My computer lately has decided that it does not want to enter sleep mode anymore. A lot of the time when I am done I will just close down the more resource intensive programs and hit sleep mode, then walk off. But lately when I come back, after the screen has already gone black, it'll end up back at the login screen.

I've poked around a little bit to try and find a cause and haven't been able to come up with much. Around the same time this started, I began playing World of Warcraft again, but I'm uncertain the correlation that could have.

Additionally I've used the cmd.exe powercfg -requests command, which comes up as such.

Display: None.

System:
[Driver] \filesystem\srvnet
An active remote client has recently sent requests to this machine.
[Process] \Device\HarddickVolume4\Windows\SysWOW65\svchost.exe

Awaymode:
[Process] \Device\HarddickVolume4\Windows\SysWOW65\svchost.exe

That whole 'active remote client' thing seems a little suspicious, but that might have something to do with the MMO.

My computer has also been occasionally a little sluggish lately, but that might just be due to natural wear and tear.

Any assistance and/or knowledge would be greatly appreciated!

I am sorry I but this problem is keeping me from opening dds and running it. So I could not access the software. Kept getting a blank page and when I tried to open the download I only got this message "dds is running in silent mode". Then I could not go any further. I apologize. I was using the link posted in the rules before posting.

When I get online I and I walk away and the computer goes into sleep mode, when I reopen everything, the mouse closes any file that the cursor touches. Also I get multiple site downloads very fast. I cannot input my personal access code at the beginning. i have to press the keys many times to get one entry. My top right corner will reveal the settings icon but it takes many times to get it to activate. Ultimately I have to reboot everything just so I can get it to work again.

Please help

https://imgur.com/wPuofJy

Everyday I get this virus in chrome web data file found using malware bytes, it removes it next scan it is there again same file, every time it removes it the next scan it finds the same files again.

Please as I get fed up of rebooting my machine everyday!!

Hi all, a few months ago I acquired nasty citypage.today on my pc, however it only affects chrome. I used adwcleaner, malwarebytes and even Norton to try to remove it, and it still persists. I uninstalled every bad thing possible, also checked chromes' extensions, registry, task sched and uninstalled/reinstalled/reset chrome several times to no avail. I am at a loss as to what else to do since everything else ive already been through. I included frst.txt and addition.txt to try to get some assistance in removing this. Thank you to anyone who can help.

Attached Files

	FRST.txt (66.1 KB)
	Addition.txt (64.6 KB)

Hello all, I'm trying to download Kali Linux but I'm having trouble accessing these two websites that contains the download link. The two websites are www.offensive-security.com and www.kali.org

I find it really unusual that I can't access the two websites that contain the download link to Kali Linux. Whenever I try to go on these two sites, it says "This site can't be reached" and "took too long to respond" and ERR_CONNECTION_TIMED_OUT. I'm using Chrome but I've tried to open these sites on different browsers such as Firefox and Internet Explorer and it still has the same error message. I know the problem lies within my laptop because I went on my phone and used my cellular data to try and connect to those two websites and I was able to open it up fine. I thought it might be my ISP blocking those sites, so I went to starbucks and used their Wifi and I still couldn't open up the two sites on my laptop. For sure there is something wrong with my laptop which is causing this problem. Maybe a virus? A hacker? I installed Malware Bytes and ran the scan and found 22 threats which were quarantined and removed but I still can't fix this problem. I'm using windows 7. I tried using nord vpn's web proxy to access the two sites I mentioned and I was finally able to access it through the proxy and I was able to download Kali Linux through the proxy but then when I tried opening the file after downloading it through the proxy, it says the file is corrupted. I'm guessing it's because I'm downloading the file through a proxy instead of my own browser? Not really sure. So now I'm lost and I don't know what to do to fix this problem. I want to be able to visit the two sites in order to download it without having to use a proxy. Any ideas?

Also you might be wondering why i'm trying to download Kali Linux, well yes I'm currently taking an online course on learning how to hack but not for malicious reasons. I 'm trying to learn how to hack so that I can discover my computer and network's own vulnerabilities so that I can protect myself against other hackers. I posted this thread on a different tech forum and the moderator accused me of wanting to download Kali linux for malicious purposes and he closed the thread which made me frustrated because he just automatically assumed i'm trying to download kali linux to hack into other people's system without asking me WHY i want to download it in the first place. And I think that maybe my computer is compromised since I can't access the two websites that I mentioned. Could it be that someone hacked into my computer and installed a backdoor and was able to change something in my laptop so that I can't access the two websites I mentioned to download Kali Linux? Someone that doesn't want me to have access to Kali Linux? Also, a few months ago I entered my debit card information in the same laptop I'm using now and somebody tried to transfer $5000 from my bank account into multiple accounts. They were able to get into my bank account. This is also another reason why I want to learn how to hack in order to protect myself. They still haven't caught the guy responsible for taking my money.

Please help because I don't know whether or not my computer is really compromised and I really want to fix this problem and be able to access those two websites. I've tried using a different laptop while in the same network and was able to access those two sites. I was able to download Kali Linux on another laptop and get it installed on my laptop by emailing the download link to myself but what I want to know is if my laptop is really comprised, how to fix the problem of accessing those two websites, and whether or not I should reformat my laptop or get a new one (mine is pretty old, 2010). Any help is greatly appreciated.

Hello TSF.

My laptop is running extremely slowly. Starting up from ShutDown or from Sleep takes awhile longer than usual, and opening any programs/applications is very, very slow. After I've been using the computer for awhile it runs better, but is still very sluggish.

I have done chkdsk, degrag, cleaned out programs (CCleaner) -- nothing has helped. The problems started shortly after I downloaded Inkster, a graphic manipulation software. I have removed that software but it had no effect. I added extra RAM to this computer a few months ago, so that's not the problem.

Below is the DDS report along with the attachment.

Thank you very much for your help with this situation.


Stephan Borau



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838
Run by Andre at 9:24:39 on 2017-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7781.3918 [GMT -5:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\LPlatSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Bar = Bing
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
TB: <No Name>: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - LocalServer32 - <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe -update pepperplugin
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRunOnce: [SBrowserCheck] "C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-31.10.2-20000/training/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\24F6271657 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\4427F6F6A797E65647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\C496E64616F526723702E4564777F627B6 : DHCPNameServer = 10.0.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ResetACGauge] C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe /RESETACGAUGEREG
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login?.src=rog&.intl=ca&.lang=en-CA&.done=https%3A%2F%2Fca.rogers.yahoo.com&.partner=rogers-acs
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Users\Andre\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\Windows\System32\drivers\aswbidsha.sys [2017-3-17 198968]
R0 aswblog;aswblog;C:\Windows\System32\drivers\aswbloga.sys [2017-3-17 343288]
R0 aswbuniv;aswbuniv;C:\Windows\System32\drivers\aswbuniva.sys [2017-3-17 57728]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-8 84416]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2014-4-8 364464]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-6 19224]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 aswArPot;aswArPot;C:\Windows\System32\drivers\aswArPot.sys [2017-11-21 183584]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-17 321032]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-4-8 41832]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\aswNetSec.sys [2016-2-13 570152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-8 1026232]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-8 455376]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2257016]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-8 148288]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-8 203976]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-11-21 281416]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-11-21 332368]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-7-23 7760552]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-8-10 201376]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-6-1 169776]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-11-24 1659456]
R2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2013-8-7 2139944]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-8-19 100864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-1 129848]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-1 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-8 58712]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-7-6 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-8 73048]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-27 133992]
R2 LPlatSvc;Lenovo Platform Service;C:\Windows\System32\LPlatSvc.exe [2017-2-20 711248]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-7-6 124400]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-7-6 126512]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-11-21 7549928]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-7-12 38152]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-7-6 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-6 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-6 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-6 789272]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-1 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-6 849992]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-1 879760]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-7-6 33008]
R3 SuperIO;Lenovo ASD HWM Driver;C:\Windows\System32\drivers\spio.sys [2009-6-5 11848]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-7-22 401704]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-8-30 103552]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-8-30 124024]
S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\System32\drivers\hcw10cir.sys [2012-8-10 46080]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 aswHdsKe;aswHdsKe;C:\Windows\System32\drivers\aswHdsKe.sys [2017-3-29 85552]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 47008]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-6-1 70416]
S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\System32\drivers\hcw10bda.sys [2012-8-10 632704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-11-15 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-7-6 533760]
S3 LSC.Services.SystemService;Lenovo Solution Center System Service;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2016-6-2 273232]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-12-27 1669920]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-12-27 1664800]
S3 semav6msr64;semav6msr64;C:\Windows\System32\drivers\semav6msr64.sys [2016-8-16 21984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-12-23 15:25:36 334488 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2017-12-19 01:56:20 -------- d-----w- C:\Users\Andre\AppData\Local\ElevatedDiagnostics
2017-12-19 00:07:03 21160 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll
2017-12-18 11:57:42 -------- d-----w- C:\Program Files (x86)\Auslogics
2017-12-18 11:57:35 -------- d-----w- C:\ProgramData\Auslogics
2017-12-08 03:44:16 460456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-12-08 03:44:06 29864 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-12-08 03:40:22 208040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-12-06 15:32:13 -------- d-----w- C:\Program Files\Common Files\Avast Software
2017-12-04 04:44:08 87728 ----a-w- C:\Windows\System32\vcruntime140.dll
2017-12-04 04:44:08 641696 ----a-w- C:\Windows\System32\msvcp140.dll
2017-12-04 04:44:08 389296 ----a-w- C:\Windows\System32\vccorlib140.dll
2017-12-04 04:44:08 331432 ----a-w- C:\Windows\System32\concrt140.dll
2017-12-04 04:38:22 263856 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2017-12-04 04:38:20 83792 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2017-12-04 04:38:20 440128 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2017-12-04 04:38:20 242496 ----a-w- C:\Windows\SysWow64\concrt140.dll
.
==================== Find3M ====================
.
2017-11-22 21:10:02 127017032 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-11-22 00:46:32 84416 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-11-22 00:46:32 47008 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-11-22 00:46:32 364464 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-11-22 00:46:32 203976 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2017-11-22 00:46:32 183584 ----a-w- C:\Windows\System32\drivers\aswArPot.sys
2017-11-22 00:46:32 148288 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-11-22 00:46:31 110376 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-11-22 00:46:03 1026232 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-11-22 00:45:58 570152 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2017-11-22 00:45:56 57728 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-11-22 00:45:56 343288 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-11-22 00:45:56 321032 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-11-22 00:45:56 198968 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-10-18 02:06:57 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 02:06:46 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 02:06:40 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 02:06:40 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 02:06:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 02:06:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 02:06:35 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 22:34:01 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-14 08:23:45 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-10-14 08:23:37 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-10-14 08:12:05 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-10-14 08:11:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-10-14 08:11:27 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-10-14 08:11:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-10-14 08:11:00 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-10-14 08:09:27 5979648 ----a-w- C:\Windows\System32\jscript9.dll
2017-10-14 08:01:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-10-14 08:01:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-10-14 08:00:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-10-14 07:55:55 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-14 07:47:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-14 07:47:00 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-10-14 07:28:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-10-14 07:27:51 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-10-14 07:21:58 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-10-14 07:03:12 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-10-14 06:53:24 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-10-14 06:53:05 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-10-14 06:52:38 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-10-14 06:52:31 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-10-14 06:51:50 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-10-14 06:45:19 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-10-14 06:45:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-10-14 06:35:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-10-14 06:35:07 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-10-14 06:33:00 4542464 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-10-14 06:23:38 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-10-14 06:23:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-10-14 06:10:41 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 9:25:13.58 ===============

