I just wondering if before I post the logs there's a simple solution, for the last week or so I've been flooded with pop ups, and browser redirecs in firefox, luckily firefox stops pretty much all the pop ups, but I can go to a site, any site, and be told that literally hundreds or close to a thousand pop ups were stopped. So, it's not just one site.

What has surprised me is that it has persisted even after a system restore to two weeks ago. I also tried to recover by installing a hard drive backup from May 23rd with Acronis True Image. That was rather strange, it told me the backup was corrupted, by it proceeded to attempt to restore it anyway. I got to about 50 or 60% after several hours, then jumped to the end. it's still there, with either firefox or Chrome. I also tried reinstalling Firefox and scanning with Panda.

I generally don't believe in anti-malware programs anymore, especially ones that cost money, because I can use it and still be riddled with malware, I don't see why I should pay for that. I was also told (seems like I was lied to, that professional scanners like McAfee are updated every day, unlike AVG, but they aren't- they don't have updates for me everyday)

I believe that an ounce of prevention (backup) is much better than cure, fortunately, when the backup is corrupted, and I didn't take one shortly before then, I will have to use it- and make backups more often.

My friend received a call on her cell phone from a fake number listed as 1 (999) 999 9999. A few minutes later while she was on her laptop a dictionary app on her macbook opened on it's own and opened up a search for that same number.
She's very upset and worried she's gotten hacked and that someone is going through her computer. Has anyone heard of this before? If you have do you know how this happened or how to get rid of it?

Yesterday, the laptop that I use for keeping the score in cricket turned itself off 5 times. Each time it turned itself back on and when Windows had started up, there was an error on the screen saying that there was a problem with a script. The script had the word amazon in some sort of code but there were lots of other letters in it too. Then IE opened a number of times with a location on my hard drive in the address bar. To be honest, it hasn't happened yet today and the only difference is I'm not running the software for keeping the score in cricket. The software is called Total Cricket Scorer.

Here are the contents of the DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.111.2
Run by Alan Martin at 9:33:25 on 2017-06-18
Microsoft Windows 10 Home 10.0.14393.0.1252.44.1033.18.4008.1689 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antispyware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\SysWoW64\esif_uf.exe
C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\TCS 27\Total Cricket Scorer 9\TCScorer.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\splwow64.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN47B155FX05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [isa] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: amazon.co.uk
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{a7b1dbee-b732-44dd-8924-4f8f04f631d1} : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{c0d88801-57b1-40d1-b7f8-9f78cbe20b7d} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{c0d88801-57b1-40d1-b7f8-9f78cbe20b7d}\244584572653D245257525 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{c0d88801-57b1-40d1-b7f8-9f78cbe20b7d}\65D483735303532333 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{c0d88801-57b1-40d1-b7f8-9f78cbe20b7d}\C4573697723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{c0d88801-57b1-40d1-b7f8-9f78cbe20b7d}\D49502759464940293635424 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {104AA62D-D285-4BF9-87ED-CC68F20CDD0F} - C:\Program Files (x86)\Amazon\Amazon Assistant\AmazonAssistantTaskbar.exe /pin:
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {981b174d-7733-4e7f-b89d-6545a7c21838} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe /pin:
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\WINDOWS\System32\drivers\avc3.sys [2017-5-3 1612648]
R0 gzflt;gzflt;C:\WINDOWS\System32\drivers\gzflt.sys [2017-5-3 182944]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-12-10 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-10 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2017-5-3 128400]
R1 BDVEDISK;BDVEDISK;C:\WINDOWS\System32\drivers\bdvedisk.sys [2017-5-3 87912]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2016-4-18 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 Amazon Assistant Service;Amazon Assistant Service;C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [2017-2-28 102064]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2015-6-8 323152]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_40919;CDPUserSvc_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-6-12 48944]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
R2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
R2 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2016-12-22 77648]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2017-4-11 2572024]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2017-4-11 202488]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-24 238320]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2016-1-22 228216]
R2 DevMgmtService;Bitdefender Device Management Service;C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [2017-6-17 104096]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DpmLiteDrv;DpmLiteDrv;C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [2014-10-15 15080]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2016-4-18 1385640]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-3-16 321056]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-4-18 350312]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface;C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2015-4-21 174368]
R2 OneSyncSvc_40919;Sync Host_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
R2 ProductAgentService;ProductAgentService;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-4-27 1254736]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-4-18 307456]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2017-4-25 32728]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-18 246376]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [2017-5-3 218416]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 vsservp;Bitdefender Protected Service;C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [2017-5-3 524872]
R2 WavesSysSvc;Waves Audio Services;C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [2015-9-25 578480]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-5 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 avckf;avckf;C:\WINDOWS\System32\drivers\avckf.sys [2017-5-3 879600]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2017-4-11 32960]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2017-4-11 32568]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2016-4-18 19440]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-4-18 53752]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2016-4-18 261624]
R3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
R3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
R3 igfxLP;igfxLP;C:\WINDOWS\System32\drivers\igdkmd64lp.sys [2016-4-18 5864888]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-4-18 474360]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-2-26 330240]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2016-4-18 56936]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 TXEIx64;Intel(R) Trusted Execution Engine Interface ;C:\WINDOWS\System32\drivers\TXEIx64.sys [2015-6-26 146232]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S0 bdelam;bdelam;C:\WINDOWS\System32\drivers\bdelam.sys [2017-5-3 23672]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-18 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-2-26 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-7-13 610336]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-27 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-18 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2015-5-22 881152]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-14 64352]
S3 MessagingService_40919;MessagingService_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_40919;Contact Data_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-4-18 411712]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-27 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-4-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-5 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_40919;User Data Storage_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_40919;User Data Access_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-4-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-27 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_40919;Windows Push Notifications User Service_40919;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-4-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-10 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-18 07:22:00 -------- d-----w- C:\ProgramData\Dumps
2017-06-17 14:52:06 40344 ----a-w- C:\ProgramData\dm.update.1497710992.bdinstall.bin
2017-06-17 14:08:31 30359 ----a-w- C:\ProgramData\agent.update.1497708485.bdinstall.bin
2017-06-12 11:55:18 48944 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-06-12 11:52:44 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2017-06-12 11:52:44 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2017-06-12 11:52:44 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2017-06-05 15:12:18 24344832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2017-06-05 14:59:18 18412800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2017-05-31 22:56:59 -------- d-----w- C:\Users\Scorers\AppData\Local\UNP
2017-05-31 22:35:43 -------- d---a-w- C:\Program Files\UNP
2017-05-31 22:35:43 -------- d-----w- C:\WINDOWS\System32\UNP
2017-05-27 12:53:59 621056 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2017-05-27 12:40:17 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-05-27 12:39:14 8170600 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-05-27 12:37:59 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-05-27 12:36:59 913920 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2017-05-27 12:34:58 407552 ----a-w- C:\WINDOWS\System32\Windows.Internal.Management.dll
2017-05-27 12:33:52 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2017-05-27 12:32:24 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-05-27 12:32:23 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-05-27 12:32:22 967680 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2017-05-27 12:32:22 249856 ----a-w- C:\WINDOWS\System32\drivers\BthLEEnum.sys
.
==================== Find3M ====================
.
2017-06-17 18:56:37 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-05-31 22:41:58 1612648 ----a-w- C:\WINDOWS\System32\drivers\avc3.sys
2017-05-31 22:41:52 879600 ----a-w- C:\WINDOWS\System32\drivers\avckf.sys
2017-05-20 17:35:54 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-05-03 19:02:00 56405 ----a-w- C:\ProgramData\dm.1493838049.bdinstall.bin
2017-05-03 19:00:17 477134 ----a-w- C:\ProgramData\cl.1493837209.bdinstall.bin
2017-05-03 18:36:51 218907 ----a-w- C:\ProgramData\1493836489.bdinstall.bin
2017-05-03 18:36:37 532136 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:58:48 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:56 2048488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:45 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-04-28 00:53:16 7784288 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:49:56 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-28 00:49:33 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:54 781144 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:58 601952 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:39:15 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2017-04-28 00:38:20 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-04-28 00:38:12 2915704 ----a-w- C:\WINDOWS\System32\combase.dll
2017-04-28 00:38:08 847200 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-04-28 00:36:34 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-04-28 00:36:29 408600 ----a-w- C:\WINDOWS\System32\tsmf.dll
2017-04-28 00:35:22 1414208 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-04-28 00:35:20 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-04-28 00:35:06 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-04-28 00:35:06 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-04-28 00:35:05 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-04-28 00:35:03 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-04-28 00:35:01 596040 ----a-w- C:\WINDOWS\System32\mf.dll
2017-04-28 00:34:58 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-04-28 00:34:57 443232 ----a-w- C:\WINDOWS\System32\MMDevAPI.dll
2017-04-28 00:34:56 244824 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-04-28 00:34:45 1277824 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-04-28 00:34:25 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-04-28 00:34:21 4674360 ----a-w- C:\WINDOWS\explorer.exe
2017-04-28 00:34:09 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-04-28 00:30:17 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-04-28 00:30:11 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-04-28 00:29:28 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-04-28 00:28:48 387864 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-04-28 00:28:41 453536 ----a-w- C:\WINDOWS\System32\services.exe
2017-04-28 00:28:39 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-28 00:23:19 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-04-28 00:23:10 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-04-28 00:22:46 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-04-28 00:22:16 165376 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2017-04-28 00:21:41 27648 ----a-w- C:\WINDOWS\SysWow64\BthTelemetry.dll
2017-04-28 00:21:26 73728 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2017-04-28 00:21:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-04-28 00:20:50 44032 ----a-w- C:\WINDOWS\SysWow64\virtdisk.dll
2017-04-28 00:20:47 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-04-28 00:19:26 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-28 00:19:15 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2017-04-28 00:19:05 138240 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2017-04-28 00:18:43 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2017-04-28 00:18:37 255488 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-04-28 00:18:35 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-04-28 00:17:57 136192 ----a-w- C:\WINDOWS\SysWow64\WinRtTracing.dll
2017-04-28 00:17:50 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2017-04-28 00:17:36 95232 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2017-04-28 00:17:30 328192 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-04-28 00:17:01 142336 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
2017-04-28 00:16:36 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2017-04-28 00:16:31 392192 ----a-w- C:\WINDOWS\SysWow64\Windows.Gaming.Input.dll
2017-04-28 00:16:31 203776 ----a-w- C:\WINDOWS\SysWow64\credprovhost.dll
.
============= FINISH: 9:37:01.54 ===============

Attached Files

attach.txt (13.1 KB)

Hello, this is a message for Chemist. We were communicating to fix my machine and you asked me to run malware bytes.. I ran it and had to reboot. There was a second program you wanted me to run and when I restarted my computer the thread was gone??? Am I lost in cyber space? I just need the last message you sent me so I can properly run the two programs you asked me to run.

I have had a problem with my laptop for some months now and it is getting important that I fix it. If I try to connect to the internet using a wired connection Windows tells me I have no internet access and diagnostics says that the DNS resource cannot be contacted. Connection via wifi works fine (I'm using it now). I have spent many hours reading forum posts from sites claiming to address this issue; none have worked. The one explanation that I need to follow up is that I have a virus - hence this post.

some details:

Hardware is Lenovo Thinkpad SL500, about 8 years old, configured to dual boot Windows and Linux Mint 18 XFCE. Very surprisingly, the problem appears with both op.systems.

Windows is legitimate Win 7 64 bit with latest updates, via Automatic System Update

Primary use is for digitizing black vinyl music, with almost no internet access aside from getting music recording metadata (e.g. from discogs) and downloading a trial audio format conversion software. No antivirus software is installed, aside from Windows Defender. Windows Firewall is off.

In a previous incarnation, running single boot Win/XP, and then single boot Linux Mint, the laptop connected to the internet via a wired connection without problem and was used exclusively that way. I do not believe there is any problem with the LAN hardware in the laptop, as I am able to connect to the administration function of my router, via cable. I will also try a Live Linux CD to prove that I can get to the internet that way.

I have tried using fixed IPv4 addresses in place of DHCP. This does not solve the problem.

I am appending the DDS output here (by the way with the LAN connection enabled and the cable plugged in there is not 'internet conncetion' so I am unable to 'manage attachments' as required to attach the 'attach.txt' file; the cable has to be unplugged at the network connection disabled first):

