443232 ----a-w- C:\WINDOWS\System32\MMDevAPI.dll
2017-04-28 00:34:56 244824 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-04-28 00:34:45 1277824 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-04-28 00:34:25 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-04-28 00:34:21 4674360 ----a-w- C:\WINDOWS\explorer.exe
2017-04-28 00:34:09 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-04-28 00:30:17 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-04-28 00:30:11 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-04-28 00:29:28 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-04-28 00:28:48 387864 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-04-28 00:28:41 453536 ----a-w- C:\WINDOWS\System32\services.exe
2017-04-28 00:28:39 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-28 00:23:19 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-04-28 00:23:10 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-04-28 00:22:46 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-04-28 00:22:16 165376 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2017-04-28 00:21:41 27648 ----a-w- C:\WINDOWS\SysWow64\BthTelemetry.dll
2017-04-28 00:21:26 73728 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2017-04-28 00:21:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-04-28 00:20:50 44032 ----a-w- C:\WINDOWS\SysWow64\virtdisk.dll
2017-04-28 00:20:47 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-04-28 00:19:26 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-28 00:19:15 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2017-04-28 00:19:05 138240 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2017-04-28 00:18:43 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2017-04-28 00:18:37 255488 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-04-28 00:18:35 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-04-28 00:17:57 136192 ----a-w- C:\WINDOWS\SysWow64\WinRtTracing.dll
2017-04-28 00:17:50 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2017-04-28 00:17:36 95232 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2017-04-28 00:17:30 328192 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-04-28 00:17:01 142336 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
2017-04-28 00:16:36 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2017-04-28 00:16:31 392192 ----a-w- C:\WINDOWS\SysWow64\Windows.Gaming.Input.dll
2017-04-28 00:16:31 203776 ----a-w- C:\WINDOWS\SysWow64\credprovhost.dll
2017-04-28 00:16:24 118272 ----a-w- C:\WINDOWS\SysWow64\AppointmentActivation.dll
2017-04-28 00:16:23 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-04-28 00:16:23 113152 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Lights.dll
2017-04-28 00:16:16 315904 ----a-w- C:\WINDOWS\SysWow64\Windows.Gaming.XboxLive.Storage.dll
.
============= FINISH: 21:17:42.85 ===============

Attached Files

attach.txt (9.2 KB)

