Hello techsupportforum!
My girlfriend's PayPal has been getting hacked in the past couple days. The first time happened September 1st and there was an unauthorized money transfer done out of her account as well as her account password being changed. At the same time, she lost phone reception with Fido. She then changed her PayPal password on her PC immediately and filed a claim to PayPal regarding this, and called Fido the next morning to reactivate her phone service (apparently someone else activated my girlfriend's phone number on their sim card and because of that it stopped her service while the stranger had access to the phone number, hard to tell what happened there and how much this part weighs in all this).
Two days later, it happens again (just two hours ago). She has no service on her phone, and her PayPal e-mail had gotten changed again. I have now enabled two-step verification for her PayPal on my phone number, and she changed her password on PayPal again on this computer. The worry now is whether there's something on this computer that's giving out information, or if it totally has nothing to do with it. It's just uncanny and I don't understand how this person could be getting all this information from, so I thought I'd give this a try.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.0
Run by Karen at 1:41:51 on 2017-09-03
Microsoft Windows 10 Pro 10.0.15063.0.1252.1.1033.18.8096.5646 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s CscService
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k localservice -s EventSystem
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
svchost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
C:\WINDOWS\system32\DbxSvc.exe
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files\Bonjour\mDNSResponder.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\mqsvc.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\syswow64\svchost.exe -k hpdevmgmt -s hpqddsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
c:\windows\system32\svchost.exe -k hpservice -s HPSLPSVC
c:\windows\syswow64\svchost.exe -k hpdevmgmt -s hpqcxs08
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\taskhostw.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -s Browser
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\System32\igfxpers.exe
E:\iTunesHelper.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Users\USER\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
C:\Program Files\ShareX\ShareX.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s WdiSystemHost
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\system32\SearchFilterHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
uRun: [OneDrive] "C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [Spotify Web Helper] "C:\Users\USER\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\USER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ShareX.lnk - C:\Program Files\ShareX\ShareX.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2d9440bd-ef69-487d-8724-d2526df64fa3} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{c34af178-4d11-4447-bdad-9b7f1e24d034} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{c34af178-4d11-4447-bdad-9b7f1e24d034}\96D6028657E6762797 : DHCPNameServer = 10.227.98.41
TCP: Interfaces\{c83b642b-7028-4e63-b380-a7bb5bcb2610} : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "E:\iTunesHelper.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cju8b3mr.default-1488517683377\
FF - prefs.js: browser.startup.homepage - hxxps://www.reddit.com/|
https://www.facebook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll
FF - plugin: E:\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2016-6-7 9728]
R0 gpt_loader;GUID Partition table support driver;C:\WINDOWS\System32\drivers\gpt_loader.sys [2017-5-30 60752]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\WINDOWS\System32\drivers\mounthlp.sys [2017-5-30 44880]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2246256]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_37b7d;CDPUserSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-6-29 3705536]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-8-22 49992]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 HfsplusRec;HFS+ File System Recognizer;C:\WINDOWS\System32\drivers\hfsplusrec.sys [2017-5-30 15184]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-6-21 462968]
R2 OneSyncSvc_37b7d;OneSyncSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2017-9-3 1776864]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2017-9-3 2131760]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2017-9-3 233936]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-7-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_37b7d;WpnUserService_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2016-9-18 282112]
R3 LifeCamTrueColor;LifeCamTrueColor Service;C:\WINDOWS\System32\drivers\LifeCamTrueColor.sys [2016-7-27 37928]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-4-24 56384]
R3 PimIndexMaintenanceSvc_37b7d;PimIndexMaintenanceSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 RtlWlanu_OldIC;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [2017-3-18 3814400]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UnistoreSvc_37b7d;UnistoreSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_37b7d;UserDataSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-3 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-3 6058960]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-4-5 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-3-18 127904]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-3-18 161696]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-3-18 143776]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\System32\drivers\bcmwlhigh664.sys [2010-10-13 1244224]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-3-18 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-3 143144]