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18698
Run by tony at 11:49:16 on 2017-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2483 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\tony\AppData\Local\Apps\2.0\5NJC97YM.H81\17OOJH3B.XL3\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: Interfaces\{292624BA-6F5A-41C2-ACF3-9AF176368CE8} : NameServer = 194.168.4.100,194.168.8.100
TCP: Interfaces\{6016C7F7-B83F-4287-93BD-A514B96B67DC} : DHCPNameServer = 194.168.4.100 194.168.8.100
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 v1.ff.avast.com
Hosts: 127.0.0.1 vlcproxy.ff.avast.com
.
============= SERVICES / DRIVERS ===============
.
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-2-7 1659592]
R3 FocusriteUSBSwRoot;USB Audio Root;C:\Windows\System32\drivers\FocusriteUSBSwRoot.sys [2017-2-2 92688]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2017-2-28 1668776]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S3 FocusriteUSB;Focusrite USB;C:\Windows\System32\drivers\FocusriteUSB.sys [2017-2-2 87056]
S3 FocusriteUSBAudio;Focusrite USB Audio;C:\Windows\System32\drivers\FocusriteUSBAudio.sys [2017-2-2 45072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-6-15 116224]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2017-2-25 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2017-2-2 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-24 09:43:52 -------- d-----w- C:\Users\tony\AppData\Local\ElevatedDiagnostics
2017-06-22 16:58:45 13020000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE83EBEF-7D9F-428B-A01D-C23D5F5A4467}\mpengine.dll
.
==================== Find3M ====================
.
2017-06-22 16:55:25 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-06-22 16:55:25 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-02 08:28:21 2317824 ----a-w- C:\Windows\System32\tquery.dll
2017-06-02 08:28:14 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-06-02 08:28:14 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-06-02 08:28:14 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-06-02 08:28:14 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-06-02 08:28:14 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-06-02 08:28:14 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-06-02 08:28:14 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-06-02 08:28:14 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-06-02 08:11:17 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-06-02 08:11:17 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-06-02 08:10:16 733696 ----a-w- C:\Windows\HelpPane.exe
2017-06-02 08:10:11 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-06-02 08:09:56 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-06-02 08:09:50 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-06-02 08:09:50 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-06-02 08:09:50 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-06-02 08:09:50 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-06-02 08:09:50 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-06-02 08:09:50 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-06-02 08:09:50 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-06-02 07:58:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-06-02 07:58:23 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-06-02 07:57:42 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-06-02 07:57:31 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-05-21 04:28:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-05-21 04:28:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-05-21 04:06:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-05-21 03:55:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-05-21 03:48:54 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-05-21 03:48:19 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-05-21 03:48:17 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-05-21 03:47:36 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-05-21 03:46:34 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-05-21 03:42:24 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-05-14 20:46:52 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-05-14 20:46:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-05-14 20:28:46 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-05-14 20:27:37 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-05-14 20:27:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-05-14 20:27:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-05-14 20:26:51 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-05-14 20:10:55 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-05-14 20:10:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-05-14 20:10:34 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-05-14 20:01:39 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-05-14 19:55:35 5975040 ----a-w- C:\Windows\System32\jscript9.dll
2017-05-14 19:48:14 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-05-14 19:47:32 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-05-14 19:37:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-05-14 19:23:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-05-14 19:22:36 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-05-14 19:22:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-05-14 19:22:10 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-05-14 19:21:04 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-05-14 19:18:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-05-14 19:17:59 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-05-14 19:11:03 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-05-14 19:10:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-05-14 18:57:57 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-05-14 18:57:09 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-05-14 18:52:12 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-05-14 18:44:07 4549120 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-05-14 18:39:09 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-05-14 18:38:51 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-05-14 18:15:06 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-05-12 18:27:25 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-05-12 18:26:17 706792 ----a-w- C:\Windows\System32\winload.efi
2017-05-12 18:26:16 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-05-12 18:26:13 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-05-12 18:24:12 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-05-12 18:07:05 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-05-12 18:07:05 3945704 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-05-12 18:07:02 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-05-12 18:04:45 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-05-12 17:55:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-05-12 17:54:55 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-05-12 17:54:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-05-12 17:52:29 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-05-12 17:51:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-05-12 17:50:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-05-12 17:46:24 112640 ----a-w- C:\Windows\System32\smss.exe
2017-05-12 17:43:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2017-05-12 17:41:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-05-12 17:41:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-05-12 17:41:48 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-05-12 17:41:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-05-12 17:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-05-12 17:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 17:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 17:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-05-12 16:25:40 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2017-05-12 15:58:45 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2017-05-12 15:58:45 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2017-05-10 15:33:50 91368 ----a-w- C:\Windows\System32\MigAutoPlay.exe
2017-05-10 15:29:56 98816 ----a-w- C:\Windows\System32\wudriver.dll
2017-05-10 15:29:56 3165184 ----a-w- C:\Windows\System32\wucltux.dll
2017-05-10 15:29:56 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-05-05 12:22:48 10766520 --sha-r- C:\Windows\SysWOW64\avcodec-lav-57.dll
2016-05-05 12:22:50 188088 --sha-r- C:\Windows\SysWOW64\avfilter-lav-6.dll
2016-05-05 12:22:54 1699000 --sha-r- C:\Windows\SysWOW64\avformat-lav-57.dll
2009-09-27 09:39:26 415744 --sh--w- C:\Windows\SysWOW64\avisynth.dll
2016-05-05 12:22:56 160440 --sha-r- C:\Windows\SysWOW64\avresample-lav-3.dll
2005-07-14 12:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
2016-05-05 12:23:00 556216 --sha-r- C:\Windows\SysWOW64\avutil-lav-55.dll
2004-02-22 10:11:08 764416 --sh--w- C:\Windows\SysWOW64\devil.dll
2004-01-25 00:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
2016-05-05 12:23:14 405176 --sha-r- C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2016-05-05 12:23:18 276152 --sha-r- C:\Windows\SysWOW64\libbluray.dll
2016-05-05 12:23:02 537784 --sha-r- C:\Windows\SysWOW64\swscale-lav-4.dll
2004-01-25 00:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH: 11:49:47.02 ===============

Attached Files

attach.txt (5.9 KB)

Problem described in detail:
Not sure if I have a virus; windows defender quick scan says all good.
Potential liabilities: 1. I've been trying to make a touchscreen work on a Thinkpad Tablet 2 and have been visiting a lot of websites I otherwise wouldn't looking for possible solutions, downloads. 2. I allowed my daughter to use the laptop Friday evening to play Cards Against Humanity and I know she loaded card packs with it to start a few games.
What I noticed and when: At approx noon today, I sat down to play Microsoft Solitaire tournament. I was listening to headphones playing music from Foobar2000. I noticed my screen was very light, to the point some of the icons were disappearing. I attempted to dim it and wasn't satisfied with the results. I restarted Windows. Upon restart, laptop was running unusually slow. I opened Task Manager and noted a process running called AM_Delta_patch_(didn't catch version). It was unfamiliar and I ended the process and immediately opened firefox to search to see if this was a recognized process. I had started to delete an old file backup just before that from an SD card so the card could be used for memory, since memory seemed to be running low. I ran a windows defender quick scan that was uneventful, noticed a folder with a recent modified date "IntelGraphicsProfiles" under my username with three 8-kb files each ending in video.man.igpi, waited for the SD card to finish it's purge and set about running the requested reports for this forum. I'm not sure if anything is amiss or not.

Thanks in advance for any assistance.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.17443 BrowserJavaVersion: 11.131.2
Run by Jessica at 13:27:36 on 2017-06-25
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.3914.2195 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\LPlatSvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\WINDOWS\system32\LPlatSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Users\Jessica\Downloads\RealTemp_370\RealTemp.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://lenovo13-comm.msn.com
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [Amazon Music] "C:\Users\Jessica\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Conime] C:\WINDOWS\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PowerDVD17Agent] "C:\Program Files (x86)\CyberLink\PowerDVD17\PowerDVD17Agent.exe"
StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
Trusted Zone: facebook.com
Trusted Zone: facebook.net
Trusted Zone: fb.com
Trusted Zone: fbcdn.net
Trusted Zone: fbsbx.com
Trusted Zone: microsoft.com
DPF: {D9305048-DD6B-4EDF-8706-096EBE24E1D7} - hxxp://192.168.1.18/IPCWeb.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5e164b0f-c553-4c65-bdfa-4838c5fe3789} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5e164b0f-c553-4c65-bdfa-4838c5fe3789}\83434374D213 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5e164b0f-c553-4c65-bdfa-4838c5fe3789}\E45445745414252393 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-9 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-9 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-10 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-4-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-9 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-4-10 8192]
R1 MpKsl0b7fc6a5;MpKsl0b7fc6a5;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D15738A0-B71F-42BC-B919-5FF17681A729}\MpKsl0b7fc6a5.sys [2017-6-25 44928]
R1 MpKsl7236a6ee;MpKsl7236a6ee;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C0D1C34-610F-42C6-88D6-1422CD1A40B3}\MpKsl7236a6ee.sys [2017-6-24 44928]
R2 {A14A8EF6-B11D-4356-9ECC-4B937E6CC626};Power Control [2017/06/11 10:23:51];C:\Program Files (x86)\CyberLink\PowerDVD17\Common\NavFilter\000.fcl [2017-6-11 38168]
R2 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-9 39856]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-4-16 4122816]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-9 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-9 39856]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-4-10 328608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2016-4-13 407016]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-12-11 780152]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2017-4-17 117320]
R2 LPlatSvc;Lenovo Platform Service;C:\WINDOWS\System32\LPlatSvc.exe [2016-11-1 711256]
R2 NitroReaderDriverReadSpool5;NitroPDFReaderDriverCreatorReadSpool5;C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [2016-8-2 327328]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-9 61952]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-6-8 259176]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-9 39856]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2017-4-17 133712]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-9 119648]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2017-4-11 199472]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-9 39856]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 39480]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-9 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-9 20992]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-11-10 273040]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-9 214016]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-11-10 51296]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-9 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-4-10 362928]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Jessica\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]
R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [2016-7-22 49896]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-9 214016]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-9 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-9 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-9 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-9 39856]
S3 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2013-9-4 2278152]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2015-7-9 165376]
S3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2015-7-9 36864]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-9 39856]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-4-10 238080]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2017-4-11 214328]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-4-10 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-9 116736]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-9 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-9 39856]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-4-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-9 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-9 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-9 424800]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2016-1-28 169752]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\WINDOWS\System32\drivers\ICCWDT.sys [2015-9-24 38680]
S3 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2015-11-10 2457232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2017-5-9 117248]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-7-29 50232]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-9 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-9 26624]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2015-6-17 87696]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2015-6-17 23184]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-9 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-9 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-9 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-9 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-9 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-9 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2017-4-10 56336]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-9 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-9 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-9-10 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 RwDrv;RwDrv;C:\WINDOWS\System32\drivers\RwDrv.sys [2017-5-24 21760]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-4-10 1031680]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-9 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-9 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-10 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-9 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-9 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-9-10 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-9 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-9 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-9 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-9 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-9 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-9 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-9 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-9 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-9 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-9 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-9 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-9 39856]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-11-12 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-4-10 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-9 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-9 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-9 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-9 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-9 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-9 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-9 25600]
S4 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-9 39856]
S4 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-9 39856]
S4 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-9 39856]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-25 17:09:35 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D15738A0-B71F-42BC-B919-5FF17681A729}\MpKsl0b7fc6a5.sys
2017-06-25 17:06:05 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D15738A0-B71F-42BC-B919-5FF17681A729}\mpengine.dll
2017-06-25 17:01:48 16148 ----a-w- C:\WINDOWS\System32\TWISTED_Jessica_HistoryPrediction.bin
2017-06-25 04:33:07 44928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C0D1C34-610F-42C6-88D6-1422CD1A40B3}\MpKsl7236a6ee.sys
2017-06-25 04:32:28 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-22 19:38:21 -------- d-----w- C:\Program Files (x86)\OverDrive for Windows
2017-06-22 04:16:38 54728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\pingsender.exe
2017-06-20 18:33:42 -------- d--h--w- C:\$Windows.~WS
2017-06-19 03:45:43 -------- d-----w- C:\Users\Jessica\AppData\Roaming\HandBrake
2017-06-19 03:45:07 -------- d-----w- C:\Program Files\HandBrake
2017-06-13 21:47:59 652864 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2017-06-11 15:22:56 -------- d-----w- C:\ProgramData\PDVD
2017-06-11 15:22:47 -------- d-----w- C:\Program Files (x86)\NSIS Uninstall Information
2017-06-11 15:22:26 -------- d-----w- C:\Users\Jessica\AppData\Local\CyberLink
2017-06-11 15:19:42 -------- d-----w- C:\ProgramData\SUPPORTDIR
2017-06-11 15:19:42 -------- d-----w- C:\ProgramData\install_clap
2017-06-11 15:19:42 -------- d-----w- C:\ProgramData\install_backup
2017-06-11 07:44:03 -------- d-----w- C:\Users\Jessica\AppData\Local\stalefiles
2017-06-11 07:44:00 -------- d-----w- C:\Users\Jessica\AppData\Local\RecentDocuments
2017-06-11 07:43:15 -------- d-----w- C:\Users\Jessica\AppData\Local\cache
2017-06-11 07:41:21 -------- d-----w- C:\Users\Jessica\AppData\Local\mime
2017-06-11 07:41:12 -------- d-----w- C:\Users\Jessica\AppData\Local\kdenlive
2017-06-11 07:41:07 -------- d-----w- C:\Users\Jessica\AppData\Roaming\kdenlive
2017-06-10 17:40:32 448712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-06-10 17:39:36 28352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-06-10 17:32:12 207048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-06-10 16:27:42 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{719FA492-ADF2-474F-9F93-6AAD939CD36A}\gapaengine.dll
2017-06-08 18:49:45 292960 ----a-w- C:\WINDOWS\System32\SynTPCo34-11.dll
2017-06-02 06:20:50 -------- d-sh--w- C:\Recovery
2017-06-02 02:28:21 -------- d--h--w- C:\$WINDOWS.~BT
2017-06-01 12:17:22 -------- d-----w- C:\ProgramData\BlueStacks
.
==================== Find3M ====================
.
2017-06-17 05:59:10 48424 ----a-w- C:\WINDOWS\System32\drivers\nuidfltr.sys
2017-06-04 16:36:15 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2017-06-03 13:44:41 605472 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 13:44:35 2463704 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-06-03 13:44:08 123744 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 13:43:22 3467784 ----a-w- C:\WINDOWS\System32\WSService.dll
2017-06-03 13:42:28 1538176 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 13:41:26 552288 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2017-06-03 13:41:07 8011616 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-03 13:40:48 2816024 ----a-w- C:\WINDOWS\System32\WpcMon.exe
2017-06-03 13:39:29 2495776 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 13:37:59 335248 ----a-w- C:\WINDOWS\System32\wintrust.dll
2017-06-03 13:36:59 2156400 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
2017-06-03 13:35:05 388896 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-06-03 13:34:24 1979744 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 13:33:48 807832 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-03 13:32:59 1584576 ----a-w- C:\WINDOWS\System32\gdi32.dll
2017-06-03 13:29:01 243760 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-06-03 13:15:10 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-06-03 13:04:50 801632 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 13:03:18 252768 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-06-03 13:02:55 724168 ----a-w- C:\WINDOWS\System32\SHCore.dll
2017-06-03 13:01:40 6525424 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2017-06-03 13:00:16 658568 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2017-06-03 13:00:13 1134800 ----a-w- C:\WINDOWS\System32\ClipUp.exe
2017-06-03 12:58:40 1361448 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2017-06-03 12:57:57 2153296 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2017-06-03 12:54:38 439648 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-06-03 12:52:48 1766488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 12:51:08 264968 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2017-06-03 12:50:21 1895576 ----a-w- C:\WINDOWS\SysWow64\hevcdecoder.dll
2017-06-03 12:43:25 1813408 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-06-03 12:37:42 224712 ----a-w- C:\WINDOWS\System32\policymanager.dll
2017-06-03 12:35:48 379224 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 12:35:00 613120 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 12:21:15 116064 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 12:19:32 984448 ----a-w- C:\WINDOWS\System32\ucrtbase.dll
2017-06-03 12:16:57 700256 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 12:14:27 565656 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2017-06-03 11:53:47 185952 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2017-06-03 11:52:01 316256 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 11:51:32 545400 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 11:47:05 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2017-06-03 11:44:01 290304 ----a-w- C:\WINDOWS\System32\oemlicense.dll
2017-06-03 11:36:38 901264 ----a-w- C:\WINDOWS\SysWow64\ucrtbase.dll
2017-06-03 11:31:46 446976 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2017-06-03 11:28:08 260096 ----a-w- C:\WINDOWS\System32\wpr.exe
2017-06-03 11:24:14 2902528 ----a-w- C:\WINDOWS\System32\CertEnroll.dll
2017-06-03 11:23:58 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2017-06-03 11:23:43 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2017-06-03 11:23:28 596992 ----a-w- C:\WINDOWS\System32\msvcp_win.dll
2017-06-03 11:22:23 995840 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-03 11:21:55 456704 ----a-w- C:\WINDOWS\System32\certcli.dll
2017-06-03 11:18:02 31232 ----a-w- C:\WINDOWS\System32\odbcconf.dll
2017-06-03 11:17:16 324096 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-06-03 11:17:11 183808 ----a-w- C:\WINDOWS\System32\WSSync.dll
2017-06-03 11:16:46 1123840 ----a-w- C:\WINDOWS\System32\NaturalLanguage6.dll
2017-06-03 11:16:25 963072 ----a-w- C:\WINDOWS\System32\WSShared.dll
2017-06-03 11:15:29 3793408 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2017-06-03 11:12:10 371712 ----a-w- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
2017-06-03 11:11:13 4847616 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2017-06-03 11:09:47 209920 ----a-w- C:\WINDOWS\SysWow64\oemlicense.dll
2017-06-03 11:07:51 893440 ----a-w- C:\WINDOWS\System32\MbaeApiPublic.dll
2017-06-03 11:07:16 814592 ----a-w- C:\WINDOWS\System32\provcore.dll
2017-06-03 11:03:33 345088 ----a-w- C:\WINDOWS\System32\eappcfg.dll
2017-06-03 11:03:33 326656 ----a-w- C:\WINDOWS\System32\eapp3hst.dll
2017-06-03 11:03:31 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2017-06-03 11:03:28 279040 ----a-w- C:\WINDOWS\System32\eapphost.dll
2017-06-03 11:03:23 107008 ----a-w- C:\WINDOWS\System32\eappgnui.dll
2017-06-03 11:02:42 147456 ----a-w- C:\WINDOWS\System32\iassvcs.dll
2017-06-03 11:02:31 322560 ----a-w- C:\WINDOWS\System32\unimdm.tsp
2017-06-03 11:00:55 328704 ----a-w- C:\WINDOWS\SysWow64\MapConfiguration.dll
2017-06-03 10:55:34 2599424 ----a-w- C:\WINDOWS\SysWow64\CertEnroll.dll
2017-06-03 10:55:21 1823232 ----a-w- C:\WINDOWS\SysWow64\InputService.dll
2017-06-03 10:55:05 420352 ----a-w- C:\WINDOWS\SysWow64\GamePanel.exe
2017-06-03 10:54:55 451584 ----a-w- C:\WINDOWS\SysWow64\msvcp_win.dll
2017-06-03 10:53:51 338944 ----a-w- C:\WINDOWS\SysWow64\certcli.dll
2017-06-03 10:50:16 25600 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-06-03 10:49:35 247808 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-06-03 10:49:30 153088 ----a-w- C:\WINDOWS\SysWow64\WSSync.dll
2017-06-03 10:49:14 846848 ----a-w- C:\WINDOWS\SysWow64\NaturalLanguage6.dll
2017-06-03 10:48:55 806912 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2017-06-03 10:47:12 6791680 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-03 10:44:25 3873280 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2017-06-03 10:43:50 573952 ----a-w- C:\WINDOWS\System32\vbscript.dll
2017-06-03 10:41:51 584704 ----a-w- C:\WINDOWS\SysWow64\provcore.dll
2017-06-03 10:41:45 671232 ----a-w- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
2017-06-03 10:41:06 2839040 ----a-w- C:\WINDOWS\System32\Wpc.dll
2017-06-03 10:40:18 2253824 ----a-w- C:\WINDOWS\System32\WpcWebSync.dll
2017-06-03 10:39:10 799232 ----a-w- C:\WINDOWS\System32\wpccpl.dll
2017-06-03 10:39:06 215040 ----a-w- C:\WINDOWS\SysWow64\eapphost.dll
2017-06-03 10:39:01 279552 ----a-w- C:\WINDOWS\SysWow64\eappcfg.dll
2017-06-03 10:38:56 92160 ----a-w- C:\WINDOWS\SysWow64\eappgnui.dll
2017-06-03 10:38:48 243712 ----a-w- C:\WINDOWS\SysWow64\eapp3hst.dll
2017-06-03 10:38:22 281600 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-06-03 10:36:47 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2017-06-03 10:33:10 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2017-06-03 10:33:02 5448704 ----a-w- C:\WINDOWS\System32\aclui.dll
2017-06-03 10:28:37 110080 ----a-w- C:\WINDOWS\System32\IdCtrls.dll
2017-06-03 10:27:14 5163520 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
.
============= FINISH: 13:28:47.14 ===============