Here is dds.txt (header removed for privacy reasons):-

AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Extreme Picture Finder 3\EPF.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
mRun: [USB Security] c:\program files\usb disk security\USBGuard.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{091DB5C2-36F9-423B-B070-492FA38509E8} : DHCPNameServer = 192.168.10.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\moaxxam\appdata\roaming\mozilla\firefox\profiles\d4o397bv.default\
FF - plugin: c:\program files\verimatrix\viewright web\npViewRight.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 25696]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-3-6 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145224]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-3-6 356128]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-14 164864]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-3-6 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-3-6 25696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2017-4-5 317400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-06-07 21:39:22 -------- d-----w- c:\programdata\Extreme Picture Finder
2017-06-07 21:39:22 -------- d-----w- c:\program files\Extreme Picture Finder 3
2017-06-07 20:59:24 -------- d-----w- c:\program files\ConvertHelper3
2017-06-07 20:59:17 -------- d-----w- c:\users\moaxxam\appdata\local\Programs
2017-06-07 20:29:15 -------- d-----w- c:\users\moaxxam\dwhelper
2017-06-07 20:02:00 -------- d-----w- c:\users\moaxxam\Tracing
2017-06-07 20:01:49 -------- d-----r- c:\program files\Skype
2017-06-07 19:58:13 -------- d-----w- c:\programdata\Package Cache
2017-06-07 14:30:39 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2017-06-07 14:29:42 -------- d-----w- c:\programdata\Verimatrix
2017-06-07 07:40:02 -------- d-----w- c:\users\moaxxam\appdata\roaming\WhatsApp
2017-06-07 07:39:48 -------- d-----w- c:\users\moaxxam\appdata\local\WhatsApp
2017-06-07 07:39:31 -------- d-----w- c:\users\moaxxam\appdata\local\SquirrelTemp
2017-06-07 07:19:34 -------- d-----w- c:\program files\common files\AV
2017-06-07 07:11:32 -------- d-----w- c:\windows\Migration
2017-06-07 07:05:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2017-06-07 07:05:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2017-06-07 07:05:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2017-06-07 07:05:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2017-06-07 07:05:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2017-06-07 07:03:34 -------- d-----w- c:\windows\ELAMBKUP
2017-06-07 07:03:32 -------- d-----w- c:\programdata\Kaspersky Lab
2017-06-07 07:03:32 -------- d-----w- c:\program files\Kaspersky Lab
2017-06-07 07:03:27 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-06-07 06:43:40 10555024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2d18c77f-f06c-4051-b7a6-584794d2b011}\mpengine.dll
2017-06-07 06:32:53 736952 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2017-06-07 06:32:20 1707160 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2017-06-07 06:31:32 42168 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2017-06-07 06:31:23 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2017-06-07 06:25:31 -------- d-----w- c:\users\moaxxam\appdata\roaming\Opera Software
2017-06-07 06:25:31 -------- d-----w- c:\users\moaxxam\appdata\local\Opera Software
2017-06-06 06:31:44 -------- d-----w- c:\users\moaxxam\appdata\local\Microsoft Help
2017-06-02 19:21:47 -------- d-----w- c:\users\moaxxam\appdata\local\ACDPhotoEditor
2017-06-01 19:11:08 -------- d-----w- c:\users\moaxxam\appdata\roaming\MPC-HC
2017-05-31 20:11:56 -------- d-----w- c:\program files\SuperCopier2
2017-05-31 07:01:14 315904 ----a-w- c:\windows\IsUninst.exe
2017-05-22 17:55:36 -------- d-----w- c:\windows\Panther
2017-05-22 06:57:44 -------- d-----w- c:\programdata\ACD Systems
2017-05-22 06:57:44 -------- d-----w- c:\program files\common files\ACD Systems
2017-05-22 06:57:44 -------- d-----w- c:\program files\ACD Systems
2017-05-22 06:55:59 -------- d-----w- c:\windows\Downloaded Installations
2017-05-22 06:45:19 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2017-05-22 06:45:19 30512 ----a-w- c:\windows\system32\mdimon.dll
2017-05-22 06:44:51 -------- d-----w- c:\windows\PCHEALTH
2017-05-22 06:44:09 -------- d-sh--w- c:\windows\Installer
2017-05-22 05:15:51 217176 ----a-w- c:\windows\system32\unrar.dll
2017-05-22 05:15:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2017-05-22 05:15:31 -------- d-----w- c:\program files\VideoLAN
2017-05-22 05:15:04 -------- d-----w- c:\program files\USB Disk Security
2017-05-22 05:14:18 -------- d-----w- c:\windows\system32\wbem\Performance
2017-05-22 05:10:25 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2017-06-07 07:18:30 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2017-06-07 07:18:30 145224 ----a-w- c:\windows\system32\drivers\kneps.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2017-06-07 07:18:27 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 4:21:14.25 ===============

attach.txt is attached.
I don't have boot cd.

Original post can be found here:-

hxxp://www.techsupportforum.com/forums/f112/kaspersky-2013-i-s-found-vulnerbilities-what-should-i-do-1196706.html

Thank you in advance.

Attached Files

attach.txt (7.3 KB)

My laptop is a Surface pro 3, running the latest windows 10, Office 2013 Pro with Bitdefender Total Security and recently the free version of Malwarebytes. My phone a Lumia 950. I have several email accounts, two from my internet provider and two using my own domain, hosted by the same provider.

Over the past several months the amount of spam has dramatically increased, especially on the accounts from my own domain. Generally identified as spam and sometimes picking up legitimate mail. This has been annoying but with now success in preventing it, I have simply put up with it.

However, more recently, I have received notices from my provider, that some messages with attachments containing virus were blocked. As I check the sender it is my domain, but not one of my email address. And very recently an old Facebook account was reactivated, but not by me.(for this I have notified Facebook but have not yet received a reply).

It is not uncommon for me to receive fake messages addressed to my domain but not acctually one of my emails. However the current notices reflecting messages sent from my account is more of a problem for me.

Detail scans from both Malwarebytes and bitdefender say all ok. Can you help?