S3 DevicesFlowUserSvc_37b7d;DevicesFlowUserSvc_37b7d;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 GunBod;GunBod;C:\WINDOWS\System32\gunbod64.sys [2016-5-1 86352]
S3 Hfsplus;HFS+ File System Driver;C:\WINDOWS\System32\drivers\hfsplus.sys [2017-5-30 205136]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 ManyCam;ManyCam Virtual Webcam;C:\WINDOWS\System32\drivers\mcvidrv.sys [2016-8-24 49312]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\WINDOWS\System32\drivers\mcaudrv_x64.sys [2014-12-28 35960]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [2017-6-30 404376]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_37b7d;MessagingService_37b7d;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-3-18 230816]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-6-22 118784]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-4-24 28216]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-3-18 3913064]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-3-18 104448]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-8 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-4-30 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-11 757248]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
S3 X6va035;X6va035;C:\Windows\SysWOW64\drivers\X6va035 [2016-6-7 27352]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-6-22 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xhunter1;xhunter1;C:\Windows\xhunter1.sys [2017-6-6 38368]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S3 xspirit;xspirit;C:\Windows\xspirit.sys [2017-6-6 22912]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-7-11 846752]
S4 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-4-24 1164856]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-4-24 1881144]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-4-24 2522680]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-3-18 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-3-18 1200640]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-09-03 05:14:02 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6F82F32-CFCA-439D-8128-E219CC0E9B8A}\MpKslaf1e0a5c.sys
2017-09-03 05:06:33 192960 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-09-03 05:06:25 94144 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-09-03 05:06:22 45472 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-09-03 05:06:19 253888 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-09-03 05:06:14 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-09-03 05:06:08 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6F82F32-CFCA-439D-8128-E219CC0E9B8A}\mpengine.dll
2017-09-03 05:06:07 -------- d-----w- C:\ProgramData\Malwarebytes
2017-09-03 05:06:07 -------- d-----w- C:\Program Files\Malwarebytes
2017-09-03 05:02:42 -------- d-----w- C:\WINDOWS\Panther
2017-09-03 04:56:30 -------- d-----w- C:\FRST
2017-09-03 04:56:19 -------- d-----w- C:\AdwCleaner
2017-09-03 04:54:10 32240 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2017-09-03 04:54:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2017-09-03 04:54:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-03 02:40:55 13482976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-08-26 18:34:44 112592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleHandler.dll
2017-08-22 16:55:26 49992 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-08-22 16:55:26 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2017-08-22 16:55:26 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2017-08-22 16:55:26 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2017-08-11 19:49:35 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28634B13-6147-4880-9E20-0BDAF186702F}\gapaengine.dll
2017-08-09 00:28:59 97792 ----a-w- C:\WINDOWS\System32\drivers\bthhfenum.sys
.
==================== Find3M ====================
.
2017-08-18 00:34:58 544424 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-08-01 02:39:54 8319392 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-08-01 02:38:47 406544 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2017-08-01 02:38:08 382368 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2017-08-01 02:36:56 119712 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-08-01 02:36:49 323488 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2017-08-01 02:36:29 750496 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-08-01 02:35:13 280472 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2017-08-01 02:35:09 133904 ----a-w- C:\WINDOWS\SysWow64\WerFaultSecure.exe
2017-08-01 02:34:39 610584 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-08-01 02:34:36 359552 ----a-w- C:\WINDOWS\SysWow64\Faultrep.dll
2017-08-01 02:34:32 349600 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-08-01 02:34:32 168864 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2017-08-01 02:33:57 473240 ----a-w- C:\WINDOWS\System32\policymanager.dll
2017-08-01 02:32:37 2444704 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-08-01 02:32:23 712600 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-08-01 02:32:04 820128 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-08-01 02:31:56 5477088 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-08-01 02:31:49 212384 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2017-08-01 02:31:01 176024 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-08-01 02:30:52 315288 ----a-w- C:\WINDOWS\System32\WerFault.exe
2017-08-01 02:30:50 143736 ----a-w- C:\WINDOWS\System32\WerFaultSecure.exe
2017-08-01 02:30:25 723680 ----a-w- C:\WINDOWS\System32\wer.dll