Attached Files

attach.txt (10.2 KB)

Hello,

I am running WIndows 7, SP1, 64 bit on a Dell laptop. I am using this at my work to share programs for my shop. I did not have malware or AV software on this machine because nobody uses it for the internet, but it is infected now. It has a 140 gig hard drive, and i noticed it was full. These shared files are all very small in size, and no way this drive should be filled. I noticed that over 100 gigs was in the c:\windows directory. And then i saw a SysWOW64 directory created also - i assume that is part of the problem. All assistance is greatly appreciated. Thanks.

Rudi

DDS below

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18698
Run by MOH at 9:22:41 on 2017-06-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3958.940 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{45D9FB8C-4D04-42CB-BC83-FEC37DB4822D} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{EAD7B3A8-1DB8-407C-AAF3-55070211396D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAD7B3A8-1DB8-407C-AAF3-55070211396D}\2716D607275636963796F6E62726 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-4-1 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R1 MpKsl573246cb;MpKsl573246cb;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C8D4216-2EF6-49FA-AA43-BEE821E9B5EE}\MpKsl573246cb.sys [2017-6-23 44928]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2015-4-1 509104]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-6-14 116224]
S3 MDNCService;Multi-DNC Service;C:\Windows\SysWOW64\MDNCService.exe [2015-6-25 118784]
S3 NLSService;Spectrum License Manager;C:\Windows\SysWOW64\NLSService.exe --> C:\Windows\SysWOW64\NLSService.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-24 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2015-3-24 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-3-24 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-25 1255736]
.
=============== Created Last 30 ================
.
2017-06-23 11:34:16 44928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C8D4216-2EF6-49FA-AA43-BEE821E9B5EE}\MpKsl573246cb.sys
2017-06-23 11:33:46 13020000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C8D4216-2EF6-49FA-AA43-BEE821E9B5EE}\mpengine.dll
2017-06-19 11:25:27 13020000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-06-15 02:31:14 5975040 ----a-w- C:\Windows\System32\jscript9.dll
2017-06-15 02:31:14 4549120 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-06-15 02:31:13 4296704 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2017-06-15 02:31:13 3550208 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2017-06-15 02:31:09 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-06-15 02:31:09 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-06-13 12:35:32 1078240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5889BA58-66CE-4E4C-AA53-A9C044B39708}\gapaengine.dll
.
==================== Find3M ====================
.
2017-06-02 08:28:21 2317824 ----a-w- C:\Windows\System32\tquery.dll
2017-06-02 08:28:14 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-06-02 08:28:14 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-06-02 08:28:14 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-06-02 08:28:14 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-06-02 08:28:14 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-06-02 08:28:14 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-06-02 08:28:14 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-06-02 08:28:14 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-06-02 08:11:17 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-06-02 08:11:17 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-06-02 08:10:16 733696 ----a-w- C:\Windows\HelpPane.exe
2017-06-02 08:10:11 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-06-02 08:09:56 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-06-02 08:09:50 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-06-02 08:09:50 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-06-02 08:09:50 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-06-02 08:09:50 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-06-02 08:09:50 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-06-02 08:09:50 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-06-02 08:09:50 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-06-02 07:58:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-06-02 07:58:23 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-06-02 07:57:42 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-06-02 07:57:31 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-05-30 20:45:51 565416 ------w- C:\Windows\System32\MpSigStub.exe
2017-05-21 04:28:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-05-21 04:28:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-05-21 04:06:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-05-21 03:55:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-05-21 03:48:54 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-05-21 03:48:19 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-05-21 03:48:17 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-05-21 03:47:36 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-05-21 03:46:34 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-05-21 03:42:24 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-05-14 20:46:52 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-05-14 20:46:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-05-14 20:28:46 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-05-14 20:27:37 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-05-14 20:27:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-05-14 20:27:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-05-14 20:26:51 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-05-14 20:10:55 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-05-14 20:10:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-05-14 20:10:34 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-05-14 20:01:39 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-05-14 19:48:14 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-05-14 19:47:32 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-05-14 19:37:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-05-14 19:23:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-05-14 19:22:36 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-05-14 19:22:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-05-14 19:22:10 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-05-14 19:21:04 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-05-14 19:18:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-05-14 19:17:59 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-05-14 19:11:03 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-05-14 19:10:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-05-14 18:57:57 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-05-14 18:57:09 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-05-14 18:39:09 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-05-14 18:38:51 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-05-12 18:27:25 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-05-12 18:26:17 706792 ----a-w- C:\Windows\System32\winload.efi
2017-05-12 18:26:16 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-05-12 18:26:13 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-05-12 18:24:12 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-05-12 18:07:05 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-05-12 18:07:05 3945704 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-05-12 18:07:02 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-05-12 18:04:45 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-05-12 17:55:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-05-12 17:54:55 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-05-12 17:54:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-05-12 17:52:29 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-05-12 17:51:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-05-12 17:50:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-05-12 17:46:24 112640 ----a-w- C:\Windows\System32\smss.exe
2017-05-12 17:43:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2017-05-12 17:41:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-05-12 17:41:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-05-12 17:41:48 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-05-12 17:41:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-05-12 17:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-05-12 17:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 17:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 17:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-05-12 16:25:40 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2017-05-12 15:58:45 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2017-05-12 15:58:45 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2017-05-10 15:33:50 91368 ----a-w- C:\Windows\System32\MigAutoPlay.exe
2017-05-10 15:29:56 98816 ----a-w- C:\Windows\System32\wudriver.dll
2017-05-10 15:29:56 3165184 ----a-w- C:\Windows\System32\wucltux.dll
2017-05-10 15:29:56 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2017-05-10 15:29:40 1867776 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2017-05-10 15:28:08 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2017-05-10 15:16:55 91368 ----a-w- C:\Windows\SysWow64\MigAutoPlay.exe
2017-05-10 15:13:13 37888 ----a-w- C:\Windows\System32\wuapp.exe
2017-05-10 15:13:06 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
.
============= FINISH: 9:23:06.39 ===============

Attached Files

attach.txt (30.2 KB)

Happy Friday everyone!

My daughter has been having unprotected surf. Her father gave her this computer without adequate protection because he doesn't believe in computer security! I installed and ran malwarebytes and ran the eset online scanner multiple times. They each found content the first time and quarantined. Windows Updates are failing to complete and the machine is glitchy to the point of aggravation. I posted earlier this evening but it has not shown up so I apologize if this is a double posting.

Please let me know what more I need to supply and thank you in advance for your assistance.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.131.2
Run by eliza at 17:40:38 on 2017-06-30
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.4000.1048 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\eliza\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowersoftAndroidDaemon.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWOW64\netstat.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=7051_33220005005_4.30.418452.227_u_hp
uLocal Page = %11%\blank.htm
mStart Page = Google
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\eliza\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [ApowerMirror] C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe /autoStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{27a08386-2875-4f31-9db4-a2309f7b6b48} : DHCPNameServer = 172.51.1.171
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde} : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\14454554D45376842614 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\2375942554333363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\3457C667562737 : DHCPNameServer = 216.185.192.38 216.185.192.43
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\7416C6168797F535F5949494F513739323 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\75F4751273736303 : DHCPNameServer = 64.233.207.8 64.233.207.9
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\eliza\AppData\Roaming\Mozilla\Firefox\Profiles\td454u8p.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: keyword.URL - true
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\NPRobloxProxy.dll
FF - plugin: C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\NPRobloxProxy64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-9-9 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-12-23 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-8 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-12-23 227328]
R1 CFRMD;CFRMD;C:\WINDOWS\System32\drivers\CFRMD.sys [2014-12-25 40224]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-9-9 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 MpKsl2ad48e8a;MpKsl2ad48e8a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\MpKsl2ad48e8a.sys [2017-6-30 44928]
R1 MpKsl87773a32;MpKsl87773a32;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53DCD2C3-C45A-442D-89E8-78CD0D076671}\MpKsl87773a32.sys [2017-6-29 44928]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-9-9 2286872]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_7c648;CDPUserSvc_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
R2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
R2 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2016-12-22 77648]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-9-11 2574168]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-9-11 201560]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-23 238320]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-6-7 382456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 OneSyncSvc_7c648;Sync Host_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-9-19 298200]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-9-30 21160]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-2-16 263264]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-8 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-9-9 199472]
R3 BCMWL63A;Broadcom 802.11 Network Adapter Driver;C:\WINDOWS\System32\drivers\bcmwl63a.sys [2015-9-9 11767552]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-12 249856]
R3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-9-9 223040]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2015-9-9 48984]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2015-9-11 32464]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2015-9-11 24240]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2015-9-9 19440]
R3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
R3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_7c648;Contact Data_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-3-20 896744]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2015-9-9 66136]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_7c648;User Data Storage_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_7c648;User Data Access_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-17 719872]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-12 347320]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-5-31 4470736]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-12-23 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-2-14 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-12-23 64352]
S3 MessagingService_7c648;MessagingService_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-9-9 402136]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-12 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-17 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-2-14 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-8 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_7c648;Windows Push Notifications User Service_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-17 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-8 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-30 22:13:03 -------- d-----w- C:\628b0750988f5b8a999fae
2017-06-30 21:57:32 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\MpKsl2ad48e8a.sys
2017-06-30 21:48:35 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\mpengine.dll
2017-06-30 04:05:11 44928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53DCD2C3-C45A-442D-89E8-78CD0D076671}\MpKsl87773a32.sys
2017-06-30 03:53:45 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-30 00:36:37 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23502A09-A03C-4347-81D5-3DF9C59EE1B4}\gapaengine.dll
2017-06-04 22:00:13 -------- d-----w- C:\Users\eliza\AppData\Local\ESET
2017-06-04 15:11:14 -------- d-----w- C:\ProgramData\ece49eea-ff7b-48e1-808a-1dd641e64837
2017-06-01 04:40:09 188312 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-06-01 04:39:54 93600 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-06-01 04:39:54 113592 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-06-01 04:39:48 44960 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-06-01 04:39:44 252832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-06-01 04:39:36 77376 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-06-01 04:39:24 -------- d-----w- C:\ProgramData\Malwarebytes
2017-06-01 04:39:24 -------- d-----w- C:\Program Files\Malwarebytes
2017-06-01 04:15:16 -------- d-----w- C:\WINDOWS\Microsoft Antimalware
2017-06-01 00:09:34 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2017-05-31 22:45:31 -------- d--h--w- C:\BOXRoot
.
==================== Find3M ====================
.
2017-06-30 21:46:15 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-01 00:55:20 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-05-31 22:24:56 9133056 ----a-w- C:\WINDOWS\SysWow64\ccav_installer.exe
2017-05-27 05:04:31 110144 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
2017-05-27 05:04:31 110144 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2017-05-27 05:03:40 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2017-05-09 22:19:56 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-29 00:59:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-29 00:59:37 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:58:48 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:56 2048488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:45 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-04-28 00:53:16 7784288 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:49:56 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-28 00:49:33 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:54 781144 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:58 601952 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:39:15 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2017-04-28 00:38:20 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-04-28 00:38:12 2915704 ----a-w- C:\WINDOWS\System32\combase.dll
2017-04-28 00:38:08 847200 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-04-28 00:36:34 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-04-28 00:36:29 408600 ----a-w- C:\WINDOWS\System32\tsmf.dll
2017-04-28 00:35:22 1414208 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-04-28 00:35:20 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-04-28 00:35:14 8170600 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-04-28 00:35:06 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-04-28 00:35:06 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-04-28 00:35:05 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-04-28 00:35:03 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-04-28 00:35:01 596040 ----a-w- C:\WINDOWS\System32\mf.dll
2017-04-28 00:34:58 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-04-28 00:34:57 443232 ----a-w- C:\WINDOWS\System32\MMDevAPI.dll
2017-04-28 00:34:56 244824 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-04-28 00:34:45 1277824 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-04-28 00:34:25 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-04-28 00:34:21 4674360 ----a-w- C:\WINDOWS\explorer.exe
2017-04-28 00:34:09 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-04-28 00:30:17 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-04-28 00:30:11 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-04-28 00:29:28 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-04-28 00:28:48 387864 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-04-28 00:28:41 453536 ----a-w- C:\WINDOWS\System32\services.exe
2017-04-28 00:28:39 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-28 00:23:19 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-04-28 00:23:10 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-04-28 00:22:46 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-04-28 00:22:16 165376 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2017-04-28 00:21:41 27648 ----a-w- C:\WINDOWS\SysWow64\BthTelemetry.dll
2017-04-28 00:21:26 73728 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2017-04-28 00:21:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-04-28 00:20:50 44032 ----a-w- C:\WINDOWS\SysWow64\virtdisk.dll
2017-04-28 00:20:47 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-04-28 00:19:26 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-28 00:19:15 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2017-04-28 00:19:05 138240 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2017-04-28 00:18:43 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2017-04-28 00:18:37 255488 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-04-28 00:18:35 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-04-28 00:17:57 136192 ----a-w- C:\WINDOWS\SysWow64\WinRtTracing.dll
2017-04-28 00:17:50 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2017-04-28 00:17:36 95232 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2017-04-28 00:17:30 328192 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-04-28 00:17:01 142336 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
2017-04-28 00:16:36 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
.
============= FINISH: 17:42:27.62 ===============