Attached Files

attach.txt (8.0 KB)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.98 BrowserJavaVersion: 10.67.2
Run by Kenneth Rivalsi at 15:35:40 on 2017-12-26
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7990.5247 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k iissvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\NIS.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\svchost.exe -k SPOCJS
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\mqsvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\atieclxx.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\NIS.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uSearch Bar = Preserve
uProxyOverride = <-loopback>;*.local
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - <orphaned>
uRun: [googletalk] C:\Users\Kenneth Rivalsi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [OneDrive] "C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ac0539c6-36f0-4d6c-af81-7cbe30db7c17} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{d49ed8a4-1478-4426-9e3d-52970edcd979} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{efa0cdec-f76a-4709-b1d4-4b5f82b2f6f1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2016-7-1 82664]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2011-3-3 56336]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\160B020.007\symefasi64.sys [2017-11-20 1938584]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2017-12-24 59800]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20171220.001\BHDrvx64.sys [2017-12-21 1872024]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\160B020.007\ccsetx64.sys [2017-11-20 187544]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20171225.003\IDSvia64.sys [2017-12-25 1056920]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\ironx64.sys [2017-11-20 309984]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\symnets.sys [2017-11-20 566936]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2016-10-6 89600]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-8-2 2257016]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-12-16 255472]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_62279;Connected Devices Platform User Service_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-9-29 384000]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-18 3058416]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-12-4 51016]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IntelHaxm;Intel HAXM Service;C:\WINDOWS\System32\drivers\IntelHaxm.sys [2017-4-13 92280]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\22.11.2.7\nis.exe [2017-11-20 326144]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 OneSyncSvc_62279;Sync Host_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-12-24 519152]
R2 SPOCJS;Jack Sensing Service for USB Audio;C:\WINDOWS\System32\svchost.exe -k SPOCJS [2017-9-29 48688]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-3-30 253960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-12-24 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_62279;Windows Push Notifications User Service_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 clwvd;HP Webcam Splitter;C:\WINDOWS\System32\drivers\clwvd.sys [2010-6-25 32880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-11-15 158360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys [2017-11-30 110400]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-9-29 604160]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-3-30 52904]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 usbaud;HP USB Media Port Rep Audio;C:\WINDOWS\System32\drivers\usbaud64.sys [2011-11-16 232064]
R3 wdkmd;Intel WiDi KMD;C:\WINDOWS\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\160B020.007\symelam.sys [2017-11-20 24608]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2011-5-13 30520]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S3 DevicesFlowUserSvc_62279;DevicesFlow_62279;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [2017-9-5 404376]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_62279;MessagingService_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-12-24 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_62279;Contact Data_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_62279;PrintWorkflow_62279;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-12-24 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-9-29 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-24 45464]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-24 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-24 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_62279;User Data Storage_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-24 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_62279;User Data Access_62279;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-24 770048]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-9-29 225280]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-12-26 17:14:57 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{CC9F8681-686D-44B8-8532-AFA297F134D6}
2017-12-26 04:11:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{2C794624-DC40-429D-A1B7-67EF429E3E91}
2017-12-25 14:48:27 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C0945908-0199-4FE3-9546-A9B50A6958FD}
2017-12-25 01:11:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\PlaceholderTileLogoFolder
2017-12-25 01:08:02 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\SlimWare Utilities Inc
2017-12-24 19:27:59 -------- d-----w- C:\Windows.old
2017-12-24 19:14:50 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2017-12-24 19:14:45 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2017-12-24 19:12:22 -------- d-----w- C:\WINDOWS\System32\Microsoft
2017-12-24 19:12:22 -------- d-----w- C:\WINDOWS\ServiceProfiles
2017-12-24 19:04:49 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2017-12-24 17:50:54 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-12-24 17:49:16 -------- d--h--w- C:\Users\Kenneth Rivalsi\MicrosoftEdgeBackups
2017-12-24 17:47:08 -------- d-----r- C:\Users\Kenneth Rivalsi\3D Objects
2017-12-24 17:45:50 -------- d-sh--we C:\ProgramData\Documents
2017-12-24 17:18:36 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2017-12-24 17:14:35 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2017-12-24 17:14:34 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2017-12-24 16:47:01 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\Packages
2017-12-24 16:40:47 -------- d-----w- C:\Program Files\ATI Technologies
2017-12-24 16:38:19 2241024 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-12-24 16:35:57 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2017-12-24 16:34:12 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2017-12-24 14:29:58 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{E689F7F7-AACC-4327-A397-E1184C06183C}
2017-12-23 13:42:25 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{88D49AB2-D0F4-4901-A0A7-72A75D5F7E1F}
2017-12-22 19:21:11 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{5AFBBC2F-3D78-4818-8234-A82A1F10D551}
2017-12-22 01:52:25 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{86DC407A-D8E2-4D1D-AF32-AE3094BC11DE}
2017-12-21 13:52:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{81378C89-11F0-4676-B41D-09DB67CC16F4}
2017-12-21 01:37:57 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BD17D121-5B84-4D90-BFD2-6D3A09C90CC4}
2017-12-20 13:37:40 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3431A083-F63E-417E-8607-30B05FE29976}
2017-12-19 23:08:37 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{60EBB520-E872-40BC-81DB-EDC44AC1502B}
2017-12-19 01:55:43 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D01BA935-0F29-45A9-8877-6D511CD94142}
2017-12-18 13:43:07 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{0FD412D0-B542-420C-B763-02EEC37BD50B}
2017-12-18 12:45:03 -------- dc----w- C:\WINDOWS\Panther
2017-12-17 16:26:27 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{E8CC70B3-BD1D-472E-ADA3-36EFC37D9944}
2017-12-17 04:26:10 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{8AF25D4B-F490-49FC-98B7-1F91A483E33F}
2017-12-16 16:26:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3426DB92-9C21-48AF-B29B-F8A60C899D08}
2017-12-16 04:25:51 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3676AAC7-F24C-483B-8D1C-8A7BA971F7E9}
2017-12-15 15:09:44 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{4853203B-9D05-47F5-B7C6-DB3A0905BC0B}
2017-12-14 23:58:52 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{91B17DBD-85B4-4723-B7E2-14B2835B09EC}
2017-12-13 23:22:28 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A9EB6499-7618-4475-8D80-FD50EAE24A0E}
2017-12-12 22:49:55 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A3767D31-37F0-4295-98CC-54F32B162941}
2017-12-12 02:26:24 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{24B75D19-F804-4AD2-BC6F-5984504BDD62}
2017-12-11 12:16:22 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{30A4F814-0F5F-4C52-9D7B-68A13B3F325C}
2017-12-10 19:56:12 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{B404B4CA-8167-4998-A7E9-E5EBC2248388}
2017-12-09 16:30:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{2BC7EA8E-C8A5-47D7-AE37-B9035AA1AA39}
2017-12-09 04:30:33 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{8FE7125B-9EDB-4CE7-8AA4-D072688F16B3}