2017-08-01 02:30:21 82336 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2017-08-01 02:30:18 410160 ----a-w- C:\WINDOWS\System32\Faultrep.dll
2017-08-01 02:30:16 182688 ----a-w- C:\WINDOWS\System32\wermgr.exe
2017-08-01 02:30:09 411040 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-08-01 02:26:58 204192 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-08-01 02:20:54 404480 ----a-w- C:\WINDOWS\SysWow64\werui.dll
2017-08-01 02:20:40 154624 ----a-w- C:\WINDOWS\SysWow64\DWWIN.EXE
2017-08-01 02:20:33 2956288 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-08-01 02:18:16 13841408 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-08-01 02:18:13 2199552 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-08-01 02:17:02 34816 ----a-w- C:\WINDOWS\SysWow64\tokenbinding.dll
2017-08-01 02:16:16 80896 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2017-08-01 02:14:09 35840 ----a-w- C:\WINDOWS\SysWow64\sscore.dll
2017-08-01 02:13:31 127488 ----a-w- C:\WINDOWS\SysWow64\fdeploy.dll
2017-08-01 02:13:30 20504064 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-08-01 02:13:12 364032 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2017-08-01 02:12:28 229888 ----a-w- C:\WINDOWS\SysWow64\scksp.dll
2017-08-01 02:10:19 358400 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-08-01 02:09:58 394240 ----a-w- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
2017-08-01 02:08:54 267264 ----a-w- C:\WINDOWS\SysWow64\ncryptprov.dll
2017-08-01 02:07:57 2671616 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-08-01 02:07:54 5961728 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-08-01 02:06:46 798208 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2017-08-01 02:04:40 6269440 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-08-01 02:04:32 3656192 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-08-01 01:57:22 23677952 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-08-01 01:45:44 3670016 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-08-01 01:45:28 462848 ----a-w- C:\WINDOWS\System32\werui.dll
2017-08-01 01:45:03 92672 ----a-w- C:\WINDOWS\System32\wercplsupport.dll
2017-08-01 01:45:02 1275392 ----a-w- C:\WINDOWS\System32\werconcpl.dll
2017-08-01 01:44:53 184320 ----a-w- C:\WINDOWS\System32\DWWIN.EXE
2017-08-01 01:44:49 77824 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2017-08-01 01:44:32 83968 ----a-w- C:\WINDOWS\System32\drivers\vmbkmclr.sys
2017-08-01 01:42:55 2199552 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll
2017-08-01 01:41:48 42496 ----a-w- C:\WINDOWS\System32\tokenbinding.dll
2017-08-01 01:41:47 130560 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2017-08-01 01:41:04 110592 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2017-08-01 01:40:59 17366528 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2017-08-01 01:40:35 290816 ----a-w- C:\WINDOWS\System32\dmenterprisediagnostics.dll
2017-08-01 01:39:04 46592 ----a-w- C:\WINDOWS\System32\sscore.dll
2017-08-01 01:38:49 143872 ----a-w- C:\WINDOWS\System32\profsvcext.dll
2017-08-01 01:38:21 153088 ----a-w- C:\WINDOWS\System32\fdeploy.dll
2017-08-01 01:37:53 433664 ----a-w- C:\WINDOWS\System32\msIso.dll
2017-08-01 01:37:29 582656 ----a-w- C:\WINDOWS\System32\SmsRouterSvc.dll
2017-08-01 01:37:09 255488 ----a-w- C:\WINDOWS\System32\scksp.dll
2017-08-01 01:35:14 692736 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2017-08-01 01:34:37 805888 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-08-01 01:33:49 1269760 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2017-08-01 01:33:28 315904 ----a-w- C:\WINDOWS\System32\ncryptprov.dll
2017-08-01 01:32:47 7336960 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-08-01 01:32:37 176640 ----a-w- C:\WINDOWS\System32\wersvc.dll
2017-08-01 01:31:25 4445696 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2017-08-01 01:31:03 1396736 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2017-08-01 01:30:43 8209920 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-08-01 01:30:42 303104 ----a-w- C:\WINDOWS\System32\srvsvc.dll
2017-08-01 01:30:27 1052160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2017-08-01 01:30:18 2055168 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-08-01 01:30:09 3377664 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-08-01 01:28:51 2516480 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2017-08-01 01:28:43 4730368 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-08-01 01:27:25 574464 ----a-w- C:\WINDOWS\System32\configmanager2.dll
2017-08-01 01:27:05 482816 ----a-w- C:\WINDOWS\System32\dmenrollengine.dll
2017-08-01 01:26:03 323584 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2017-08-01 01:25:46 249344 ----a-w- C:\WINDOWS\System32\coredpus.dll
2017-08-01 01:25:41 194048 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2017-08-01 01:25:41 140800 ----a-w- C:\WINDOWS\System32\dmcsps.dll
2017-07-31 15:15:09 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-07-31 15:15:09 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-07-28 05:30:35 1068720 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2017-07-28 05:25:32 2399728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-07-28 05:24:52 119904 ----a-w- C:\WINDOWS\System32\dmcmnutils.dll
2017-07-28 05:24:42 116280 ----a-w- C:\WINDOWS\System32\bcd.dll
2017-07-28 05:24:38 2327456 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-07-28 05:23:51 723360 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2017-07-28 05:23:45 2969888 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-07-28 05:22:50 923048 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-07-28 05:20:38 279968 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
.
============= FINISH: 1:42:10.21 ===============
edit: I'm not sure how to disable emoticons from my post, they are being auto-embedded lol.