Attached Files

attach.txt (7.2 KB)

Hi,

I accidentally clicked on a website (oakthreestudios.com/), this is what is says at the google search page: :banghead::banghead::banghead:

You'r website hacked by Talleryrand Ayyildiz.org [ Ayyildiz.org //Talleryrand ] [ Hacked ]. I'M HERE I'M Talleryrand Tarihine bak. T¨¹rk Milletine karsı isyanın sonu ...

Any cause of concerns? Will my laptop be infected with virus? I close the website immediately but scanned my laptop using Trend Micro Max Security but it did not found anything suspicious? Can I take it that everything is okay?

Thank you so much, I’m an IT noob so any advices are much appreciated.

Hi,
The problem is that my Acer PC laptop has got very slow over the last few weeks.

- The issue started mainly with MS Word which was shutting down several times with message: 'there was a problem sending the command to the program'
- in the last 2 weeks this message has not appeared but I still find MS Wrod is the slowest program.
- I only use less than 25% of the hard drive capacity.
- Live Updater with 1 software update has not been able to install for more than 1 year, keeps failing - the update is Intel VGA Driver
- I use CCleaner to clean files and registry
- I recently started using Speed It Up Free, but not much difference.
- 90-95% of my personal data is stored on an external hard drive.

I look forward to your guidance.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by gpuri at 22:13:25 on 2017-06-29
Microsoft Windows 10 Home 10.0.14393.0.1252.61.1033.18.1861.784 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\ChgService.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\WINDOWS\system32\igfxext.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\RadioController\RfBtnHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer13.msn.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [Spotify Web Helper] "C:\Users\gpuri\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\gpuri\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Wallpaper Master] C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
uRun: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{149ba74b-163a-42e0-9691-79e8ca0b7425} : DHCPNameServer = 151.236.18.156 8.8.8.8
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\2516B656378602055727962E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\255646D696 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4456F60224167686 : DHCPNameServer = 192.168.1.251
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4556C63747271602149627 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\5446765677963756D223 : DHCPNameServer = 10.10.200.9
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\64F6E60275966496 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\84246505C4 : DHCPNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\8507562796160234F583569366 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\E4567745F6C44555 : DHCPNameServer = 131.172.2.2 131.172.4.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-1-4 645952]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-3 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-30 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 MpKslb3c06ab7;MpKslb3c06ab7;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys [2017-6-28 44928]
R1 mwlPSDFilter;mwlPSDFilter;C:\WINDOWS\System32\drivers\mwlPSDFilter.sys [2012-11-30 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\WINDOWS\System32\drivers\mwlPSDNserv.sys [2012-11-30 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\WINDOWS\System32\drivers\mwlPSDVDisk.sys [2012-11-30 62776]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 Change Modem Device Service;Change Modem Device Service;C:\ProgramData\ChgService.exe [2014-6-10 114688]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-13 350544]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-10-16 144072]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-4 165760]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2015-10-14 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-11-3 259136]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-5 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\drivers\bScsiSDa.sys [2012-8-14 70744]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-10-23 658064]
R3 ETD;ELAN Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2015-10-16 525512]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-11-30 342528]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2016-7-16 446464]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2013-1-4 26736]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-30 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-12 174160]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 ggflt;SOMC USB Flash Driver Filter;C:\WINDOWS\System32\drivers\ggflt.sys [2014-9-16 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\WINDOWS\System32\drivers\ggsomc.sys [2014-9-16 30424]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-15 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-13 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-5 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-17 719872]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-17 258560]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-3 43520]
.
=============== Created Last 30 ================
.
2017-06-28 13:22:47 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-28 13:18:20 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys
2017-06-28 11:11:59 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\mpengine.dll
2017-06-27 10:02:57 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-25 00:39:26 503808 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll
2017-06-25 00:39:18 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-25 00:39:15 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-25 00:39:11 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-25 00:39:10 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-25 00:39:09 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-25 00:39:05 773120 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2017-06-25 00:39:05 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-25 00:39:05 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-25 00:39:05 1988096 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2017-06-25 00:39:01 2997760 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-06-25 00:39:00 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-24 12:16:19 -------- d-----w- C:\Program Files (x86)\Driver Detective
2017-06-24 12:00:50 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2017-06-24 12:00:50 3403264 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-06-24 12:00:49 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-06-24 12:00:49 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-24 11:59:07 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2017-06-24 11:57:53 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-24 11:57:43 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-24 11:57:42 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-24 11:57:41 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll
2017-06-24 11:57:41 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-24 11:57:40 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-06-24 11:57:38 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-06-24 11:57:37 8125440 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-06-24 11:57:37 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-24 11:57:31 2510848 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2017-06-24 11:56:11 834048 ----a-w- C:\WINDOWS\System32\win32spl.dll
2017-06-24 11:56:11 1131008 ----a-w- C:\WINDOWS\System32\localspl.dll
2017-06-24 11:56:08 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-24 11:56:08 100864 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2017-06-24 11:56:05 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-24 11:56:04 38752 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-06-24 11:54:50 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-24 11:54:22 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-24 11:54:14 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-24 11:54:01 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-24 11:53:41 351744 ----a-w- C:\WINDOWS\System32\hnetcfg.dll
2017-06-24 11:53:26 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-24 11:53:23 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-24 11:53:13 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-24 11:53:12 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-24 11:53:12 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-24 11:53:11 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-24 11:51:09 856064 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-06-24 11:51:08 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-24 11:51:01 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-24 11:50:56 2475520 ----a-w- C:\WINDOWS\System32\DWrite.dll
2017-06-24 11:50:55 1845248 ----a-w- C:\WINDOWS\System32\FntCache.dll
2017-06-24 11:50:26 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-24 11:50:25 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-24 11:50:13 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-24 11:44:05 886784 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2017-06-24 11:44:05 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-24 11:44:04 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-24 11:44:04 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-24 11:44:04 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-24 11:44:03 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-24 11:43:55 1418240 ----a-w- C:\WINDOWS\System32\certutil.exe
2017-06-24 11:42:59 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-24 11:41:02 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-24 11:41:02 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-24 11:41:02 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-24 11:41:00 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-24 11:41:00 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-24 11:40:49 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-24 11:40:49 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-24 11:40:40 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-24 11:40:40 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-24 11:40:16 64512 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2017-06-24 11:39:11 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-24 11:39:11 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-24 11:39:11 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-24 11:39:10 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-24 10:54:29 -------- d-----w- C:\Program Files (x86)\Display
2017-06-24 10:22:16 -------- d-----w- C:\Program Files (x86)\Display Offer
2017-06-24 10:20:42 -------- d---a-w- C:\Program Files (x86)\SpeedItup Free
2017-06-24 10:20:42 -------- d-----w- C:\WINDOWS\SpeedItup Free
2017-06-24 10:04:42 -------- d-----w- C:\Users\gpuri\AppData\Local\The_PC_Optimizer
2017-06-11 08:24:51 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{458C275B-7C3C-4971-960B-D71880500066}\gapaengine.dll
2017-06-03 13:38:58 17404160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
==================== Find3M ====================
.
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:06:40 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:57 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:09:13 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-03 09:08:28 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:07:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-03 09:06:06 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2017-06-03 09:04:36 6042624 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-06-03 09:04:06 2006528 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2017-06-03 08:54:44 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2017-06-03 08:51:36 266752 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2017-06-03 08:50:43 641024 ----a-w- C:\WINDOWS\System32\wbem\NetAdapterCim.dll
2017-06-03 08:49:39 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2017-06-03 08:49:34 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-06-03 08:49:09 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-06-03 08:48:49 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2017-06-03 08:48:34 391168 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2017-06-03 08:40:59 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-06-01 11:20:38 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-05-11 09:58:25 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
.
============= FINISH: 22:17:15.36 ===============

Attached Files

attach.txt (9.8 KB)

Hello, thank you in advance for your help. As stated in the title, I am having significant performance issues. I am not sure if it is malware/virus, or something similar, or if it is, at least in part, the age of the machine.

My laptop is more than 4 years old and is running Windows 10. It seems to me that performance has been worse since upgrade to Windows 10 months ago.

In any event, your help and direction is greatly appreciated.

Here is the information requested to start the process.

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.131.2
Run by Dell Inspiron at 19:19:26 on 2017-07-02
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8049.1154 [GMT -4:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\SysWow64\perfhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\WINDOWS\system32\TieringEngineService.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Avira\Antivirus\avscan.exe
C:\Program Files (x86)\Avira\Antivirus\avscan.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Like: {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Simple: {886bf106-6ebf-4ef4-8676-6663caabbda4} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [EPLTarget\P0000000000000002] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-3540 Series"
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://www.facebook.com/n/?email%2F...INHpzFCLtwiMMx
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{839a14cb-e4fa-4c2b-9890-97338570ccca} : DHCPNameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{c49f85b0-4b0d-42a0-bce6-d03c89396128} : DHCPNameServer = 64.233.217.2 64.233.217.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\7gzxff73.default-1488972710950\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\WINDOWS\System32\drivers\avdevprot.sys [2017-6-13 60920]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-5-30 44488]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-5-30 167504]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-5-30 88488]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-9-13 162344]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-9-30 168448]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-10 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-29 00:23:13 -------- d-----w- C:\ProgramData\McAfee Security Scan
2017-06-25 22:20:19 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-14 14:39:59 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-13 14:39:52 60920 ----a-w- C:\WINDOWS\System32\drivers\avdevprot.sys
2017-06-04 03:38:58 17404160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2017-06-03 22:16:59 71112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\IA2Marshal.dll
.
==================== Find3M ====================
.
2017-06-13 14:32:52 38048 ----a-w- C:\WINDOWS\System32\drivers\avusbflt.sys
2017-06-13 14:32:52 167504 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:27 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-03 10:14:27 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-03 10:14:27 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-03 10:14:26 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-03 10:14:26 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-03 10:14:26 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-03 10:14:26 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:23 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:09:08 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-03 10:08:10 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-03 10:06:40 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:59:51 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:48:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:39:09 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:23:57 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:22:29 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:44 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:11:56 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-03 09:10:54 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-03 09:10:51 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:57 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:09:13 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-03 09:08:28 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:08:24 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:08:23 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-03 09:07:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-03 09:07:32 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-03 09:07:14 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-03 09:06:11 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-03 09:06:06 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
.
============= FINISH: 19:45:28.55 ===============

Attached Files

attach.txt (9.7 KB)

Hello there everyone, for the past couple of months (about 6) a specific .txt file keeps on "creating itself" when I start up my computer. The file creates itself on my desktop as soon as I log in to Windows (10). The .txt file is named "SpinProgramErrorLog.txt", and the contents of the file are:

"Spin Program Error Log
----------------------
3 Jul 2017 06:37: Missing important stuff (1)."

The file does not show where it is created, how it is created, or anything. Properties just show as the location of the file being on the desktop, and I can't trace the root of how it got there. I should probably have included more information, but I'm not exactly sure of what more to provide in order to help someone help me find what is creating the file. I would appreciate any help, and please let me know if I can provide more info to help you help me :smile:

Hey, I'm 15 and not that experienced at computer fixing, so I got counter-strike 1.6 warzone original from web and I can't uninstall it anymore.

I can't remove it from Control Panel and I try to use CCleaner now, but when I try to remove it under "tools" tab it says "Error: 2 - The system cannot find the file specified

Is there someone more experienced and could help me please?
I hope that's enough information, oh and when I try to uninstall it under Control Panel, it says "You do not have sufficient access to uninstall Counter-Strike 1.6 Warzone Original. Please contact your system administrator."


Adding more information.
Under Registry Editor I went through HK_LOCAL_MACHINE -> SOFTWARE -> Wow6432Node -> Microsoft -> Windows -> CurrentVersion -> Uninstall -> Counter-Strike 1.6 Warzone Original
and there are 3 things.