2017-12-08 14:44:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{25A4ACF5-F383-43DC-A65A-3080D98ADDC5}
2017-12-07 22:57:32 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{7440F999-62D0-419E-BFD0-64A5278B8908}
2017-12-06 22:46:14 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3421A9A9-19FF-4CA2-8777-FFE702F583D0}
2017-12-05 01:06:22 51016 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-12-05 01:06:22 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2017-12-05 01:06:22 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2017-12-05 01:06:22 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2017-12-04 23:15:47 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{394F0E84-0F0C-4100-87C4-545D86195356}
2017-12-04 02:31:26 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{607F10FB-8728-4D21-A0A6-419A327293AB}
2017-12-03 14:00:52 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D8CCE3E3-6D36-4578-9EB4-958FD2AE0251}
2017-12-03 01:20:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{9F94835D-A93E-4C80-A50B-4EFBD29DE871}
2017-12-02 12:20:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D0AE91A1-AB3B-49FD-B0D3-2F8B9AB1B0D5}
2017-12-02 02:43:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\EO.WebEngine
2017-12-01 23:32:53 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{4319C247-63DC-40EE-BC1D-0F83C94DA06C}
2017-11-30 23:22:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D9601D1A-3E2D-4541-80BE-4F6ED04ED3E2}
2017-11-30 13:02:40 110400 ----a-w- C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys
2017-11-30 00:50:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{48D9BB68-B89C-4D95-AD0B-7FDA416249F3}
2017-11-28 23:25:28 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{0D6B0CA2-3836-48FC-8F99-9B8C6243403E}
2017-11-27 22:34:45 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{DC3F53E4-B4B0-43D8-905E-2EC98BFD9344}
.
==================== Find3M ====================
.
2017-12-26 16:55:46 144368 ------w- C:\WINDOWS\System32\drivers\rikvm_C6F09094.sys
2017-12-24 19:04:09 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-24 19:04:09 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2017-12-24 19:04:08 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2017-12-24 19:04:08 35456 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2017-12-24 19:04:08 35456 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2017-12-24 19:04:07 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-12-13 03:18:54 133326408 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-12-03 22:38:40 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-12-03 22:38:40 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-11-20 22:51:29 102600 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
2017-11-10 23:31:25 566936 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symnets.sys
2017-11-10 23:31:25 468616 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symtdiv.sys
2017-11-10 23:31:06 24608 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symelam.sys
2017-11-10 23:31:06 1938584 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\symefasi64.sys
2017-11-10 23:29:34 309984 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\ironx64.sys
2017-11-10 23:28:36 187544 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\ccsetx64.sys
2017-11-10 23:28:12 812696 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\srtsp64.sys
2017-11-10 23:28:12 49304 ----a-w- C:\WINDOWS\System32\drivers\NISx64\160B020.007\srtspx64.sys
2017-09-29 14:43:11 979384 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2017-09-29 14:42:18 6347776 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2017-09-29 14:42:18 5739008 ----a-w- C:\WINDOWS\System32\prm0009.dll
2017-09-29 14:42:18 5484032 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2017-09-29 14:42:18 2629120 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2017-09-29 14:42:18 2629120 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2017-09-29 14:42:09 1347608 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
2017-09-29 14:41:17 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2017-09-29 14:41:15 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2017-09-29 14:41:12 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2017-09-29 13:44:26 208384 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-09-29 13:44:25 229376 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-09-29 13:42:27 98304 ----a-w- C:\WINDOWS\SysWow64\wlgpclnt.dll
2017-09-29 13:41:58 97792 ----a-w- C:\WINDOWS\System32\wshext.dll
2017-09-29 13:40:59 96768 ----a-w- C:\WINDOWS\System32\drivers\drmk.sys
2017-09-29 08:45:15 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-09-29 08:45:14 141312 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-09-29 08:45:12 847768 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2017-09-29 08:45:12 774552 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-09-29 08:45:12 244632 ----a-w- C:\WINDOWS\System32\wdscore.dll
2017-09-29 08:45:12 206848 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2017-09-29 08:45:12 143256 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-09-29 08:45:12 134552 ----a-w- C:\WINDOWS\System32\SSShim.dll
2017-09-29 08:45:12 109568 ----a-w- C:\WINDOWS\System32\NetDriverInstall.dll
2017-09-28 21:38:00 2035096 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2017-09-28 21:23:00 285176 ----a-w- C:\WINDOWS\System32\wmpeffects.dll
2017-09-28 21:21:00 387408 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-09-28 20:49:00 250208 ----a-w- C:\WINDOWS\SysWow64\wmpeffects.dll
2017-09-28 20:49:00 153088 ----a-w- C:\WINDOWS\SysWow64\wmpps.dll
2017-09-28 19:05:00 7168 ----a-w- C:\WINDOWS\System32\msdxm.ocx
2017-09-28 19:05:00 7168 ----a-w- C:\WINDOWS\System32\dxmasf.dll
2017-09-28 19:05:00 2560 ----a-w- C:\WINDOWS\System32\wmerror.dll
2017-09-28 19:05:00 2560 ----a-w- C:\WINDOWS\System32\SyncRes.dll
2017-09-28 19:05:00 16384 ----a-w- C:\WINDOWS\System32\APHostRes.dll
2017-09-28 19:05:00 11264 ----a-w- C:\WINDOWS\System32\spwmp.dll
2017-09-28 19:04:00 90624 ----a-w- C:\WINDOWS\System32\InternetMailCsp.dll
2017-09-28 19:04:00 62464 ----a-w- C:\WINDOWS\System32\SyncProxy.dll
2017-09-28 19:04:00 58880 ----a-w- C:\WINDOWS\System32\InprocLogger.dll
2017-09-28 19:04:00 216576 ----a-w- C:\WINDOWS\System32\wmpdxm.dll
2017-09-28 19:04:00 175616 ----a-w- C:\WINDOWS\System32\MCCSEngineShared.dll
2017-09-28 19:04:00 13824 ----a-w- C:\WINDOWS\System32\EasPolicyManagerBrokerPS.dll
2017-09-28 19:03:00 96256 ----a-w- C:\WINDOWS\System32\ActiveSyncCsp.dll
2017-09-28 19:03:00 8962560 ----a-w- C:\WINDOWS\System32\wmploc.DLL
2017-09-28 19:03:00 70656 ----a-w- C:\WINDOWS\System32\APHostClient.dll
2017-09-28 19:03:00 20480 ----a-w- C:\WINDOWS\System32\MCCSPal.dll
2017-09-28 19:03:00 137216 ----a-w- C:\WINDOWS\System32\networkhelper.dll
2017-09-28 19:03:00 127488 ----a-w- C:\WINDOWS\System32\wmpshell.dll
2017-09-28 19:02:00 742912 ----a-w- C:\WINDOWS\System32\internetmail.dll
2017-09-28 19:02:00 559104 ----a-w- C:\WINDOWS\System32\quickassist.exe
2017-09-28 19:02:00 268800 ----a-w- C:\WINDOWS\System32\accountaccessor.dll
2017-09-28 19:02:00 257024 ----a-w- C:\WINDOWS\System32\unregmp2.exe
2017-09-28 19:01:00 404480 ----a-w- C:\WINDOWS\System32\DavSyncProvider.dll
2017-09-28 19:01:00 369664 ----a-w- C:\WINDOWS\System32\APHostService.dll
2017-09-28 19:00:00 64000 ----a-w- C:\WINDOWS\System32\EASPolicyManagerBrokerHost.exe
2017-09-28 19:00:00 434176 ----a-w- C:\WINDOWS\System32\AccountsRt.dll
2017-09-28 18:59:00 624128 ----a-w- C:\WINDOWS\System32\SyncController.dll
2017-09-28 18:59:00 393216 ----a-w- C:\WINDOWS\System32\syncutil.dll
2017-09-28 18:56:00 1777664 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2017-09-28 18:45:00 5632 ----a-w- C:\WINDOWS\SysWow64\msdxm.ocx
2017-09-28 18:45:00 5632 ----a-w- C:\WINDOWS\SysWow64\dxmasf.dll
2017-09-28 18:44:00 9216 ----a-w- C:\WINDOWS\SysWow64\spwmp.dll
2017-09-28 18:44:00 2560 ----a-w- C:\WINDOWS\SysWow64\wmerror.dll
2017-09-28 18:44:00 2560 ----a-w- C:\WINDOWS\SysWow64\SyncRes.dll
2017-09-28 18:43:00 8962560 ----a-w- C:\WINDOWS\SysWow64\wmploc.DLL
2017-09-28 18:43:00 48640 ----a-w- C:\WINDOWS\SysWow64\SyncProxy.dll
2017-09-28 18:43:00 174080 ----a-w- C:\WINDOWS\SysWow64\wmpdxm.dll
2017-09-28 18:42:00 48640 ----a-w- C:\WINDOWS\SysWow64\APHostClient.dll
2017-09-28 18:42:00 459264 ----a-w- C:\WINDOWS\SysWow64\quickassist.exe
2017-09-28 18:42:00 147968 ----a-w- C:\WINDOWS\SysWow64\MCCSEngineShared.dll
2017-09-28 18:42:00 117248 ----a-w- C:\WINDOWS\SysWow64\networkhelper.dll
2017-09-28 18:42:00 102912 ----a-w- C:\WINDOWS\SysWow64\wmpshell.dll
2017-09-28 18:41:00 348160 ----a-w- C:\WINDOWS\SysWow64\DavSyncProvider.dll
2017-09-28 18:41:00 217088 ----a-w- C:\WINDOWS\SysWow64\unregmp2.exe
2017-09-28 18:40:00 524800 ----a-w- C:\WINDOWS\SysWow64\SyncController.dll
2017-09-28 18:40:00 215552 ----a-w- C:\WINDOWS\SysWow64\accountaccessor.dll
2017-09-28 18:39:00 363520 ----a-w- C:\WINDOWS\SysWow64\AccountsRt.dll
2017-09-28 18:39:00 330240 ----a-w- C:\WINDOWS\SysWow64\syncutil.dll
2017-09-28 18:35:00 1546752 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2017-09-28 17:20:00 44032 ----a-w- C:\WINDOWS\System32\msdxm.tlb
2017-09-28 17:20:00 18944 ----a-w- C:\WINDOWS\System32\amcompat.tlb
2017-09-28 17:03:00 44032 ----a-w- C:\WINDOWS\SysWow64\msdxm.tlb
.
============= FINISH: 15:38:00.33 ===============

Attached Files

attach.txt (18.6 KB)

Tried to install a software downloaded off the internet. after that, it disabled my mcafee antivirus and pops up are all over. Installed malwarebytes during safe mode. It helps decrease the threat. Back in normal mode, it still incapacitated mcafee causing it not to respond as well as java, and other programs including programs which I presumed it installed on my system. One of the threats detected by mcafee was not yet deleted but "will be deleted". Its was RDM/Generic. Im not certain.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.18858
Run by User at 15:26:31 on 2018-01-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.3907.2875 [GMT 8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100110225030.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [CONNMGRTRAY] C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe Silent
uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [boostPc] "C:\Program Files (x86)\boostPc\boostPc.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{A2E14B3B-24C7-4556-905E-A8666C938CE1} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{A2E14B3B-24C7-4556-905E-A8666C938CE1}\05C4444584F4D454649424254646660303 : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100110225029.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 gf.tools.avast.com
Hosts: 127.0.0.1 pair.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\i4e0c56a.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo®
FF - prefs.js: browser.startup.homepage - hxxps://ph.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171214__yaff
FF - plugin: C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-10 243496]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2017-1-25 47032]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2010-1-10 6234056]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-1-10 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-1-10 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-1-10 59088]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-1-10 82128]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2010-1-10 253880]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2017-12-23 226696]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-10 841000]
S1 663a0d281e0e0d1a5b2aaf9161d9e579;663a0d281e0e0d1a5b2aaf9161d9e579;C:\Windows\System32\drivers\663a0d281e0e0d1a5b2aaf9161d9e579.sys [2018-1-2 73600]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-12-23 27552]
S2 0d8461c19919d191c02215759e11a2e9;0d8461c19919d191c02215759e11a2e9;rundll32.exe C:\Windows\0d8461c19919d191c02215759e11a2e9.dll kIHAlYdFMa --> rundll32.exe C:\Windows\0d8461c19919d191c02215759e11a2e9.dll kIHAlYdFMa [?]
S2 156f2b5621deadddad7ec0990240c4a4;156f2b5621deadddad7ec0990240c4a4;C:\Program Files\156f2b5621deadddad7ec0990240c4a4\0b43a3bf0265c98a0e1fe5fae8a6e0ba.exe [2018-1-2 814080]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-12-13 7760552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-15 352336]
S2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2017-12-16 226024]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2015-2-10 129904]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-1-10 263056]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2016-2-11 208936]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-1-10 279488]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-12-19 458176]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-12-21 116224]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2017-12-23 480800]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-1-10 458960]
S3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2010-1-10 417064]
S3 mfeaacsk;McAfee Inc. mfeaacsk;C:\Windows\System32\drivers\mfeaacsk.sys [2010-1-10 65320]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-10 348968]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-10 493352]
S3 mfeplk;McAfee Inc. mfeplk;C:\Windows\System32\drivers\mfeplk.sys [2010-1-10 66344]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-10 114984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-12-7 257704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-12-20 19456]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2010-1-10 33448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-12-20 56832]
.
=============== Created Last 30 ================
.
2018-01-03 00:54:49 1038848 ----a-w- C:\Windows\0d8461c19919d191c02215759e11a2e9.dll
2018-01-03 00:53:10 -------- d-----w- C:\Windows\SysWow64\SSL
2018-01-03 00:52:51 -------- d-----w- C:\Program Files\156f2b5621deadddad7ec0990240c4a4
2018-01-03 00:52:11 -------- d-----w- C:\Program Files (x86)\Multitimer
2018-01-03 00:52:06 -------- d-----w- C:\Users\User\AppData\Roaming\NVIDIA
2018-01-03 00:51:37 -------- d-----w- C:\Program Files (x86)\foldershare
2018-01-03 00:51:13 -------- d-----w- C:\Program Files (x86)\aohGTEheqdnWC
2018-01-03 00:51:09 -------- d-----w- C:\Program Files (x86)\boostPc
2018-01-03 00:51:07 -------- d-----w- C:\Program Files (x86)\RrHYXuUpocPTIXdsppR
2018-01-03 00:51:03 -------- d-----w- C:\Program Files (x86)\TwPufLOWyrxU2
2018-01-03 00:50:55 -------- d-----w- C:\Program Files (x86)\qTTaaczyWvUn
2018-01-03 00:50:43 -------- d-----w- C:\Program Files (x86)\GBeMZXQZBIE
2018-01-03 00:50:22 -------- d-----w- C:\Program Files (x86)\umkISPBbU
2018-01-03 00:49:55 -------- d-----w- C:\Users\User\AppData\Local\CrashDumps
2018-01-03 00:48:37 -------- d-----w- C:\Users\User\AppData\Local\PCBooster
2018-01-02 10:07:32 73600 ----a-w- C:\Windows\System32\drivers\663a0d281e0e0d1a5b2aaf9161d9e579.sys
2017-12-31 06:32:48 -------- d-----w- C:\MagicPlusMini
2017-12-31 05:11:35 -------- d-----w- C:\Windows\SysWow64\r
2017-12-29 02:12:57 -------- d-----w- C:\Program Files (x86)\Karmian
2017-12-24 03:46:55 -------- d-----w- C:\Users\User\AppData\Local\Windows_8
2017-12-24 01:32:17 -------- d-----w- C:\Users\User\AppData\Local\fontconfig
2017-12-24 01:32:11 -------- d-----w- C:\Users\User\.gimp-2.8
2017-12-24 01:32:09 -------- d-----w- C:\Users\User\AppData\Local\gegl-0.2
2017-12-23 21:26:48 -------- d-----w- C:\Program Files\GIMP 2
2017-12-23 03:03:47 -------- d-s---w- C:\Windows\System32\CompatTel
2017-12-23 03:03:47 -------- d-----w- C:\Windows\System32\appraiser
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2017-12-23 02:24:42 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2017-12-23 00:39:00 3283745 ----a-w- C:\Windows\Alienware Fire.scr
2017-12-22 23:28:59 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2017-12-22 23:26:12 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2017-12-22 23:26:12 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2017-12-22 23:26:12 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2017-12-22 23:26:11 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2017-12-22 23:26:11 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2017-12-22 23:25:50 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2017-12-22 23:25:03 480800 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2017-12-22 23:24:14 -------- d-----w- C:\Windows\System32\DAX2
2017-12-22 23:24:10 -------- d-----w- C:\Windows\SysWow64\RTCOM
2017-12-22 23:24:10 -------- d-----w- C:\Program Files\Realtek
2017-12-22 23:23:19 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2017-12-22 23:23:18 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2017-12-22 23:23:18 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2017-12-22 23:21:59 574752 ----a-w- C:\Windows\System32\AERTAC64.dll
2017-12-22 23:21:59 122320 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2017-12-22 23:21:59 118592 ----a-w- C:\Windows\System32\AERTAR64.dll
2017-12-22 23:21:37 -------- d-----w- C:\ProgramData\Package Cache
2017-12-22 23:20:12 81920 ----a-w- C:\Windows\System32\nusb3co3.dll
2017-12-22 23:20:12 226696 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2017-12-22 23:16:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2017-12-22 23:16:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2017-12-22 23:16:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2017-12-22 23:16:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2017-12-22 23:16:03 2565632 ----a-w- C:\Windows\System32\esent.dll
2017-12-22 23:16:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2017-12-22 23:16:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2017-12-22 23:16:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2017-12-22 23:16:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2017-12-22 23:15:53 2972672 ----a-w- C:\Windows\SysWow64\explorer.exe
2017-12-22 23:15:39 3229696 ----a-w- C:\Windows\explorer.exe
2017-12-22 23:13:54 670208 ----a-w- C:\Windows\System32\generaltel.dll
2017-12-22 23:13:54 605184 ----a-w- C:\Windows\System32\aeinv.dll
2017-12-22 23:13:54 603648 ----a-w- C:\Windows\System32\devinv.dll
2017-12-22 23:13:54 407392 ----a-w- C:\Windows\System32\centel.dll
2017-12-22 23:13:54 370688 ----a-w- C:\Windows\System32\invagent.dll
2017-12-22 23:13:54 241664 ----a-w- C:\Windows\System32\aepic.dll
2017-12-22 23:13:54 2023936 ----a-w- C:\Windows\System32\aitstatic.exe
2017-12-22 23:13:54 181760 ----a-w- C:\Windows\System32\acmigration.dll
2017-12-22 23:13:54 1570304 ----a-w- C:\Windows\System32\appraiser.dll
2017-12-22 23:13:54 134376 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2017-12-22 23:13:51 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2017-12-22 23:09:57 -------- d-----w- C:\ProgramData\ProductData
2017-12-22 23:09:49 -------- d-----w- C:\Windows\IObit
2017-12-22 23:08:34 27552 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2017-12-22 23:07:55 -------- d-----w- C:\ProgramData\IObit
2017-12-22 23:07:37 -------- d-----w- C:\Users\User\AppData\Roaming\IObit
2017-12-22 23:07:10 -------- d-----w- C:\Program Files (x86)\Driver Booster 5
2017-12-21 11:28:30 -------- d-----w- C:\QUARANTINE
2017-12-21 09:52:06 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2017-12-21 09:52:06 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2017-12-21 09:52:06 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2017-12-21 09:52:06 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2017-12-21 09:52:06 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2017-12-21 09:52:06 429568 ----a-w- C:\Windows\System32\wksprt.exe
2017-12-21 09:52:06 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2017-12-21 09:51:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2017-12-21 09:51:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2017-12-21 09:49:48 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2017-12-21 09:49:24 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2017-12-21 00:16:07 110144 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2017-12-21 00:15:44 -------- d-----w- C:\ProgramData\Oracle
2017-12-20 14:26:28 -------- d-----w- C:\Program Files\CCleaner
2017-12-20 06:41:35 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2017-12-20 06:41:35 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2017-12-20 06:38:32 3181568 ----a-w- C:\Windows\System32\rdpcorets.dll
2017-12-20 06:38:32 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2017-12-20 06:38:32 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2017-12-20 06:38:32 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2017-12-20 06:38:32 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2017-12-20 06:38:31 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2017-12-20 06:38:31 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2017-12-20 06:38:31 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2017-12-20 06:36:57 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2017-12-20 06:32:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2017-12-20 06:29:35 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2017-12-20 06:19:47 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2017-12-20 06:19:47 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2017-12-20 06:17:07 6656 ----a-w- C:\Windows\SysWow64\kbdgeoqw.dll
2017-12-20 06:17:07 6656 ----a-w- C:\Windows\SysWow64\KBDAZEL.DLL
2017-12-20 06:17:06 7168 ----a-w- C:\Windows\System32\kbdgeoqw.dll
2017-12-20 06:17:06 7168 ----a-w- C:\Windows\System32\KBDAZEL.DLL
2017-12-20 06:16:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2017-12-20 06:15:59 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2017-12-20 06:15:22 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2017-12-20 06:15:22 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2017-12-20 06:14:55 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2017-12-20 06:14:55 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2017-12-20 05:59:11 -------- d-----w- C:\Windows\SysWow64\drivers\uk-UA
2017-12-20 05:59:05 -------- d-----w- C:\Windows\SysWow64\wbem\uk-UA
2017-12-20 05:59:04 -------- d-----w- C:\Windows\uk-UA
2017-12-20 05:59:04 -------- d-----w- C:\Windows\System32\drivers\uk-UA
2017-12-20 05:58:53 -------- d-----w- C:\Windows\System32\wbem\uk-UA
2017-12-20 05:42:38 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2017-12-20 05:42:37 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2017-12-20 05:42:36 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2017-12-20 05:42:36 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2017-12-20 05:42:35 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2017-12-20 05:42:35 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2017-12-20 05:42:35 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2017-12-20 05:42:35 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2017-12-20 05:42:35 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2017-12-20 05:42:34 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2017-12-20 05:42:34 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2017-12-20 05:27:34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2017-12-20 05:27:32 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2017-12-20 05:27:32 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2017-12-20 05:11:34 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2017-12-20 05:11:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2017-12-20 05:11:34 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2017-12-20 05:11:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2017-12-20 05:11:33 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2017-12-20 05:11:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2017-12-20 05:11:33 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2017-12-20 04:56:58 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\scfilter.sys.mui
2017-12-20 04:56:38 3584 ----a-w- C:\Windows\System32\drivers\uk-UA\portcls.sys.mui
2017-12-20 04:56:37 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\serscan.sys.mui
2017-12-20 04:56:36 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\ataport.sys.mui
2017-12-20 04:56:36 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\amdide.sys.mui
2017-12-20 04:56:33 48640 ----a-w- C:\Windows\System32\drivers\uk-UA\tcpip.sys.mui
2017-12-20 04:56:20 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\hidbth.sys.mui
2017-12-20 04:56:19 7680 ----a-w- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
2017-12-20 04:56:19 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\BTHUSB.SYS.mui
2017-12-20 04:56:19 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\bthenum.sys.mui
2017-12-20 04:54:29 -------- d-----w- C:\Windows\SysWow64\wbem\sk-SK
2017-12-20 04:54:29 -------- d-----w- C:\Windows\SysWow64\drivers\sk-SK
2017-12-20 04:54:29 -------- d-----w- C:\Windows\sk-SK
2017-12-20 04:54:22 -------- d-----w- C:\Windows\System32\wbem\sk-SK
2017-12-20 04:54:22 -------- d-----w- C:\Windows\System32\drivers\sk-SK