(Default)
DisplayName
UninstallString

and when I click modify UninstallString it gives me this: 0:\Games\CS 1.6\Uninstal.exe

A few months ago I updated my PC which had been running windows XP to Windows 10. I changed my main HD to a samsung SSD. Immediately I noticed my PC was much faster. I had not changed anything else except the the HD and OS. Recently in the past few weeks my PC has become very slow. The only real change to my knowledge is I adjusted my internet speeds through my ISP. I lowered it but to my knowledge it is supposed to me at a mininimum 25mbps. My internet does seem slow at times but usually its my PC in general that is slow. I run Malwarebytes occassionally and have AVG antivirus. Thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by ukbsk at 21:37:41 on 2017-07-07
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.4094.106 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Windscribe\WindscribeService.exe
C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe
C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
svchost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\BackgroundTransferHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={82DC8F58-9144-405E-9322-8922D66BBB03}&mid=f1f3e9ddd43247cf8c3cd1543b36bffd-bb9a1d0f432bd967561b35048650c4cb794a2fb2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0517tb&pr=fr&d=2017-01-26 00:21:31&v=4.3.7.452&pid=wtu&sg=&sap=hp
uLocal Page = %11%\blank.htm
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
uRun: [OneDrive] "C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Windscribe] C:\Program Files (x86)\Windscribe\Windscribe.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
TCP: Interfaces\{07924db2-44d5-4a50-b86f-96a98701c987} : DHCPNameServer = 10.110.234.1
TCP: Interfaces\{59c00cd1-0e57-4b32-b4a9-ca83ebb8a71a} : DHCPNameServer = 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
TCP: Interfaces\{bbbd2ab0-018c-4933-b792-f15272fd5611} : DHCPNameServer = 10.110.182.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ukbsk\AppData\Roaming\Mozilla\Firefox\Profiles\qr07vecu.default-1490668017164\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\ukbsk\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-20 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-20 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-20 227328]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgbdiska.sys [2017-6-6 166624]
R1 avgbidsdriver;avgbidsdriver;C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [2017-6-6 313616]
R1 avgRdr;avgRdr;C:\WINDOWS\System32\drivers\avgRdr2.sys [2017-6-6 102792]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgSnx.sys [2017-6-6 1008288]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-6-6 578048]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2246256]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-6-28 264432]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\avgMonFlt.sys [2017-6-6 139112]
R2 avgStm;avgStm;C:\WINDOWS\System32\drivers\avgStm.sys [2017-6-6 191208]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-7-3 1428656]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-1-5 4470736]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2017-5-17 8315664]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 462784]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-2 1163712]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-2 425408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2017-1-2 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-20 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WindscribeService;WindscribeService;C:\Program Files (x86)\Windscribe\WindscribeService.exe [2017-5-12 71272]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2017-6-28 7481648]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-1-5 252832]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-2 46016]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 tapwindscribe0901;Windscribe VPN;C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [2017-5-11 54896]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 vToolbarUpdater40.3.7;vToolbarUpdater40.3.7;"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe" --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwid.sys [2017-6-6 39424]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-20 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-1-3 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-1-5 91584]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-20 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-20 113152]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-2 27584]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-11 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2017-1-3 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-20 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-20 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-07-07 22:27:30 1192392 ----a-w- C:\WINDOWS\isRS-000.tmp
2017-07-01 14:18:51 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-29 03:23:22 -------- d-----w- C:\Users\ukbsk\AppData\Local\Wondershare
2017-06-29 03:23:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2017-06-29 03:21:36 1250304 ----a-w- C:\WINDOWS\System32\CFDecode64.ax
2017-06-29 03:21:24 -------- d-----w- C:\ProgramData\Wondershare Video Editor
2017-06-29 03:21:23 -------- d-----w- C:\Program Files\Wondershare
2017-06-29 02:30:13 401584 ----a-w- C:\WINDOWS\System32\avgBoot.exe
2017-06-27 22:46:46 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8861F360-7DB6-4AB5-A6B0-FF882BF998AA}\mpengine.dll
2017-06-27 22:44:55 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2017-06-26 02:45:43 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-17 22:51:34 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEC5BC2F-4FBA-4408-8E1A-DBF10679E486}\gapaengine.dll
.
==================== Find3M ====================
.
2017-07-08 02:23:23 252832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-07-01 14:27:57 353744 ----a-w- C:\WINDOWS\System32\drivers\avgvmm.sys
2017-06-29 02:30:09 76832 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2017-06-29 02:30:09 578048 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2017-06-29 02:30:09 39424 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2017-06-29 02:30:09 191208 ----a-w- C:\WINDOWS\System32\drivers\avgStm.sys
2017-06-29 02:30:09 139112 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2017-06-29 02:30:09 102792 ----a-w- C:\WINDOWS\System32\drivers\avgRdr2.sys
2017-06-29 02:30:00 1008288 ----a-w- C:\WINDOWS\System32\drivers\avgSnx.sys
2017-06-29 02:29:56 51336 ----a-w- C:\WINDOWS\System32\drivers\avgbuniva.sys
2017-06-29 02:29:56 336896 ----a-w- C:\WINDOWS\System32\drivers\avgbloga.sys
2017-06-29 02:29:56 313616 ----a-w- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2017-06-29 02:29:56 192584 ----a-w- C:\WINDOWS\System32\drivers\avgbidsha.sys
2017-06-29 02:29:56 166624 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2017-06-18 00:34:06 118272 ----a-w- C:\WINDOWS\SysWow64\AppointmentActivation.dll
2017-06-06 15:00:31 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF327.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF307.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2F6.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2D6.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2B6.tmp
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:27 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-03 10:14:27 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-03 10:14:27 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-03 10:14:26 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-03 10:14:26 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-03 10:14:26 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-03 10:14:26 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:23 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:09:08 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-03 10:08:10 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-03 10:06:40 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:59:51 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:48:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:39:09 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:23:57 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:22:29 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:44 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
.
============= FINISH: 21:40:48.81 ===============

Attached Files

attach.txt (11.1 KB)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18698
Run by Trang at 11:50:46 on 2017-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6540 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://start.wow.com/?s_pt=source9&s_chn=y17w26&s_chn2=100&hp_uid=tDtDtByEtBtCtB0DtD0CtDzzyCyE0EtA2RtBtDtCyBtDyBtDzytBtCtBzyyDyDtAtDzy&s_gl=US
mWinlogon: Userinit = userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [CTxfiHlp] CTXFIHLP.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{826FFC60-C6AD-4E4F-9ADD-8B286ED98D3E} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trang\AppData\Roaming\Mozilla\Firefox\Profiles\9lf1gh6k.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-7-9 462968]
R2 Origin Web Helper Service;Origin Web Helper Service;C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-7-10 3149720]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2014-3-1 205080]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2014-3-1 1419544]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2014-3-1 97048]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2016-8-25 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2017-7-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2017-7-9 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2014-3-1 205080]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2014-3-1 1419544]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2014-3-1 97048]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-7-10 116224]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2017-7-10 2169744]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2017-7-9 1255736]
.
=============== Created Last 30 ================
.
2017-07-10 15:19:30 -------- d-----w- C:\z-decay
2017-07-10 15:18:58 -------- d-----w- C:\Users\Trang\AppData\Roaming\GHISLER
2017-07-10 15:18:58 -------- d-----w- C:\Users\Trang\AppData\Local\GHISLER
2017-07-10 15:17:54 -------- d-----w- C:\wincmd
2017-07-10 08:25:32 -------- d-----w- C:\ProgramData\Electronic Arts
2017-07-10 08:25:17 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2017-07-10 07:50:18 -------- d-----w- C:\Program Files (x86)\Origin Games
2017-07-10 07:49:19 -------- d-----w- C:\Users\Trang\AppData\Roaming\Origin
2017-07-10 07:46:50 -------- d-----w- C:\Program Files (x86)\Origin
2017-07-10 07:45:22 -------- d-----w- C:\Users\Trang\.QtWebEngineProcess
2017-07-10 07:45:22 -------- d-----w- C:\Users\Trang\.Origin
2017-07-10 07:45:20 -------- d-----w- C:\ProgramData\Origin
2017-07-10 07:45:12 -------- d-----w- C:\Users\Trang\AppData\Local\Origin
2017-07-10 07:31:14 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2017-07-10 07:31:14 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2017-07-10 07:31:04 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2017-07-10 07:31:04 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2017-07-10 06:39:19 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2017-07-10 06:39:19 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2017-07-10 06:39:09 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2017-07-10 06:39:08 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2017-07-10 06:39:08 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2017-07-10 06:39:08 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2017-07-10 06:38:57 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2017-07-10 06:38:57 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2017-07-10 01:52:59 508264 ----a-w- C:\Windows\System32\d3dx10_35.dll
2017-07-10 01:49:41 -------- d-----w- C:\ProgramData\Package Cache
2017-07-10 01:41:48 -------- d-----w- C:\Users\Trang\AppData\Local\Thunderbird
2017-07-10 01:37:57 -------- d-----w- C:\Users\Trang\AppData\Local\Steam
2017-07-10 01:37:57 -------- d-----w- C:\Users\Trang\AppData\Local\CEF
2017-07-10 01:35:02 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2017-07-10 01:35:00 -------- d-----w- C:\Program Files (x86)\Steam
2017-07-10 01:30:40 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F9BFA1-4469-4D08-9DA0-DDDED101A6D4}\offreg.916.dll
2017-07-10 01:20:27 -------- d-----w- C:\Program Files\CCleaner
2017-07-10 01:20:04 -------- d-----w- C:\Users\Trang\AppData\Local\Google
2017-07-10 01:00:22 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2017-07-10 01:00:22 53248 ------w- C:\Windows\Ctregrun.exe
2017-07-10 00:52:29 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2017-07-10 00:51:41 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2017-07-10 00:51:41 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2017-07-10 00:51:33 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2017-07-10 00:51:24 -------- d-----w- C:\Program Files\Creative
2017-07-10 00:50:41 102400 ----a-w- C:\Windows\SysWow64\cttele32.dll
2017-07-10 00:50:40 107008 ----a-w- C:\Windows\System32\cttele64.dll
2017-07-10 00:50:30 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-07-10 00:50:30 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-07-10 00:50:30 -------- d-----w- C:\Program Files (x86)\OpenAL
2017-07-10 00:50:29 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2017-07-10 00:50:29 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2017-07-10 00:50:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-07-10 00:50:29 190976 ----a-w- C:\Windows\System32\APOMgr64.DLL
2017-07-10 00:50:29 148480 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2017-07-10 00:50:29 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-07-10 00:49:11 12288 ----a-w- C:\Windows\System32\INRES.DLL
2017-07-10 00:49:11 11776 ----a-w- C:\Windows\SysWow64\INRES.DLL
2017-07-10 00:49:11 -------- d-----w- C:\Windows\SysWow64\Data
2017-07-10 00:49:11 -------- d-----w- C:\Windows\System32\Data
2017-07-10 00:49:09 -------- d-----w- C:\Program Files (x86)\Creative
2017-07-10 00:48:58 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2017-07-10 00:48:58 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2017-07-10 00:48:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2017-07-10 00:48:58 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2017-07-10 00:48:58 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2017-07-10 00:48:58 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2017-07-10 00:48:55 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2017-07-10 00:48:55 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2017-07-10 00:19:10 1078240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4505B277-E703-469D-94A1-7817D5B44540}\gapaengine.dll
2017-07-10 00:18:57 13120896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F9BFA1-4469-4D08-9DA0-DDDED101A6D4}\mpengine.dll
2017-07-10 00:17:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2017-07-10 00:17:56 -------- d-sh--w- C:\Windows\Installer
2017-07-10 00:17:56 -------- d-----w- C:\Program Files\Microsoft Security Client
2017-07-10 00:09:17 -------- d-----w- C:\Users\Trang\AppData\Local\Mozilla
2017-07-10 00:09:06 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-09 23:45:51 -------- d-----w- C:\Windows\SysWow64\Wat
2017-07-09 23:45:51 -------- d-----w- C:\Windows\System32\Wat
2017-07-09 23:25:00 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-07-09 23:25:00 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-07-09 23:19:01 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2017-07-09 23:16:26 859648 ----a-w- C:\Windows\System32\tdh.dll
2017-07-09 23:16:26 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2017-07-09 23:06:15 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2017-07-09 23:06:15 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2017-07-09 22:40:21 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-07-09 22:40:18 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{377559BF-F43E-4A36-9F97-CE579149533F}\mpengine.dll
2017-07-09 22:35:36 -------- d-----w- C:\Windows\System32\MRT
2017-07-09 22:35:29 -------- d-----w- C:\Windows\Panther
2017-07-09 22:14:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2017-07-09 22:14:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2017-07-09 22:14:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2017-07-09 22:10:17 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2017-07-09 22:10:17 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2017-07-09 22:10:16 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2017-07-09 22:10:16 8856 ----a-w- C:\Windows\System32\icardres.dll
2017-07-09 22:10:16 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2017-07-09 22:10:16 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2017-07-09 22:10:10 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2017-07-09 22:10:10 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2017-07-09 22:07:55 52736 ----a-w- C:\Windows\System32\basesrv.dll
2017-07-09 22:06:50 241152 ----a-w- C:\Windows\System32\pku2u.dll
2017-07-09 22:05:57 30720 ----a-w- C:\Windows\System32\seclogon.dll
2017-07-09 22:04:10 331776 ----a-w- C:\Windows\System32\oleacc.dll
2017-07-09 22:04:10 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2017-07-09 22:04:06 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2017-07-09 22:04:06 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2017-07-09 21:53:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2017-07-09 21:53:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2017-07-09 21:53:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2017-07-09 23:08:18 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-06-02 08:28:21 2317824 ----a-w- C:\Windows\System32\tquery.dll
2017-06-02 08:28:14 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-06-02 08:28:14 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-06-02 08:28:14 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-06-02 08:28:14 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-06-02 08:28:14 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-06-02 08:28:14 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-06-02 08:28:14 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-06-02 08:28:14 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-06-02 08:11:17 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-06-02 08:11:17 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-06-02 08:10:16 733696 ----a-w- C:\Windows\HelpPane.exe
2017-06-02 08:10:11 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-06-02 08:09:56 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-06-02 08:09:50 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-06-02 08:09:50 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-06-02 08:09:50 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-06-02 08:09:50 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-06-02 08:09:50 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-06-02 08:09:50 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-06-02 08:09:50 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-06-02 07:58:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-06-02 07:58:23 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-06-02 07:57:42 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-06-02 07:57:31 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-05-30 20:45:51 565416 ------w- C:\Windows\System32\MpSigStub.exe
2017-05-21 04:28:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-05-21 04:28:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-05-21 04:06:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-05-21 03:55:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-05-21 03:48:54 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-05-21 03:48:19 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-05-21 03:48:17 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-05-21 03:47:36 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-05-21 03:46:34 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-05-21 03:42:24 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-05-19 21:52:10 521624 ----a-w- C:\Windows\System32\OpenCL.dll
2017-05-19 21:52:08 427416 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2017-05-19 21:50:16 35357264 ----a-w- C:\Windows\System32\nvoglv64.dll
2017-05-19 21:50:10 28601424 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2017-05-19 21:49:52 14278736 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2017-05-19 21:49:30 969624 ----a-w- C:\Windows\System32\NvIFR64.dll
2017-05-19 21:49:28 920664 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2017-05-19 21:48:50 54680 ----a-w- C:\Windows\System32\nvhdap64.dll
2017-05-19 21:48:46 1609232 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2017-05-19 21:48:42 226712 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2017-05-19 21:48:30 999832 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2017-05-19 21:48:30 1062488 ----a-w- C:\Windows\System32\NvFBC64.dll
2017-05-19 21:48:22 1996696 ----a-w- C:\Windows\System32\nvdispco6438205.dll
2017-05-19 21:48:22 1598360 ----a-w- C:\Windows\System32\nvdispgenco6438205.dll
2017-05-19 21:48:10 3441560 ----a-w- C:\Windows\System32\nvcuvid.dll
2017-05-19 21:48:06 3020696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2017-05-19 21:47:50 40210520 ----a-w- C:\Windows\System32\nvcompiler.dll
2017-05-19 21:47:42 35290200 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2017-05-19 21:45:34 20248040 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2017-05-19 21:45:28 17584440 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2017-05-19 21:45:24 504208 ----a-w- C:\Windows\System32\nvumdshimx.dll
2017-05-19 21:45:22 419168 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2017-05-19 21:45:18 11161992 ----a-w- C:\Windows\System32\nvptxJitCompiler.dll
2017-05-19 21:45:14 9102480 ----a-w- C:\Windows\SysWow64\nvptxJitCompiler.dll
2017-05-19 21:45:10 10648696 ----a-w- C:\Windows\System32\nvopencl.dll
2017-05-19 21:45:08 8891344 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2017-05-19 21:45:06 163600 ----a-w- C:\Windows\System32\nvoglshim64.dll
2017-05-19 21:45:02 141736 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
2017-05-19 21:44:58 180736 ----a-w- C:\Windows\System32\nvinitx.dll
2017-05-19 21:44:58 158176 ----a-w- C:\Windows\SysWow64\nvinit.dll
2017-05-19 21:44:56 703880 ----a-w- C:\Windows\System32\nvfatbinaryLoader.dll
2017-05-19 21:44:56 591672 ----a-w- C:\Windows\SysWow64\nvfatbinaryLoader.dll
2017-05-19 21:44:44 16587184 ----a-w- C:\Windows\System32\nvd3dumx.dll
2017-05-19 21:44:40 13527280 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2017-05-19 21:44:32 11129704 ----a-w- C:\Windows\System32\nvcuda.dll
2017-05-19 21:44:30 9335336 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2017-05-19 21:44:28 4120440 ----a-w- C:\Windows\System32\nvapi64.dll
2017-05-19 21:44:26 3632536 ----a-w- C:\Windows\SysWow64\nvapi.dll
2017-05-14 20:46:52 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-05-14 20:46:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-05-14 20:28:46 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-05-14 20:27:37 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-05-14 20:27:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-05-14 20:27:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-05-14 20:26:51 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-05-14 20:10:55 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-05-14 20:10:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-05-14 20:10:34 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-05-14 20:01:39 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-05-14 19:55:35 5975040 ----a-w- C:\Windows\System32\jscript9.dll
2017-05-14 19:48:14 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-05-14 19:47:32 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-05-14 19:37:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-05-14 19:23:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-05-14 19:22:36 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-05-14 19:22:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-05-14 19:22:10 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-05-14 19:21:04 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-05-14 19:18:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-05-14 19:17:59 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-05-14 19:11:03 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-05-14 19:10:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-05-14 18:57:57 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
.
============= FINISH: 11:51:21.31 ===============