2017-12-20 04:49:05 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\serscan.sys.mui
2017-12-20 04:48:45 3584 ----a-w- C:\Windows\System32\drivers\sk-SK\portcls.sys.mui
2017-12-20 04:48:41 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\ataport.sys.mui
2017-12-20 04:48:41 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\amdide.sys.mui
2017-12-20 04:48:38 47616 ----a-w- C:\Windows\System32\drivers\sk-SK\tcpip.sys.mui
2017-12-20 04:48:36 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\scfilter.sys.mui
2017-12-20 04:48:24 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\hidbth.sys.mui
2017-12-20 04:48:23 7680 ----a-w- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
2017-12-20 04:48:23 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\BTHUSB.SYS.mui
2017-12-20 04:48:23 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\bthenum.sys.mui
2017-12-20 04:45:50 879104 ----a-w- C:\Windows\System32\tdh.dll
2017-12-20 04:45:50 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2017-12-20 04:44:56 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2017-12-20 04:44:56 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2017-12-20 04:44:55 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2017-12-20 04:44:55 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2017-12-20 04:44:05 515584 ----a-w- C:\Windows\System32\timedate.cpl
2017-12-20 04:44:05 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2017-12-20 04:42:59 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2017-12-20 04:42:55 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2017-12-20 04:42:55 31232 ----a-w- C:\Windows\System32\prevhost.exe
2017-12-20 04:42:34 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2017-12-20 04:42:34 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2017-12-20 04:42:34 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2017-12-20 04:42:34 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2017-12-20 04:42:34 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2017-12-20 04:41:41 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2017-12-20 04:41:40 353280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2017-12-20 04:41:40 275456 ----a-w- C:\Windows\System32\InkEd.dll
2017-12-20 04:41:40 274944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2017-12-20 04:41:40 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2017-12-20 04:41:40 18432 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2017-12-20 04:41:40 169984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll
2017-12-20 04:41:40 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2017-12-20 04:41:40 1416192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2017-12-20 04:41:40 126464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2017-12-20 04:30:21 396800 ----a-w- C:\Windows\System32\webio.dll
2017-12-20 04:30:21 316416 ----a-w- C:\Windows\SysWow64\webio.dll
2017-12-20 04:30:20 69888 ----a-w- C:\Windows\System32\drivers\stream.sys
2017-12-20 04:30:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2017-12-20 04:30:11 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2017-12-20 04:30:10 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2017-12-20 04:30:10 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2017-12-20 04:30:09 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2017-12-20 04:30:08 165888 ----a-w- C:\Windows\System32\charmap.exe
2017-12-20 04:30:08 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2017-12-20 03:18:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-20 03:18:11 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-12-20 02:20:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2017-12-20 02:20:24 5120 ----a-w- C:\Windows\System32\wmi.dll
2017-12-20 02:20:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2017-12-20 02:16:54 4296704 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2017-12-20 02:16:54 3550208 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2017-12-20 02:11:13 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2017-12-20 02:11:13 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2017-12-20 02:11:13 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2017-12-20 02:11:13 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2017-12-20 02:11:12 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2017-12-20 02:11:12 8856 ----a-w- C:\Windows\System32\icardres.dll
2017-12-20 02:10:58 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2017-12-20 02:10:58 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2017-12-20 02:08:23 683520 ----a-w- C:\Windows\System32\termsrv.dll
2017-12-20 02:05:05 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2017-12-20 02:05:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2017-12-20 02:04:39 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2017-12-20 02:04:39 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2017-12-20 02:04:27 328704 ----a-w- C:\Windows\System32\services.exe
2017-12-20 02:04:06 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2017-12-20 02:04:06 723968 ----a-w- C:\Windows\System32\EncDec.dll
2017-12-20 02:04:05 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2017-12-20 02:04:05 535040 ----a-w- C:\Windows\SysWow64\EncDec.dll
2017-12-20 02:02:55 455168 ----a-w- C:\Windows\System32\winlogon.exe
2017-12-20 02:02:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2017-12-20 02:02:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2017-12-20 02:02:54 235520 ----a-w- C:\Windows\System32\winsta.dll
2017-12-20 02:02:54 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2017-12-20 02:02:54 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2017-12-20 02:02:54 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2017-12-20 02:00:44 52736 ----a-w- C:\Windows\System32\basesrv.dll
2017-12-20 01:58:42 241152 ----a-w- C:\Windows\System32\pku2u.dll
2017-12-20 01:58:42 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2017-12-20 01:58:03 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2017-12-20 01:58:02 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2017-12-20 01:58:02 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2017-12-20 01:55:57 215552 ----a-w- C:\Windows\System32\ubpm.dll
2017-12-20 01:54:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2017-12-20 01:52:29 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2017-12-20 01:39:18 1902776 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-12-20 01:39:17 21160 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll
2017-12-20 01:35:13 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2017-12-20 01:35:13 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2017-12-20 01:35:13 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2017-12-20 01:35:12 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2017-12-20 01:35:12 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2017-12-19 03:05:58 -------- d-----w- C:\Users\User\AppData\Local\BMExplorer
2017-12-19 02:56:49 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2017-12-19 02:55:10 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth
2017-12-19 02:45:23 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-12-19 02:12:21 -------- d-----w- C:\Windows\SysWow64\NV
2017-12-19 02:12:21 -------- d-----w- C:\Windows\System32\NV
2017-12-19 02:04:46 269600 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2017-12-19 02:04:46 261920 ----a-w- C:\Windows\System32\vulkan-1.dll
2017-12-19 02:04:46 125216 ----a-w- C:\Windows\System32\vulkaninfo.exe
2017-12-19 02:04:46 110880 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2017-12-19 02:04:46 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-12-19 02:04:19 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-12-19 01:56:56 -------- d-----w- C:\Users\User\AppData\Roaming\IDM
2017-12-19 01:56:56 -------- d-----w- C:\ProgramData\IDM
2017-12-19 01:56:55 -------- d-----w- C:\Users\User\AppData\Roaming\DMCache
2017-12-19 01:56:50 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2017-12-19 01:54:47 -------- d-----w- C:\Windows\System32\SPReview
2017-12-19 01:54:20 -------- d-----w- C:\Windows\System32\EventProviders
2017-12-19 01:49:03 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2017-12-19 01:46:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2017-12-19 01:45:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2017-12-19 01:09:13 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2017-12-16 09:14:25 -------- d-----w- C:\Games
2017-12-16 09:14:24 -------- d-----w- C:\Users\User\AppData\Local\Skyrim
2017-12-16 00:57:16 226024 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2017-12-15 09:58:39 -------- d-----w- C:\Program Files\Windows KMS Activator Ultimate 2017 v3.5
2017-12-15 09:57:51 90112 ----a-w- C:\Windows\System32\Vestris.ResourceLib.dll
2017-12-15 09:57:51 -------- d-----w- C:\Program Files\KMSpico
2017-12-14 01:50:20 -------- d-----w- C:\searchplugins
2017-12-14 01:48:04 -------- d-----w- C:\Users\User\AppData\Roaming\uTorrent
2017-12-14 01:14:35 13899592 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{456C30D9-281E-4739-882A-EA5A247243AA}\mpengine.dll
2017-12-14 01:14:15 -------- d-----w- C:\Windows\Migration
2017-12-14 01:11:55 -------- d-----w- C:\Windows\System32\MRT
2017-12-14 01:11:41 133326408 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-12-14 01:10:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2017-12-14 01:10:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-12-14 01:10:34 304128 ----a-w- C:\Windows\System32\EOSNotify.exe
2017-12-14 01:08:09 -------- d-----w- C:\Users\User\AppData\Local\Mozilla
2017-12-13 21:37:07 -------- d-----w- C:\Program Files (x86)\Foxit Software
2017-12-13 21:36:21 -------- d-----w- C:\Windows\System32\appmgmt
2017-12-13 21:35:15 -------- d-----w- C:\Program Files (x86)\CCleaner
2017-12-13 13:58:57 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2017-12-13 01:02:58 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2017-12-13 01:02:57 -------- d-----r- C:\Users\User\OneDrive
2017-12-13 01:02:42 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-12-13 00:52:28 5264040 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-12-13 00:45:44 -------- d-----w- C:\ProgramData\AutoKMS
2017-12-07 15:41:32 585384 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-12-07 15:40:48 31400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-12-07 15:29:36 257704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
==================== Find3M ====================
.
2017-12-22 23:29:31 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-12-22 23:29:31 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-22 23:29:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-12-22 23:29:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-12-22 23:29:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-12-22 23:29:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-12-21 10:08:53 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2017-12-19 02:20:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2017-12-19 02:20:11 175616 ----a-w- C:\Windows\System32\msclmd.dll
2017-12-03 15:50:26 83792 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2017-12-03 15:50:26 440128 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2017-12-03 15:50:26 263856 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2017-12-03 15:50:24 242496 ----a-w- C:\Windows\SysWow64\concrt140.dll
2017-12-03 15:38:38 87728 ----a-w- C:\Windows\System32\vcruntime140.dll
2017-12-03 15:38:38 641696 ----a-w- C:\Windows\System32\msvcp140.dll
2017-12-03 15:38:38 389296 ----a-w- C:\Windows\System32\vccorlib140.dll
2017-12-03 15:38:38 331432 ----a-w- C:\Windows\System32\concrt140.dll
2017-11-29 01:11:26 77432 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-11-17 04:23:29 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-11-14 03:43:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-11-14 03:43:17 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-11-14 03:31:40 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-11-14 03:31:03 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-11-14 03:30:59 417792 ----a-w- C:\Windows\System32\html.iec
2017-11-14 03:30:50 577024 ----a-w- C:\Windows\System32\vbscript.dll
2017-11-14 03:30:34 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-11-14 03:25:02 5925888 ----a-w- C:\Windows\System32\jscript9.dll
2017-11-14 03:20:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-11-14 03:20:46 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-11-14 03:20:26 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-11-14 03:15:06 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-11-14 03:06:39 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-11-14 03:06:22 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-11-14 02:47:01 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-11-14 02:46:49 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-11-14 02:39:43 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-11-14 00:32:49 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-11-14 00:31:16 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-11-07 20:56:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-11-07 20:46:44 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-11-07 20:46:17 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-11-07 20:46:10 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-11-07 20:38:59 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-11-07 20:38:45 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-11-07 20:29:15 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-11-07 20:28:59 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-11-07 20:27:15 4509696 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-11-07 20:17:43 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-11-07 20:17:24 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-11-07 20:04:46 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-11-07 16:31:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2017-11-07 16:13:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2017-11-04 15:31:02 194048 ----a-w- C:\Windows\System32\itircl.dll
2017-11-04 15:31:02 170496 ----a-w- C:\Windows\System32\itss.dll
2017-11-04 15:10:55 158720 ----a-w- C:\Windows\SysWow64\itircl.dll
2017-11-04 15:10:55 142336 ----a-w- C:\Windows\SysWow64\itss.dll
2017-11-02 16:55:42 138240 ----a-w- C:\Windows\System32\rtm.dll
2017-11-02 16:55:36 97792 ----a-w- C:\Windows\System32\mprdim.dll
2017-11-02 16:55:34 9728 ----a-w- C:\Windows\System32\iprtprio.dll
2017-11-02 16:55:34 281600 ----a-w- C:\Windows\System32\iprtrmgr.dll
2017-11-02 15:11:36 115200 ----a-w- C:\Windows\SysWow64\rtm.dll
2017-11-02 15:11:29 75264 ----a-w- C:\Windows\SysWow64\mprdim.dll
2017-11-02 15:11:26 271360 ----a-w- C:\Windows\SysWow64\iprtrmgr.dll
2017-11-02 14:56:56 8192 ----a-w- C:\Windows\SysWow64\iprtprio.dll
2017-10-18 02:06:57 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 02:06:46 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 02:06:40 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 02:06:40 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 02:06:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 02:06:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 02:06:35 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 23:04:40 1001984 ----a-w- C:\Windows\System32\gpedit.dll
2017-10-16 22:46:34 953344 ----a-w- C:\Windows\SysWow64\gpedit.dll
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:30 317440 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 15:28:09.79 ===============

Attached Files

attach.txt (29.8 KB)

Hi,

I am trying to fix my grandfather's computer that he says has been running slow and his Yahoo mail account has recently started getting flooded with spam emails which he believes is from a virus/malware on his computer. I ran an ESET Online scan and it found a few threats also. The logs are attached below. Thank you for your help.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15
Run by kreonite at 0:06:57 on 2018-01-09
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7638.4765 [GMT -6:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\WINDOWS\system32\atieclxx.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\RuntimeBroker.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?bcutc=sp-006
uSearch Bar = hxxps://www.google.com/?bcutc=sp-006
uSearch Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
uRun: [OneDrive] "C:\Users\kreonite\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Google Update] C:\Users\kreonite\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [Chromium] "c:\users\kreonite\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{cb863208-7e20-4931-8544-388e8a52cbc6} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{de8a42e1-fe54-471b-b169-24ce3608ec94} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\WINDOWS\System32\drivers\aswbidsha.sys [2017-2-7 199448]
R0 aswblog;aswblog;C:\WINDOWS\System32\drivers\aswbloga.sys [2017-2-7 343768]
R0 aswbuniv;aswbuniv;C:\WINDOWS\System32\drivers\aswbuniva.sys [2017-2-7 57696]
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\drivers\aswRvrt.sys [2015-9-4 84384]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\drivers\aswVmm.sys [2015-9-4 358672]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 aswArPot;aswArPot;C:\WINDOWS\System32\drivers\aswArPot.sys [2017-11-18 185096]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-2-7 321512]
R1 aswHdsKe;aswHdsKe;C:\WINDOWS\System32\drivers\aswHdsKe.sys [2017-12-21 149344]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2016-4-20 41832]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2015-9-4 1025176]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2015-9-4 457400]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-8 59800]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013-7-31 91712]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-8-1 264224]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2015-9-4 146664]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2015-9-4 204456]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-12-21 301168]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_14321e;Connected Devices Platform User Service_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-1-8 385024]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-7-31 89864]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 179184]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-7-31 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-7-31 294664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-6-7 99128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-7-31 84168]
R2 OneSyncSvc_14321e;Sync Host_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-1-8 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-11-29 7757552]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-8 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_14321e;Windows Push Notifications User Service_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-12-21 7538536]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 PimIndexMaintenanceSvc_14321e;Contact Data_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-2-17 896768]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-8 103320]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UnistoreSvc_14321e;User Data Storage_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 UserDataSvc_14321e;User Data Access_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S2 AERTFilters;Andrea RT Filters Service;"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE" --> C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 RtkAudioService;Realtek Audio Service;"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" --> C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2015-9-4 46976]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_14321e;DevicesFlow_14321e;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-1-8 6234056]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_14321e;MessagingService_14321e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-1-8 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_14321e;PrintWorkflow_14321e;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-1-8 956416]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-11 45464]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-11 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-11 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-11 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-11 770048]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-1-8 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-01-09 02:23:10 -------- d-----w- C:\Users\kreonite\AppData\Local\ESET
2018-01-09 02:11:27 -------- d-----w- C:\ProgramData\SWCUTemp
2018-01-09 00:12:59 2859520 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2018-01-09 00:11:59 97280 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2018-01-08 23:41:02 77432 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-01-08 23:40:52 -------- d-----w- C:\Program Files\Malwarebytes
2018-01-08 23:40:29 -------- d-----w- C:\ProgramData\MB2Migration
2017-12-21 17:42:16 149344 ----a-w- C:\WINDOWS\System32\drivers\aswHdsKe.sys
2017-12-16 23:44:34 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2017-12-13 16:35:59 676352 ----a-w- C:\WINDOWS\SysWow64\SndVolSSO.dll
2017-12-12 00:27:33 -------- d-sh--w- C:\Recovery
2017-12-12 00:24:14 -------- d-----w- C:\Windows.old
2017-12-12 00:13:19 -------- d-----w- C:\WINDOWS\System32\Microsoft
2017-12-12 00:13:19 -------- d-----w- C:\WINDOWS\ServiceProfiles
2017-12-12 00:02:42 -------- d-----w- C:\inetpub
2017-12-12 00:01:59 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2017-12-12 00:01:59 35456 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2017-12-12 00:01:59 35456 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2017-12-12 00:01:59 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-12 00:01:59 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2017-12-12 00:01:58 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-12-11 23:15:18 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-12-11 23:13:52 -------- d--h--w- C:\Users\kreonite\MicrosoftEdgeBackups
2017-12-11 23:07:04 -------- d-sh--we C:\ProgramData\Documents
2017-12-11 22:51:00 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2017-12-11 22:46:59 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2017-12-11 22:46:59 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2017-12-11 22:39:35 -------- d-----w- C:\ProgramData\USOShared
2017-12-11 22:33:29 -------- d-----w- C:\Users\kreonite\AppData\Local\Packages
2017-12-11 22:30:41 2241024 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-12-11 22:29:35 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2017-12-11 22:28:16 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2017-12-10 06:26:13 -------- d-----w- C:\Program Files\Common Files\Avast Software
.
==================== Find3M ====================
.
2018-01-09 02:09:34 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2018-01-09 00:17:24 403968 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll
2018-01-09 00:16:42 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-01-09 00:16:37 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-01-01 17:15:38 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-01-01 12:54:36 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-01-01 12:53:26 1090984 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-01-01 12:52:23 66712 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-01-01 12:51:59 59800 ----a-w- C:\WINDOWS\System32\drivers\bam.sys
2018-01-01 12:51:56 1055128 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-01-01 12:51:31 191816 ----a-w- C:\WINDOWS\System32\skci.dll
2018-01-01 12:51:23 1209240 ----a-w- C:\WINDOWS\System32\winload.exe
2018-01-01 12:51:18 1414784 ----a-w- C:\WINDOWS\System32\winload.efi
2018-01-01 12:50:58 479912 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-01-01 12:50:35 77208 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-01-01 12:50:17 780464 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-01-01 12:50:07 5905752 ----a-w- C:\WINDOWS\System32\StartTileData.dll
2018-01-01 12:49:34 8605080 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-01-01 12:49:34 292376 ----a-w- C:\WINDOWS\System32\wscapi.dll
2018-01-01 12:49:31 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-01-01 12:49:10 319352 ----a-w- C:\WINDOWS\System32\wow64.dll
2018-01-01 12:48:26 1954048 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-01-01 12:48:18 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-01-01 12:48:18 382360 ----a-w- C:\WINDOWS\System32\atmfd.dll
2018-01-01 12:47:06 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-01-01 12:47:01 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-01-01 12:46:23 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-01-01 12:46:21 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-01-01 12:45:54 2395032 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-01-01 12:45:48 1277848 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-01-01 12:45:17 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-01-01 12:43:31 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-01-01 12:43:16 367336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-01-01 12:43:03 62872 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-01-01 12:42:46 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-01-01 12:42:36 494488 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-01-01 12:42:34 184984 ----a-w- C:\WINDOWS\System32\sspicli.dll
2018-01-01 12:42:20 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-01-01 12:42:01 1029016 ----a-w- C:\WINDOWS\System32\efscore.dll
2018-01-01 12:41:32 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-01-01 12:41:24 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-01-01 12:41:18 7676296 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-01-01 12:40:19 1206680 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-01-01 12:39:58 508264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2018-01-01 12:39:53 902416 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-01-01 12:39:44 362904 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2018-01-01 12:39:17 677784 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-01-01 12:39:06 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-01-01 12:38:53 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-01-01 12:38:43 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2018-01-01 12:38:24 3904808 ----a-w- C:\WINDOWS\explorer.exe
2018-01-01 12:38:15 727448 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-01-01 12:38:09 103320 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2018-01-01 12:37:57 461720 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-01-01 12:37:09 1426664 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2018-01-01 12:36:57 113560 ----a-w- C:\WINDOWS\System32\icfupgd.dll
2018-01-01 12:36:32 57752 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-01-01 12:36:25 413888 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2018-01-01 12:36:25 166296 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-01-01 12:36:20 374032 ----a-w- C:\WINDOWS\System32\vac.exe
2018-01-01 12:35:34 75160 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-01-01 12:35:16 1170008 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2018-01-01 12:34:51 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-01-01 12:34:45 7385088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-01-01 12:34:45 260896 ----a-w- C:\WINDOWS\System32\mfps.dll
2018-01-01 12:34:43 87384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2018-01-01 12:33:42 603920 ----a-w- C:\WINDOWS\System32\audiodg.exe
2018-01-01 12:33:36 2773400 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-01-01 12:32:57 4481240 ----a-w- C:\WINDOWS\System32\mfcore.dll
2018-01-01 12:32:30 617304 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2018-01-01 12:27:27 713624 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-01-01 12:27:26 163736 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-01-01 12:26:45 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-01-01 12:26:25 428952 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-01-01 12:25:50 147864 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-01-01 12:25:26 615768 ----a-w- C:\WINDOWS\System32\services.exe
2018-01-01 12:21:36 1103768 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-01-01 12:21:34 614296 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2018-01-01 12:06:49 311192 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2018-01-01 12:03:39 650328 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-01-01 12:03:38 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-01-01 12:03:36 566664 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-01-01 12:03:03 123512 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2018-01-01 11:53:43 1615712 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-01-01 11:49:35 258808 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2018-01-01 11:49:11 481464 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2018-01-01 11:46:57 289816 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2018-01-01 11:46:25 3485392 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-01-01 11:45:54 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-01-01 11:45:34 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-01-01 11:45:26 450928 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2018-01-01 11:42:56 982528 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2018-01-01 11:42:47 386424 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2018-01-01 11:42:41 4644912 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2018-01-01 11:42:40 6479552 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-01-01 11:42:33 1246432 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2018-01-01 11:42:32 74992 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2018-01-01 11:42:32 129184 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2018-01-01 11:42:32 1003152 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2018-01-01 11:37:35 25247232 ----a-w- C:\WINDOWS\System32\edgehtml.dll
.
============= FINISH: 0:08:47.93 ===============

Attached Files

attach.txt (14.0 KB)

Hello I am usually not turning off PC during the night, so after I woke up today I noticed a certain popup that probably open when I was on some sport streaming site... What I noticed is that my CPU was at 99% when I closed the popup it immediately went to normal... I also copy pasted the address of the popup and just tested it and open again ... which made CPU go back to 99% everytime the URL was open...
Is there a way to test that URL what is actually happening? Can I give you guys the URL name and you tell me what is going on ? I am not sure if I am allowed to just paste URLs that might even be infected.