I have windows home premium x64 DVD.

random start happened when I played games. It is annoying almost impossible. I did a clean reinstall, it helps at the beginning but it comes back.
What else do you need to know ?
BTW, I keep all the old passwords, is it seriously harmful ?

Attached Files

attach.txt (6.3 KB)

Hi

My wife's old HP Mini computer has become so slow as to be useless. Things that took a few seconds, now take long minutes or not at all.

I cannot say if it is a virus or just the computer giving up (memory?).

I am using another computer to send you the requested files

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by Katerina at 19:02:01 on 2017-07-10
Microsoft Windows 10 Home 10.0.14393.0.1252.44.2070.18.2011.409 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\ProgramData\Connect Manager\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\consent.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\DllHost.exe
C:\Users\Katerina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = Google
mDefault_Page_URL = Google
mDefault_Search_URL = Google
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = Google
mCustomizeSearch = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: ?????????? ????????: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [Akamai NetSession Interface] "c:\users\katerina\appdata\local\akamai\netsession_win.exe"
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [OneDrive] "c:\users\katerina\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [Uninstall 17.3.6390.0509] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\katerina\appdata\local\microsoft\onedrive\17.3.6390.0509"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [NCUpdateHelper] c:\program files\ncwest\nclauncher\NCUpdateHelper.exe
mRun: [FAHConsole] c:\program files\file association helper\FAHConsole.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WindowsDefender] "c:\program files\windows defender\MSASCuiL.exe"
mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
StartupFolder: c:\users\katerina\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Virtual%20Families/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0a5d503a-d8c4-4484-b5b5-f1f19a879051} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0a5d503a-d8c4-4484-b5b5-f1f19a879051}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0e9a1ce3-ec17-41a0-b4d1-8eb168b70720} : NameServer = 172.16.0.73 172.16.0.74
TCP: Interfaces\{63066fc7-6a9e-4531-982b-68a4e896c533} : NameServer = 217.171.135.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\59.0.3071.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\katerina\appdata\roaming\mozilla\firefox\profiles\hno59f6g.default\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=229&clid=1998804
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\katerina\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-10-30 188928]
S3 AcpiDev;Controlador de dispositivos ACPI;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-07-10 10:26:15 39168 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff426b03-e347-4bc2-ad8f-fa67f2bae109}\MpKsl76eca19a.sys
2017-07-10 10:22:16 10685920 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff426b03-e347-4bc2-ad8f-fa67f2bae109}\mpengine.dll
2017-07-10 05:40:15 162240 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-10 05:36:42 85400 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-10 05:36:42 74656 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-10 05:35:44 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-10 05:35:36 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-10 05:35:05 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-10 05:34:20 -------- d-----w- c:\program files\Malwarebytes
2017-07-10 01:38:10 10685920 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2017-07-10 01:24:50 -------- d-s---w- c:\windows\UpdateAssistantV2
2017-07-09 07:48:59 941568 ----a-w- c:\windows\system32\localspl.dll
2017-07-09 07:47:59 2560 ----a-w- c:\windows\system32\tzres.dll
2017-07-09 07:47:59 232448 ----a-w- c:\windows\system32\edputil.dll
2017-07-09 07:47:52 996192 ----a-w- c:\windows\system32\aeinv.dll
2017-07-09 07:47:51 503808 ----a-w- c:\program files\common files\microsoft shared\ink\Microsoft.Ink.dll
2017-07-09 07:47:41 1336160 ----a-w- c:\windows\system32\appraiser.dll
2017-07-09 07:47:38 455000 ----a-w- c:\windows\system32\devinv.dll
2017-07-09 07:47:30 284000 ----a-w- c:\windows\system32\invagent.dll
2017-07-09 07:46:59 113504 ----a-w- c:\windows\system32\acmigration.dll
2017-07-09 07:45:03 27136 ----a-w- c:\windows\system32\fdProxy.dll
2017-07-09 06:34:33 916160 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b3a9fc8-96c7-47ae-af8a-42867681833e}\gapaengine.dll
.
==================== Find3M ====================
.
2017-06-03 10:50:15 83296 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-03 10:50:15 514400 ----a-w- c:\windows\system32\generaltel.dll
2017-06-03 10:50:15 192856 ----a-w- c:\windows\system32\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- c:\windows\system32\atmfd.dll
2017-06-03 10:50:03 30560 ----a-w- c:\windows\system32\DeviceCensus.exe
2017-06-03 10:50:03 254816 ----a-w- c:\windows\system32\dcntel.dll
2017-06-03 10:50:03 101216 ----a-w- c:\windows\system32\ImplatSetup.dll
2017-06-03 10:22:25 231776 ----a-w- c:\windows\system32\drivers\sdbus.sys
2017-06-03 10:15:19 99672 ----a-w- c:\windows\system32\drivers\tm.sys
2017-06-03 10:13:40 1725136 ----a-w- c:\windows\system32\KernelBase.dll
2017-06-03 10:13:11 5996384 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-06-03 10:03:33 950112 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-06-03 10:03:23 94560 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-06-03 09:58:29 154976 ----a-w- c:\windows\system32\drivers\dumpsd.sys
2017-06-03 09:58:13 340832 ----a-w- c:\windows\system32\msv1_0.dll
2017-06-03 09:55:59 1896288 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-06-03 09:55:57 342368 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-06-03 09:55:19 780640 ----a-w- c:\windows\system32\WWAHost.exe
2017-06-03 09:54:53 290656 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2017-06-03 09:53:51 454496 ----a-w- c:\windows\system32\drivers\storport.sys
2017-06-03 09:52:57 1021784 ----a-w- c:\windows\system32\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- c:\windows\system32\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- c:\windows\system32\NetSetupEngine.dll
2017-06-03 09:48:24 1384704 ----a-w- c:\windows\system32\sppobjs.dll
2017-06-03 09:44:50 545944 ----a-w- c:\windows\system32\fontdrvhost.exe
2017-06-03 09:44:50 1409536 ----a-w- c:\windows\system32\gdi32full.dll
2017-06-03 09:43:16 1964384 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-06-03 09:39:04 5686272 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
2017-06-03 09:32:39 31232 ----a-w- c:\windows\system32\drivers\BasicRender.sys
2017-06-03 09:31:50 37376 ----a-w- c:\windows\system32\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- c:\windows\system32\ExSMime.dll
2017-06-03 09:31:11 42496 ----a-w- c:\windows\system32\musdialoghandlers.dll
2017-06-03 09:30:20 203264 ----a-w- c:\windows\system32\MusNotification.exe
2017-06-03 09:29:03 82944 ----a-w- c:\windows\system32\MusNotificationUx.exe
2017-06-03 09:26:44 187904 ----a-w- c:\windows\system32\wbem\ndisimplatcim.dll
2017-06-03 09:26:14 129536 ----a-w- c:\windows\system32\wbem\netswitchteamcim.dll
2017-06-03 09:26:00 100352 ----a-w- c:\windows\system32\AuthBrokerUI.dll
2017-06-03 09:25:56 165376 ----a-w- c:\windows\system32\dpapisrv.dll
2017-06-03 09:25:37 268288 ----a-w- c:\windows\system32\cloudAP.dll
2017-06-03 09:25:26 222720 ----a-w- c:\windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:25:13 417792 ----a-w- c:\windows\system32\MusUpdateHandlers.dll
2017-06-03 09:23:57 306688 ----a-w- c:\windows\system32\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- c:\windows\system32\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- c:\windows\system32\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- c:\windows\system32\netcorehc.dll
2017-06-03 09:22:10 215552 ----a-w- c:\windows\system32\HNetCfgClient.dll
2017-06-03 09:20:25 668672 ----a-w- c:\windows\system32\efscore.dll
2017-06-03 09:20:21 755712 ----a-w- c:\windows\system32\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- c:\windows\system32\certutil.exe
2017-06-03 09:19:37 500736 ----a-w- c:\windows\system32\wbem\NetAdapterCim.dll
2017-06-03 09:16:46 608768 ----a-w- c:\windows\system32\win32spl.dll
2017-06-03 09:16:32 884224 ----a-w- c:\windows\HelpPane.exe
2017-06-03 09:15:41 18364928 ----a-w- c:\windows\system32\edgehtml.dll
2017-06-03 09:08:23 2643968 ----a-w- c:\windows\system32\tquery.dll
2017-06-03 09:06:53 296960 ----a-w- c:\windows\system32\wuuhext.dll
2017-06-03 09:06:06 3664384 ----a-w- c:\windows\system32\jscript9.dll
2017-06-03 09:05:49 1236480 ----a-w- c:\windows\system32\win32kbase.sys
2017-06-03 09:05:29 183296 ----a-w- c:\windows\system32\NetSetupSvc.dll
2017-06-03 09:05:25 295424 ----a-w- c:\windows\system32\hnetcfg.dll
2017-06-03 09:05:12 1120768 ----a-w- c:\windows\system32\lsasrv.dll
2017-06-03 09:04:48 773120 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-06-03 09:04:45 1526272 ----a-w- c:\windows\system32\FntCache.dll
2017-06-03 09:04:36 6042624 ----a-w- c:\windows\system32\Chakra.dll
2017-06-03 09:04:06 2006528 ----a-w- c:\windows\system32\DWrite.dll
2017-06-03 09:03:09 1988096 ----a-w- c:\windows\system32\mssrch.dll
2017-06-03 09:02:30 2997760 ----a-w- c:\windows\system32\win32kfull.sys
2017-06-03 06:36:03 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-31 21:21:34 456360 ------w- c:\windows\system32\MpSigStub.exe
2017-05-25 06:56:38 34144 ----a-w- c:\windows\system32\OOBEUpdater.exe
2017-05-20 00:05:50 74072 ----a-w- c:\windows\system32\UNPUXWorker.exe
2017-04-28 01:33:50 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
2017-04-28 01:32:09 685440 ----a-w- c:\windows\system32\Windows.Internal.Shell.Broker.dll
2017-04-28 01:28:15 965472 ----a-w- c:\windows\system32\ReAgent.dll
2017-04-28 01:01:53 784064 ----a-w- c:\windows\system32\winresume.exe
2017-04-28 00:59:55 601712 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-28 00:58:41 1956704 ----a-w- c:\windows\system32\drivers\ntfs.sys
2017-04-28 00:56:56 2048488 ----a-w- c:\windows\system32\CoreUIComponents.dll
2017-04-28 00:55:11 583128 ----a-w- c:\windows\system32\CoreMessaging.dll
2017-04-28 00:51:41 277856 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-04-28 00:49:54 53080 ----a-w- c:\windows\system32\drivers\fsdepends.sys
2017-04-28 00:48:25 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
2017-04-28 00:46:09 1504056 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- c:\windows\system32\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- c:\windows\system32\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- c:\windows\system32\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- c:\windows\system32\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
2017-04-28 00:45:29 25440 ----a-w- c:\windows\system32\browser_broker.exe
2017-04-28 00:45:00 545120 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2017-04-28 00:43:59 1980768 ----a-w- c:\windows\system32\msxml6.dll
2017-04-28 00:43:55 458592 ----a-w- c:\windows\system32\drivers\spaceport.sys
2017-04-28 00:43:48 1557224 ----a-w- c:\windows\system32\crypt32.dll
2017-04-28 00:43:27 355168 ----a-w- c:\windows\system32\drivers\rdbss.sys
2017-04-28 00:43:10 846560 ----a-w- c:\windows\system32\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- c:\windows\system32\combase.dll
2017-04-28 00:41:08 361104 ----a-w- c:\windows\system32\tsmf.dll
2017-04-28 00:41:07 80224 ----a-w- c:\windows\system32\rdpudd.dll
.
============= FINISH: 19:08:58.71 ===============

Attached Files

attach.txt (4.0 KB)

I have a problem where whenever I turn on my computer (Windows 10) the manual proxy is on to addresses "http=127.0.0.1:64550;https=127.0.0.1:64550". I don't know what they are, and I didn't put them there. When on, it prevents me from accessing the internet. When I turn it off, there is no problem, but the addresses stay in the box even if I delete it, and when I restart my computer the manual proxy turns back on. I try again to set it to automatic detect settings but again it changes back to the proxy settings automatically. I did a McAfee virus scan and nothing. I ran Malwarebytes and some malware was removed but it didn't fix the issue either.