Laptop seems to run faster with better internet such as loading applications and loading speed in games. It runs agonizingly slower when on slower wifi which shouldn't be a problem in most cases right? I moved homes and have experienced different internet here although it is 100 mbps, I am getting slow run times on my laptop. It was noticeably faster back at my old home and I am wondering if it has to do with viruses. I also get popup notifications of "prizes" and such in my bottom-right corner and am not sure if it's dangerous or not.

I do not have access to a boot cd or install software.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608 BrowserJavaVersion: 11.121.2
Run by John Kim at 13:13:34 on 2018-01-21
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.6090.2562 [GMT -8:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localservice -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\WINDOWS\system32\ibtsiva.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs -s gpsvc
C:\WINDOWS\system32\svchost.exe -k defragsvc
svchost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -s NgcCtnrSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s XblAuthManager
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4} : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}\D6F5D616368696E616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?trackid=sp-006
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2014-3-7 39008]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-3-15 309272]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2016-7-11 32088]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2014-6-9 993608]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2014-6-9 548928]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2257016]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-6-9 126600]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2014-6-9 162528]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-3-15 262736]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_1449085;Connected Devices Platform User Service_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-16 1165368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-7 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-26 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-7 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-5-21 419304]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\WINDOWS\System32\drivers\LMIInfo.sys [2017-4-3 30432]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2015-5-29 81088]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-18 6234056]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-16 458176]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-25 1881144]
R2 OneSyncSvc_1449085;Sync Host_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-10 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-1-20 255096]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_1449085;Windows Push Notifications User Service_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-7-8 35600]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-3-15 7147320]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-8-8 97280]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-12-12 230656]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-27 130248]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2017-11-8 253880]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2017-3-18 3485696]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-4-7 56384]
R3 PimIndexMaintenanceSvc_1449085;Contact Data_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-3-7 8876248]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-2-2 51320]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UnistoreSvc_1449085;User Data Storage_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_1449085;User Data Access_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-3-18 24576]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2017-4-7 2522680]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-6-9 38296]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-12 39424]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_1449085;DevicesFlow_1449085;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-7-22 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_1449085;MessagingService_1449085;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-5-17 118784]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-25 28216]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-9-12 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-11-21 95640]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-12 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-8 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-15 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-3-7 102376]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-6-10 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xhunter1;xhunter1;C:\Windows\xhunter1.sys [2016-7-29 36808]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2017-3-18 98816]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-01-18 01:45:48 -------- d---a-w- C:\Program Files\rempl
2018-01-12 02:32:17 -------- d--h--w- C:\$WINDOWS.~BT
.
==================== Find3M ====================
.
2018-01-17 21:35:50 253880 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-01-17 01:40:05 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-12-21 04:35:51 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-12-21 04:35:51 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-12-21 00:30:07 114688 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll
2017-12-21 00:30:06 109024 ----a-w- C:\WINDOWS\System32\LMIinit.dll
2017-12-16 03:58:37 77432 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-11-30 03:33:13 1015704 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-11-30 03:33:11 1144728 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-11-30 03:33:06 38808 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-11-30 03:29:34 8319384 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-11-30 03:24:40 870896 ----a-w- C:\WINDOWS\System32\winhttp.dll
2017-11-30 03:23:56 7910960 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-11-30 03:23:54 1194248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-11-30 02:59:10 23678464 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-11-30 02:58:41 702032 ----a-w- C:\WINDOWS\SysWow64\winhttp.dll
2017-11-30 02:58:02 6763128 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-11-30 02:57:45 1123968 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2017-11-30 02:45:42 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-11-30 02:45:01 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-11-30 02:44:32 171008 ----a-w- C:\WINDOWS\System32\itss.dll
2017-11-30 02:44:25 110592 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2017-11-30 02:44:23 42496 ----a-w- C:\WINDOWS\System32\drivers\vwifimp.sys
2017-11-30 02:43:57 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-11-30 02:43:47 20511232 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-11-30 02:43:17 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-11-30 02:43:07 164352 ----a-w- C:\WINDOWS\System32\wscript.exe
2017-11-30 02:42:50 148992 ----a-w- C:\WINDOWS\SysWow64\itss.dll
2017-11-30 02:42:45 80896 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2017-11-30 02:42:43 164352 ----a-w- C:\WINDOWS\System32\cscript.exe
2017-11-30 02:42:41 304640 ----a-w- C:\WINDOWS\System32\dusmsvc.dll
2017-11-30 02:42:24 1878016 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2017-11-30 02:42:20 100864 ----a-w- C:\WINDOWS\SysWow64\msscript.ocx
2017-11-30 02:42:14 560640 ----a-w- C:\WINDOWS\System32\iprtrmgr.dll
2017-11-30 02:41:58 414720 ----a-w- C:\WINDOWS\System32\provhandlers.dll
2017-11-30 02:41:44 222208 ----a-w- C:\WINDOWS\System32\scrobj.dll
2017-11-30 02:41:32 527360 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2017-11-30 02:41:28 146944 ----a-w- C:\WINDOWS\SysWow64\wscript.exe
2017-11-30 02:40:50 143360 ----a-w- C:\WINDOWS\SysWow64\cscript.exe
2017-11-30 02:40:33 528384 ----a-w- C:\WINDOWS\SysWow64\iprtrmgr.dll
2017-11-30 02:40:12 585216 ----a-w- C:\WINDOWS\System32\vbscript.dll
2017-11-30 02:40:03 206336 ----a-w- C:\WINDOWS\SysWow64\scrobj.dll
2017-11-30 02:39:25 925696 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2017-11-30 02:39:25 3206656 ----a-w- C:\WINDOWS\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-11-30 02:39:13 2809344 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2017-11-30 02:38:43 636416 ----a-w- C:\WINDOWS\SysWow64\WpcWebFilter.dll
2017-11-30 02:38:32 8195584 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-11-30 02:38:29 497152 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2017-11-30 02:38:20 684544 ----a-w- C:\WINDOWS\System32\usocore.dll
2017-11-30 02:38:11 1248768 ----a-w- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
2017-11-30 02:37:58 6252544 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-11-30 02:37:42 2859520 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2017-11-30 02:37:17 1293824 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-11-30 02:37:03 3306496 ----a-w- C:\WINDOWS\System32\wininet.dll
2017-11-30 02:36:58 5557760 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2017-11-30 02:36:56 1398784 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2017-11-30 02:36:45 4726784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-11-30 02:36:37 1019904 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-11-30 02:36:34 3652096 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-11-30 02:34:58 4559360 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2017-11-22 18:32:10 114688 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
2017-11-17 09:41:36 503704 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2017-11-17 09:39:55 5477088 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-11-17 09:39:22 643200 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-11-17 09:31:01 223640 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-11-17 09:03:16 3668992 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-11-17 09:00:17 2953216 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-11-17 08:59:05 64512 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-11-17 08:56:32 757248 ----a-w- C:\WINDOWS\System32\drivers\WdiWiFi.sys
2017-11-02 05:20:36 543640 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-11-02 05:20:27 965016 ----a-w- C:\WINDOWS\System32\hvloader.efi
2017-11-02 05:20:21 469568 ----a-w- C:\WINDOWS\System32\wow64win.dll
2017-11-02 05:16:53 2398696 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-11-02 05:16:26 2327448 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-11-02 05:15:10 1239448 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-11-02 05:14:58 667040 ----a-w- C:\WINDOWS\System32\ci.dll
2017-11-02 05:13:39 1345600 ----a-w- C:\WINDOWS\System32\user32.dll
2017-11-02 05:13:36 2443672 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-11-02 05:13:22 95640 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2017-11-02 05:13:10 212888 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2017-11-02 05:13:01 546712 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-11-02 05:12:58 727336 ----a-w- C:\WINDOWS\System32\wer.dll
2017-11-02 05:12:55 430848 ----a-w- C:\WINDOWS\System32\bcryptprimitives.dll
2017-11-02 05:12:55 412752 ----a-w- C:\WINDOWS\System32\Faultrep.dll
2017-11-02 05:12:39 144248 ----a-w- C:\WINDOWS\System32\WerFaultSecure.exe
2017-11-02 05:12:38 319384 ----a-w- C:\WINDOWS\System32\WerFault.exe
2017-11-02 05:12:35 714648 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2017-11-02 05:12:04 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2017-11-02 05:12:03 654976 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-11-02 05:10:59 6557520 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2017-11-02 05:05:48 187800 ----a-w- C:\WINDOWS\System32\wermgr.exe
2017-11-02 05:04:20 1292360 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2017-11-02 04:49:55 1838848 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-11-02 04:45:57 283544 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2017-11-02 04:45:41 133896 ----a-w- C:\WINDOWS\SysWow64\WerFaultSecure.exe
2017-11-02 04:45:36 362144 ----a-w- C:\WINDOWS\SysWow64\Faultrep.dll
2017-11-02 04:45:25 613136 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-11-02 04:45:18 172952 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2017-11-02 04:45:17 354360 ----a-w- C:\WINDOWS\SysWow64\bcryptprimitives.dll
2017-11-02 04:44:52 519680 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
.
============= FINISH: 13:15:21.57 ===============

Attached Files

attach.txt (515.9 KB)