Requested info has been copied/pasted and attached. I don't think I have a Windows install disc or a boot CD.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.77.2
Run by umm_s_000 at 8:53:53 on 2017-07-12
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.3977.1120 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan *Enabled/Updated* {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\umm_s_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\umm_s_000\AppData\Local\YouGov Pulse US\YouGov Pulse US.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
C:\Program Files (x86)\SmartApp\SmartApp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe
C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\Zoom.exe
C:\WINDOWS\system32\taskhostw.exe
c:\PROGRA~1\mcafee\vul\mcvulctr.exe
c:\PROGRA~1\mcafee\vul\MCVULA~1.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\Zoom.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = Dell United States Official Site | Dell United States
uProxyServer = hxxp=127.0.0.1:64550;https=127.0.0.1:64550
uProxyOverride = <local>
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll
uWinlogon: Shell = -
BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} -
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} -
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\umm_s_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Google Update] C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
uRun: [Zoom] <no file>
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Digital Coupon Print Driver] "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\UMM_S_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WIZIQD~1.LNK - C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: DisableCAD = dword:1
mPolicies-System: EnableUIPI = dword:1
mPolicies-Windows\System: DisableLogonBackgroundImage = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{2cc2820f-1945-4e22-a35a-2c0473974a1f} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294} : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294}\4516168696271686723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294}\457413637323744323 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: DisableCAD = dword:1
x64-mPolicies-System: EnableUIPI = dword:1
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\umm_s_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2014-4-3 923640]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2014-4-3 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-28 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-29 227328]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2014-6-18 92536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_57262;CDPUserSvc_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [2017-6-20 206712]
R2 DDVDataCollector;Dell Data Vault Collector;C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2017-6-20 3296632]
R2 DDVRulesProcessor;Dell Data Vault Processor;C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [2017-6-20 217464]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2017-5-1 230248]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-7-14 169432]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-6-29 188352]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-6-29 4470736]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe [2017-2-8 994312]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\2.3.322.0\McCSPServiceHost.exe [2017-2-28 2054080]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe [2015-6-26 385112]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2014-7-19 343792]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe [2017-2-8 1551512]
R2 OneSyncSvc_57262;Sync Host_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-2-27 1105840]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-12-10 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2017-6-28 52696]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-7-16 246472]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-6-18 81536]
R2 ZoomCptService;Zoom Sharing Service;C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [2017-6-22 24752]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2014-6-18 33944]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2017-4-11 32960]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2017-4-11 32568]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-6-29 101784]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-6-29 45472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-6-29 253856]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-6-29 93600]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-2-17 487184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-4-3 366328]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2014-7-19 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-4-3 518704]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2017-1-19 498648]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110256]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_57262;Contact Data_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-12-10 896744]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-5-14 402960]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-7-16 42696]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_57262;User Data Storage_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_57262;User Data Access_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-4-3 85048]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/06/18 17:21:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2014-6-18 35496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-29 118272]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-4-3 88464]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-5-6 50240]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\WINDOWS\System32\drivers\leath_hid.sys [2014-6-18 39704]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [2017-6-23 404368]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_57262;MessagingService_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2017-1-19 109320]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\WINDOWS\System32\drivers\qca_shb.sys [2014-6-18 99328]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-11 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2014-6-18 41272]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_57262;Windows Push Notifications User Service_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-28 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-07-07 23:07:52 -------- d--h--w- C:\OneDriveTemp
2017-07-01 04:25:18 54728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\pingsender.exe
2017-06-29 17:30:51 -------- d-----w- C:\ProgramData\McAfee Security Scan
2017-06-29 17:23:12 -------- d---a-w- C:\Program Files (x86)\Dell Update
2017-06-29 16:25:50 188352 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-06-29 16:25:32 93600 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-06-29 16:25:32 101784 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-06-29 16:25:22 45472 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-06-29 16:25:16 253856 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-06-29 16:24:58 77376 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-06-29 16:24:45 -------- d-----w- C:\Program Files\Malwarebytes
2017-06-28 00:20:34 -------- d-----w- C:\ProgramData\XDMessagingv4
2017-06-26 19:52:50 -------- d-----w- C:\ProgramData\SupportAssistAgent
2017-06-26 19:51:59 -------- d-----w- C:\ProgramData\SupportAssist
2017-06-22 20:31:54 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2017-06-22 20:31:41 -------- d-----w- C:\Program Files\Dell Support Center
2017-06-22 17:24:26 -------- d-----w- C:\Program Files (x86)\Common Files\Zoom
2017-06-22 02:26:03 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-18 23:17:44 -------- d-----w- C:\WINDOWS\Panther
2017-06-17 05:57:56 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-17 05:56:55 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-17 05:56:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-17 05:56:52 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-06-17 05:56:50 391168 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2017-06-17 05:56:47 3403264 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-06-17 05:56:40 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2017-06-17 05:56:40 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-17 05:56:03 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2017-06-17 05:56:00 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-17 05:55:58 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-17 05:55:56 38752 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-06-17 05:55:42 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-17 05:55:39 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-17 05:55:36 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-17 05:55:35 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-17 05:55:34 1131008 ----a-w- C:\WINDOWS\System32\localspl.dll
2017-06-17 05:54:57 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-17 05:54:57 100864 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2017-06-17 05:54:56 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-17 05:54:54 834048 ----a-w- C:\WINDOWS\System32\win32spl.dll
2017-06-17 05:54:54 266752 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2017-06-17 05:54:52 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-17 05:54:51 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-17 05:54:45 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-17 05:54:28 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-17 05:53:15 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-17 05:52:54 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2017-06-17 05:52:34 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-17 05:52:22 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2017-06-17 05:52:21 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-17 05:52:19 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-17 05:52:04 6042624 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-06-17 05:52:00 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-06-17 05:51:57 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-17 05:51:44 8125440 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-06-17 05:51:18 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-06-17 05:51:17 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-17 05:51:15 1845248 ----a-w- C:\WINDOWS\System32\FntCache.dll
2017-06-17 05:51:02 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-17 05:49:54 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-06-17 05:49:49 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2017-06-17 05:49:23 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-17 05:49:17 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-17 05:48:46 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-17 05:48:46 2510848 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2017-06-17 05:48:18 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-17 05:48:18 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-17 05:48:03 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-17 05:48:02 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-17 05:48:01 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-17 05:48:00 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-17 05:47:55 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-17 05:47:52 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-17 05:47:52 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-17 05:47:49 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2017-06-17 05:47:42 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-17 05:47:42 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-17 05:47:14 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-17 05:47:05 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-17 05:47:00 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
.
==================== Find3M ====================
.
2017-07-07 23:01:29 150264 ------w- C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:06:40 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:11:56 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-03 09:10:54 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-03 09:10:51 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:08:23 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-03 09:07:14 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-03 09:06:11 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2017-06-03 09:04:48 773120 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2017-06-03 09:04:06 2006528 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2017-06-03 09:03:45 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll
2017-06-03 09:03:09 1988096 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2017-06-03 09:02:30 2997760 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-06-03 09:01:46 856064 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-06-03 08:58:35 64512 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2017-06-03 08:52:29 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-03 08:52:24 886784 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2017-06-03 08:51:56 1418240 ----a-w- C:\WINDOWS\System32\certutil.exe
2017-06-03 08:50:43 641024 ----a-w- C:\WINDOWS\System32\wbem\NetAdapterCim.dll
2017-06-03 08:49:39 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2017-06-03 08:49:25 351744 ----a-w- C:\WINDOWS\System32\hnetcfg.dll
2017-06-03 08:49:05 2475520 ----a-w- C:\WINDOWS\System32\DWrite.dll
2017-06-03 08:46:42 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-06-03 08:40:59 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-05-20 04:39:52 87904 ----a-w- C:\WINDOWS\System32\UNPUXWorker.exe
2017-05-11 11:22:23 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
.
============= FINISH: 9:04:22.16 ===============

Attached Files

Attach.txt (7.3 KB)

I am posting this in General Computer Security because I don't believe my computer is infected with a virus.

What happens in Yahoo! Mail (and ONLY Yahoo! Mail) is random redirects from within mail messages to a website with the root domain of voluumtrk[dot]com. I have blocked voluumtrk in my Chrome browser, so it doesn't actually redirect, but just stops with the voluumtrk address in the address bar. I have run Malwarebytes and other anti-malware software, with no positive results.

I stress that this does not occur on any other website - only within Yahoo! Mail. My questions are: Do you believe my computer is infected? Why only in Yahoo! Mail?

Thanks.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18698
Run by Jim at 14:47:20 on 2017-07-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.1960 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\softOSD\softOSD.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\softLCP.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] c:\users\jim\appdata\local\google\update\1.3.33.5\GoogleUpdateCore.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "c:\program files\common files\research in motion\tunnel manager\PeerManager.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://b2b.partcommunity.com/FileService/FileLoader/cnsViewer3D/pwebdownloader.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://homehardware.en.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
TCP: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A} : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A}\36F6164697D277966696 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A}\6494242554F405737353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1868FE3C-3C71-4767-86D2-B8EFD3224D01} : DHCPNameServer = 192.168.1.1 142.166.166.166
TCP: Interfaces\{5A055C85-11D2-49A3-9A85-08A92C8FCE41} : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{60DCE16F-4FD5-407A-8030-3C74D5F76F76} : DHCPNameServer = 192.168.2.1 142.166.166.166
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\59.0.3071.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2016-8-25 252808]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2015-10-12 16016]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2013-5-14 16176]
R1 MpKsl204e7644;MpKsl204e7644;c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\MpKsl204e7644.sys [2017-7-12 39168]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe [2013-5-14 81920]
R2 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2017-4-13 92160]
R2 FoxitReaderService;Foxit Reader Service;c:\program files\foxit software\foxit reader\FoxitConnectedPDFService.exe [2017-7-11 1659456]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2013-5-14 60928]
R2 ReflectService.exe;Macrium Reflect Utility Service;c:\program files\macrium\reflect\ReflectService.exe [2016-9-7 3024704]
R2 RIM MDNS;RIM MDNS;c:\program files\common files\research in motion\tunnel manager\mDNSResponder.exe [2015-5-26 396024]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\common files\research in motion\tunnel manager\tunmgr.exe [2015-5-26 1355000]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
R2 softOSD;softOSD;c:\program files\softosd\softOSD.exe [2010-2-24 288824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-7-31 413128]
R2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe [2013-10-11 29184]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2013-5-14 41648]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2014-10-31 588024]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\drivers\blackberryncm6.sys [2016-4-6 32776]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2015-6-17 52368]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2015-6-17 20240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2015-3-4 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-11-14 280864]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis6.sys [2015-5-26 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2015-11-12 143144]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-12-6 662232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-9-20 324224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe [2012-4-25 73728]
S3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2015-11-12 143144]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys [2015-9-11 22192]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2017-6-14 104960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-17 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2016-6-3 27192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-13 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-5-17 27136]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-5-14 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-14 1343400]
S4 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2017-6-26 42824]
S4 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\windows\system32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="c:\windows\system32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="c:\windows\system32\NOTEPAD.EXE" %1
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2017-07-12 17:02:02 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\offreg.916.dll
2017-07-12 17:00:39 39168 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\MpKsl204e7644.sys
2017-07-12 16:59:17 10685920 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\mpengine.dll
2017-07-11 17:27:46 10685920 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2017-07-11 13:00:57 -------- d-----w- C:\NPE
2017-07-11 12:55:09 -------- d-----w- c:\users\jim\appdata\local\NPE
2017-07-11 12:55:09 -------- d-----w- c:\programdata\Norton
2017-07-07 13:48:56 323808 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2017-07-05 13:37:46 -------- d-----w- c:\program files\common files\Macrovision Shared
2017-07-05 13:37:07 -------- d-----w- c:\programdata\Dassault Systemes
2017-06-26 10:27:10 42824 ----a-w- c:\windows\system32\DbxSvc.exe
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-06-21 11:02:35 -------- d-----w- c:\users\jim\appdata\local\FileZilla
2017-06-20 18:23:57 -------- d-----w- c:\users\jim\AutoSave
2017-06-14 16:03:51 -------- d-----w- c:\programdata\HitmanPro
2017-06-14 13:42:30 -------- d-----w- c:\programdata\Sophos
2017-06-14 11:14:42 987648 ----a-w- c:\windows\system32\aeinv.dll
2017-06-14 11:14:42 182784 ----a-w- c:\windows\system32\aepic.dll
2017-06-14 11:14:42 1602048 ----a-w- c:\windows\system32\aitstatic.exe
2017-06-14 11:14:42 1327616 ----a-w- c:\windows\system32\appraiser.dll
2017-06-14 11:14:41 81640 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-14 11:14:41 505856 ----a-w- c:\windows\system32\generaltel.dll
2017-06-14 11:14:41 446464 ----a-w- c:\windows\system32\devinv.dll
2017-06-14 11:14:41 275456 ----a-w- c:\windows\system32\invagent.dll
2017-06-14 11:14:41 236032 ----a-w- c:\windows\system32\centel.dll
2017-06-14 11:14:41 104960 ----a-w- c:\windows\system32\acmigration.dll
2017-06-13 14:51:06 -------- d-----w- C:\KVRT_Data
2017-06-13 00:10:24 -------- d-----w- c:\users\jim\appdata\roaming\Panda Security
2017-06-13 00:09:50 -------- d-----w- c:\program files\Panda Security
2017-06-13 00:07:51 -------- d-----w- c:\programdata\Panda Security
.
==================== Find3M ====================
.
2017-06-02 08:09:56 1549824 ----a-w- c:\windows\system32\tquery.dll
2017-06-02 08:09:50 666624 ----a-w- c:\windows\system32\mssvp.dll
2017-06-02 08:09:50 59392 ----a-w- c:\windows\system32\msscntrs.dll
2017-06-02 08:09:50 34816 ----a-w- c:\windows\system32\mssprxy.dll
2017-06-02 08:09:50 337408 ----a-w- c:\windows\system32\mssph.dll
2017-06-02 08:09:50 197120 ----a-w- c:\windows\system32\mssphtb.dll
2017-06-02 08:09:50 1400320 ----a-w- c:\windows\system32\mssrch.dll
2017-06-02 08:09:50 104448 ----a-w- c:\windows\system32\mssitlb.dll
2017-06-02 07:58:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-06-02 07:58:23 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-06-02 07:57:49 497152 ----a-w- c:\windows\HelpPane.exe
2017-06-02 07:57:42 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-06-02 07:57:31 9728 ----a-w- c:\windows\system32\msshooks.dll
2017-05-30 20:45:48 456360 ------w- c:\windows\system32\MpSigStub.exe
2017-05-21 04:10:13 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-05-21 04:10:13 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-05-21 03:46:34 50176 ----a-w- c:\windows\system32\auditpol.exe
2017-05-21 03:43:01 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-05-21 03:42:58 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-05-21 03:42:53 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-05-21 03:42:24 36352 ----a-w- c:\windows\system32\cryptbase.dll
2017-05-21 03:42:23 22016 ----a-w- c:\windows\system32\lsass.exe
2017-05-21 03:42:22 15872 ----a-w- c:\windows\system32\sspisrv.dll
2017-05-14 19:37:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2017-05-14 19:37:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2017-05-14 19:23:12 62464 ----a-w- c:\windows\system32\iesetup.dll
2017-05-14 19:22:36 499200 ----a-w- c:\windows\system32\vbscript.dll
2017-05-14 19:22:26 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2017-05-14 19:22:10 341504 ----a-w- c:\windows\system32\html.iec
2017-05-14 19:21:04 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2017-05-14 19:11:09 104960 ----a-w- c:\windows\system32\ieetwcollector.exe
2017-05-14 19:11:03 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2017-05-14 19:10:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2017-05-14 19:05:10 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2017-05-14 18:57:57 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2017-05-14 18:57:09 73216 ----a-w- c:\windows\system32\tdc.ocx
2017-05-14 18:44:07 4549120 ----a-w- c:\windows\system32\jscript9.dll
2017-05-14 18:39:09 2057216 ----a-w- c:\windows\system32\inetcpl.cpl
2017-05-14 18:38:51 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2017-05-14 18:15:06 2767872 ----a-w- c:\windows\system32\wininet.dll
2017-05-12 18:07:05 4001000 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-05-12 18:07:05 3945704 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-05-12 18:07:02 308456 ----a-w- c:\windows\system32\atmfd.dll
2017-05-12 18:04:46 1310528 ----a-w- c:\windows\system32\ntdll.dll
2017-05-12 18:03:19 629760 ----a-w- c:\windows\system32\usp10.dll
2017-05-12 18:03:18 43008 ----a-w- c:\windows\system32\srclient.dll
2017-05-12 18:03:18 400896 ----a-w- c:\windows\system32\srcore.dll
2017-05-12 18:03:16 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2017-05-12 18:03:08 26112 ----a-w- c:\windows\system32\lpk.dll
2017-05-12 18:03:07 306688 ----a-w- c:\windows\system32\gdi32.dll
2017-05-12 18:03:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2017-05-12 18:03:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2017-05-12 18:03:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2017-05-12 18:03:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2017-05-12 18:03:03 644096 ----a-w- c:\windows\system32\advapi32.dll
2017-05-12 18:03:03 50688 ----a-w- c:\windows\system32\appidapi.dll
2017-05-12 17:45:39 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2017-05-12 17:45:37 29696 ----a-w- c:\windows\system32\appidsvc.dll
2017-05-12 17:45:37 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2017-05-12 17:45:36 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2017-05-12 17:44:14 2401792 ----a-w- c:\windows\system32\win32k.sys
2017-05-12 17:43:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2017-05-12 17:43:23 262656 ----a-w- c:\windows\system32\rstrui.exe
2017-05-12 17:41:01 69632 ----a-w- c:\windows\system32\smss.exe
2017-05-12 16:25:40 909824 ----a-w- c:\windows\system32\FntCache.dll
2017-05-12 16:25:40 1251328 ----a-w- c:\windows\system32\DWrite.dll
2017-05-10 15:16:55 91368 ----a-w- c:\windows\system32\MigAutoPlay.exe
2017-05-10 15:12:50 2953216 ----a-w- c:\windows\system32\wucltux.dll
2017-05-10 15:12:50 174080 ----a-w- c:\windows\system32\wuwebv.dll
2017-05-10 15:12:38 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-05-10 15:10:22 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-05-10 15:00:46 35328 ----a-w- c:\windows\system32\wuapp.exe
2017-05-10 15:00:26 93696 ----a-w- c:\windows\system32\wudriver.dll
2017-05-10 15:00:23 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-05-10 14:47:49 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-05-09 15:11:32 497664 ----a-w- c:\windows\system32\win32spl.dll
2017-05-09 15:11:21 779776 ----a-w- c:\windows\system32\localspl.dll
2017-05-09 15:01:55 66048 ----a-w- c:\windows\system32\PrintBrmUi.exe
2017-05-09 15:01:14 29696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2017-05-07 15:14:32 78568 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2017-05-07 14:53:42 10752 ----a-w- c:\windows\system32\msmmsp.dll
2017-04-27 22:50:10 3550208 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-04-21 15:15:28 805376 ----a-w- c:\windows\system32\cdosys.dll
2017-04-17 14:54:48 7168 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 14:51:40 271360 ----a-w- c:\windows\system32\conhost.exe
2017-04-17 14:48:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-17 14:48:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-17 14:48:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-17 14:48:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-17 14:44:37 11184128 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 14:50:19.23 ===============

Attached Files

attach.txt (14.0 KB)

Hello,

I am running WIndows 7, SP1, 64 bit on a Dell laptop. I am using this at my work to share programs for my shop. I did not have malware or AV software on this machine, but i did have MSE on it. It has a 140 gig hard drive, and i noticed it was full. These shared files are all very small in size, and no way this drive should be filled. I noticed that over 100 gigs was in the c:\windows directory. And then i saw a SysWOW64 directory created also - i assume that is part of the problem. All assistance is greatly appreciated. Thanks.

Rudi

DDS below

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18739
Run by MOH at 10:47:35 on 2017-07-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3958.1703 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
StartupFolder: C:\Users\MOH\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICK'~1.LNK - C:\FTP SERVER\FTPServer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{45D9FB8C-4D04-42CB-BC83-FEC37DB4822D} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{EAD7B3A8-1DB8-407C-AAF3-55070211396D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAD7B3A8-1DB8-407C-AAF3-55070211396D}\2716D607275636963796F6E62726 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-4-1 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-6-29 77376]
R1 MpKsl3d2d5c0f;MpKsl3d2d5c0f;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FA8E2C7-C44D-410F-A9E2-FCF3DB449812}\MpKsl3d2d5c0f.sys [2017-7-12 44928]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MBAMChameleon.sys [2017-6-29 188352]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-6-29 4470736]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2015-4-1 509104]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-6-29 101784]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-6-29 45472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2017-6-29 253856]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-6-29 84256]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-7-12 116224]
S3 MDNCService;Multi-DNC Service;C:\Windows\SysWOW64\MDNCService.exe [2015-6-25 118784]
S3 NLSService;Spectrum License Manager;C:\Windows\SysWOW64\NLSService.exe --> C:\Windows\SysWOW64\NLSService.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-24 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2015-3-24 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-3-24 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-25 1255736]
.
=============== Created Last 30 ================
.
2017-07-13 08:13:07 -------- d-----w- C:\Windows\rescache
2017-07-12 21:49:59 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-07-12 15:18:11 44928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FA8E2C7-C44D-410F-A9E2-FCF3DB449812}\MpKsl3d2d5c0f.sys
2017-07-12 15:14:42 13120896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FA8E2C7-C44D-410F-A9E2-FCF3DB449812}\mpengine.dll
2017-07-12 01:23:48 217088 ----a-w- C:\Windows\System32\aepic.dll
2017-07-12 01:23:48 1691136 ----a-w- C:\Windows\System32\aitstatic.exe
2017-07-12 01:23:48 1555968 ----a-w- C:\Windows\System32\appraiser.dll
2017-07-12 01:23:48 1206272 ----a-w- C:\Windows\System32\aeinv.dll
2017-07-12 01:23:47 94952 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2017-07-12 01:23:47 620544 ----a-w- C:\Windows\System32\generaltel.dll
2017-07-12 01:23:47 535552 ----a-w- C:\Windows\System32\devinv.dll
2017-07-12 01:23:47 325632 ----a-w- C:\Windows\System32\invagent.dll
2017-07-12 01:23:47 311296 ----a-w- C:\Windows\System32\centel.dll
2017-07-12 01:23:47 127488 ----a-w- C:\Windows\System32\acmigration.dll
2017-07-11 12:58:07 13120896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-06-30 21:35:32 -------- d-----w- C:\Users\MOH\AppData\Local\CrashDumps
2017-06-29 17:34:34 188352 ----a-w- C:\Windows\System32\drivers\MBAMChameleon.sys
2017-06-29 17:34:25 84256 ----a-w- C:\Windows\System32\drivers\mwac.sys
2017-06-29 17:34:25 101784 ----a-w- C:\Windows\System32\drivers\farflt.sys
2017-06-29 17:34:20 45472 ----a-w- C:\Windows\System32\drivers\mbam.sys
2017-06-29 17:34:14 253856 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-06-29 17:34:01 77376 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-06-29 17:33:50 -------- d-----w- C:\ProgramData\Malwarebytes
2017-06-29 17:33:50 -------- d-----w- C:\Program Files\Malwarebytes
2017-06-15 02:31:13 4296704 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2017-06-15 02:31:13 3550208 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
.
==================== Find3M ====================
.
2017-07-06 04:56:32 119296 ----a-w- C:\Windows\System32\drivers\bthpan.sys
2017-06-30 02:57:24 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-06-30 02:57:21 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-06-30 02:57:17 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-06-30 02:57:17 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-06-30 02:57:17 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-06-30 02:57:17 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-06-30 02:57:17 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-06-30 02:57:17 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-06-30 02:57:17 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-06-30 02:40:25 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-06-30 02:40:18 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-06-30 02:39:38 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-06-30 02:39:01 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-06-30 02:38:58 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-06-30 02:38:54 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-06-30 02:38:54 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-06-30 02:38:54 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-06-30 02:38:54 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-06-30 02:38:54 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-06-30 02:38:54 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-06-30 02:38:54 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-06-30 02:27:15 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-06-30 02:27:04 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-06-30 02:26:41 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-06-30 02:26:20 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-06-29 06:19:09 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-06-29 06:18:58 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-06-29 06:04:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-06-29 06:03:28 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-06-29 06:03:20 417792 ----a-w- C:\Windows\System32\html.iec
2017-06-29 06:02:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-06-29 06:02:46 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-06-29 05:50:26 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-06-29 05:50:26 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-06-29 05:50:10 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-06-29 05:44:36 5975552 ----a-w- C:\Windows\System32\jscript9.dll
2017-06-29 05:43:07 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-06-29 05:35:46 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-06-29 05:31:50 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-06-29 05:31:23 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-06-29 05:23:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-06-29 05:23:38 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-06-29 05:23:03 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-06-29 05:22:54 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-06-29 05:22:01 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-06-29 05:13:38 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-06-29 05:13:19 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-06-29 05:08:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-06-29 05:07:16 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-06-29 05:01:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-06-29 05:00:32 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-06-29 04:53:46 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-06-29 04:52:52 4549632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-06-29 04:46:33 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-06-29 04:46:20 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-06-29 04:28:59 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-06-22 14:58:48 3223040 ----a-w- C:\Windows\System32\win32k.sys
2017-06-15 20:23:49 753664 ----a-w- C:\Windows\System32\drivers\http.sys
2017-06-12 22:54:32 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-06-12 22:54:32 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-06-12 22:54:31 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-06-12 22:29:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-06-12 22:29:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2017-06-12 22:29:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2017-06-12 22:29:03 444928 ----a-w- C:\Windows\SysWow64\wvc.dll
2017-06-12 22:29:02 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2017-06-12 22:29:02 1227264 ----a-w- C:\Windows\SysWow64\wdc.dll
2017-06-12 22:29:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2017-06-12 22:29:01 390144 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2017-06-12 22:28:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2017-06-12 22:28:58 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2017-06-12 22:28:58 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2017-06-12 22:28:57 47104 ----a-w- C:\Windows\SysWow64\pdhui.dll
2017-06-12 22:28:54 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2017-06-12 22:28:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-06-12 22:28:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2017-06-12 22:28:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2017-06-12 22:28:51 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2017-06-12 22:28:48 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2017-06-12 22:28:47 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2017-06-12 22:28:46 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2017-06-12 22:19:20 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-06-12 22:14:07 379392 ----a-w- C:\Windows\System32\msinfo32.exe
2017-06-12 22:14:06 172544 ----a-w- C:\Windows\System32\perfmon.exe
2017-06-12 22:14:04 103936 ----a-w- C:\Windows\System32\resmon.exe
2017-06-12 22:12:49 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-06-12 22:12:16 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-06-12 22:12:14 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-06-12 22:11:32 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-06-12 22:09:30 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-06-12 22:06:51 157184 ----a-w- C:\Windows\SysWow64\perfmon.exe
2017-06-12 22:06:50 303616 ----a-w- C:\Windows\SysWow64\msinfo32.exe
2017-06-12 22:06:50 103424 ----a-w- C:\Windows\SysWow64\resmon.exe
2017-06-12 22:05:17 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-06-10 15:59:44 313856 ----a-w- C:\Windows\System32\Wldap32.dll
2017-06-10 15:39:54 271360 ----a-w- C:\Windows\SysWow64\Wldap32.dll
2017-06-09 15:33:28 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-06-06 15:30:28 1867264 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2017-06-06 15:12:38 1499648 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
.
============= FINISH: 10:48:20.53 ===============

Attached Files

attach.txt (3.0 KB)

My friend received a call on her cell phone from a fake number listed as 1 (999) 999 9999. A few minutes later while she was on her laptop a dictionary app on her macbook opened on it's own and opened up a search for that same number.
She's very upset and worried she's gotten hacked and that someone is going through her computer. Has anyone heard of this before? If you have do you know how this happened or how to get rid of it?