Morning, as stated, my usually quick laptop is running very slow, also hangs when I run my CAD package. Any advice will be appreciated. Many thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.161.2
Run by henry at 13:38:55 on 2018-01-22
Microsoft Windows 10 Pro 10.0.16299.0.1252.27.2057.18.16281.10960 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s BthHFSrv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\HP3DDGService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\WLANExt.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\IntelCpHDCPSvc.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\DbxSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\CxSvc\CxMonSvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\system32\fpCSEvtSvc.exe
C:\WINDOWS\CxSvc\CxUtilSvc.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
C:\Program Files (x86)\NordVPN\nordvpn-service.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
C:\WINDOWS\system32\valWBFPolicyService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s PhoneSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Windows\System32\MicTray64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\Program Files\Conexant\SA3\HP-NB-AIO\SmartAudio3.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe
C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleContactSync] "C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe"
uRun: [STUISpeedLauncher] "C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe" -speedlauncher -minVer:6.6.58.0
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Officejet Pro 276dw MFP (NET)] "C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe" -deviceID "CN31O13GD1:NW" -scfn "HP Officejet Pro 276dw MFP (NET)" -AutoStart 1
uRun: [NordVPN] C:\Program Files (x86)\NordVPN\NordVPN.exe
uRun: [com.deezer.deezer-desktop] C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [NordVPN] C:\Program Files (x86)\NordVPN\NordVPN.exe
dRunOnce: [Application Restart #0] C:\Program Files (x86)\NordVPN\NordVPN.exe
StartupFolder: C:\Users\henry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEA~1.LNK - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NETWOR~1.LNK - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{47a04eb4-157c-444e-9234-c695e3d8c1d8} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2017-2-1 1469960]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2018-1-22 230312]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2017-12-12 107680]
R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-9-29 293272]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-6 59800]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2017-4-29 592088]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2017-4-29 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2017-4-29 136416]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 199640]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2017-8-5 543112]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [2016-6-28 241544]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_323043b;Connected Devices Platform User Service_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-1-6 385024]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-10-4 7780528]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2017-2-21 4817896]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\IntelCpHDCPSvc.exe [2017-9-7 596520]
R2 CxMonSvc;CxMonSvc;C:\Windows\CxSvc\CxMonSvc.exe [2017-9-18 34424]
R2 CxUtilSvc;CxUtilSvc;C:\Windows\CxSvc\CxUtilSvc.exe [2017-9-18 148600]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2018-1-8 51016]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-8-7 144560]
R2 fpCsEvtSvc;fpCsEvtSvc;C:\WINDOWS\System32\fpCSEvtSvc.exe [2017-8-9 22528]
R2 hp3ddgsrv;HP 3DDG Service;C:\WINDOWS\System32\HP3DDGService.exe [2017-10-3 130072]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-8-15 332144]
R2 HPTouchpointAnalyticsService;HP Touchpoint Analytics;C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [2017-11-26 332216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2017-2-1 18504]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-9-7 398376]
R2 Intel(R) TPM Provisioning Service;Intel(R) TPM Provisioning Service;C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [2017-9-21 668472]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2017-10-23 213648]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 NEWDRIVER;NEWDRIVER;C:\Windows\SysWOW64\WinVDEdrv6.sys [2017-10-25 197648]
R2 nordvpn-service;nordvpn-service;C:\Program Files (x86)\NordVPN\nordvpn-service.exe [2017-11-29 413472]
R2 OneSyncSvc_323043b;Sync Host_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 SamsungUPDUtilSvc;Samsung UPD Utility Service;C:\Windows\SysWOW64\SecUPDUtilSvc.exe [2017-8-7 143664]
R2 SecurityHealthService;Windows Defender Security Centre Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-1-6 519152]
R2 SSPORT;SSPORT;C:\WINDOWS\System32\drivers\SSPORT.SYS [2017-8-7 11576]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-8-19 255584]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2017-8-9 82944]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-6 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_323043b;Windows Push Notifications User Service_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2017-8-7 3756200]
R2 ZoomCptService;Zoom Sharing Service;C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [2017-8-31 24752]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2017-9-29 191488]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2017-9-29 46592]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 hpqcaslwmiex;HP CASL Framework Service;C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-6-3 1031704]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-4-13 244744]
R3 IntcAudioBus;Intel(R) Smart Sound Technology (Intel(R) SST) Bus;C:\WINDOWS\System32\drivers\IntcAudioBus.sys [2017-2-22 238176]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2017-9-7 825376]
R3 IntcOED;Intel(R) Smart Sound Technology (Intel(R) SST) OED;C:\WINDOWS\System32\drivers\IntcOED.sys [2017-2-22 750176]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-7 39920]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2017-8-4 197344]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2017-8-5 190832]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-19 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2018-1-16 87584]
R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2017-12-12 253192]
R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2017-11-15 173664]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 Netwtw04;Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2017-7-13 7647232]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 PimIndexMaintenanceSvc_323043b;Contact Data_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-8-5 943112]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2017-8-6 782304]
R3 SNP2UVCW10;USB2.0 PC Camera (snUVCg2);C:\WINDOWS\System32\drivers\snUVCg2.sys [2017-8-7 2528352]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tapnordvpn;TAP-NordVPN Windows Adapter V9;C:\WINDOWS\System32\drivers\tapnordvpn.sys [2017-3-27 84432]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
R3 UnistoreSvc_323043b;User Data Storage_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 UserDataSvc_323043b;User Data Access_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-13 770048]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2017-6-21 30368]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-9-29 25088]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-31 28792]
S1 MpKsl4a7b5545;MpKsl4a7b5545;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C32C93-C62C-431B-B55B-9AD68EB60A85}\MpKsl4a7b5545.sys [2018-1-21 58120]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-8-5 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 KMService;KMService;C:\WINDOWS\System32\srvany.exe --> C:\WINDOWS\System32\srvany.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-4-5 317400]
S2 UIUService;Conexant UIU Service;C:\WINDOWS\System32\UIUSrv.exe --> C:\WINDOWS\System32\UIUSrv.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-9-29 126872]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-9-29 158616]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-9-29 143768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\WINDOWS\System32\svchost.exe -k AssignedAccessManagerSvc [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-8-5 143144]
S3 DevicesFlowUserSvc_323043b;DevicesFlow_323043b;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 ExpressInvoiceService;Express Invoice Invoicing Software;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2017-8-7 2342160]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2017-9-21 742704]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_323043b;MessagingService_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2017-8-7 269480]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-1-6 192512]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2018-1-15 258728]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_323043b;PrintWorkflow_323043b;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-12-13 4329952]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-1-6 956416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2017-5-18 166288]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-6 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-1 45464]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-1 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-1 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-1 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-1-20 129616]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe [2018-1-20 356168]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-1-6 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-12-13 819096]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-9-29 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-9-29 1190400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-01-22 08:07:19 230312 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys
2018-01-22 04:57:15 -------- d-----w- C:\WINDOWS\System32\drivers\wd
2018-01-21 07:54:14 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C32C93-C62C-431B-B55B-9AD68EB60A85}\mpengine.dll
2018-01-20 04:26:11 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-01-19 09:26:43 97344 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2018-01-19 09:26:24 -------- d-----w- C:\Program Files (x86)\Common Files\Oracle
2018-01-16 12:16:58 87584 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
2018-01-15 03:01:02 585904 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-01-15 02:51:46 31408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2018-01-15 02:39:22 258728 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-01-12 06:35:46 -------- d-----w- C:\Program Files\Common Files\Intel
2018-01-12 06:33:25 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2018-01-09 17:52:01 -------- d-----w- C:\Users\henry\.config
2018-01-09 17:51:52 -------- d-----w- C:\Program Files (x86)\Clementine
2018-01-09 17:33:32 -------- d-----w- C:\Users\henry\AppData\Local\MusicBee
2018-01-08 21:15:16 51016 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2018-01-08 21:15:16 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2018-01-08 21:15:16 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2018-01-08 21:15:16 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2018-01-04 08:17:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2018-01-04 08:16:56 -------- d-----w- C:\Program Files (x86)\AMD
2018-01-04 08:14:41 20360 ----a-w- C:\WINDOWS\SysWow64\detoured.dll
2018-01-04 08:14:41 20360 ----a-w- C:\WINDOWS\System32\detoured.dll
2018-01-04 08:14:40 112520 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2018-01-04 08:14:40 103304 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2018-01-04 08:14:40 1032072 ----a-w- C:\WINDOWS\SysWow64\atiadlxx.dll
2018-01-04 06:22:50 152080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
2018-01-03 18:16:46 -------- d-----w- C:\Program Files (x86)\VideoLAN
2018-01-02 10:15:19 -------- d-----w- C:\Users\henry\AppData\Roaming\Digiarty
2018-01-02 09:22:41 -------- d-----w- C:\Users\henry\AppData\Roaming\STAMP
2017-12-31 21:38:11 -------- d-----w- C:\Users\henry\AppData\Roaming\Deezer
2017-12-31 08:42:27 -------- d-----w- C:\Users\henry\AppData\Roaming\JAM Software
2017-12-31 08:42:17 -------- d-----w- C:\Program Files (x86)\JAM Software
2017-12-23 14:35:44 -------- d-----w- C:\Users\henry\.cache
.
==================== Find3M ====================
.
2018-01-20 04:29:20 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-01-20 04:29:20 288848 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-01-20 04:29:20 129616 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-01-10 06:12:10 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-01-06 06:31:23 403968 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll
2018-01-06 06:31:15 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-01-06 06:31:14 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-01-01 17:15:38 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-01-01 12:54:36 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-01-01 12:53:26 1090984 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-01-01 12:52:23 66712 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-01-01 12:51:59 59800 ----a-w- C:\WINDOWS\System32\drivers\bam.sys
2018-01-01 12:51:56 1055128 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-01-01 12:51:31 191816 ----a-w- C:\WINDOWS\System32\skci.dll
2018-01-01 12:51:23 1209240 ----a-w- C:\WINDOWS\System32\winload.exe
2018-01-01 12:51:18 1414784 ----a-w- C:\WINDOWS\System32\winload.efi
2018-01-01 12:50:58 479912 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-01-01 12:50:35 77208 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-01-01 12:50:17 780464 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-01-01 12:50:07 5905752 ----a-w- C:\WINDOWS\System32\StartTileData.dll
2018-01-01 12:49:34 8605080 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-01-01 12:49:34 292376 ----a-w- C:\WINDOWS\System32\wscapi.dll
2018-01-01 12:49:31 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-01-01 12:49:10 319352 ----a-w- C:\WINDOWS\System32\wow64.dll
2018-01-01 12:48:26 1954048 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-01-01 12:48:18 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-01-01 12:48:18 382360 ----a-w- C:\WINDOWS\System32\atmfd.dll
2018-01-01 12:47:06 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-01-01 12:47:01 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-01-01 12:46:23 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-01-01 12:46:21 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-01-01 12:45:54 2395032 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-01-01 12:45:48 1277848 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-01-01 12:45:17 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-01-01 12:43:31 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-01-01 12:43:16 367336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-01-01 12:43:03 62872 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-01-01 12:42:46 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-01-01 12:42:36 494488 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-01-01 12:42:34 184984 ----a-w- C:\WINDOWS\System32\sspicli.dll
2018-01-01 12:42:20 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-01-01 12:42:01 1029016 ----a-w- C:\WINDOWS\System32\efscore.dll
2018-01-01 12:41:32 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-01-01 12:41:24 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-01-01 12:41:18 7676296 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-01-01 12:40:19 1206680 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-01-01 12:39:58 508264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2018-01-01 12:39:53 902416 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-01-01 12:39:44 362904 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2018-01-01 12:39:17 677784 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-01-01 12:39:06 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-01-01 12:38:53 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-01-01 12:38:43 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2018-01-01 12:38:24 3904808 ----a-w- C:\WINDOWS\explorer.exe
2018-01-01 12:38:15 727448 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-01-01 12:38:09 103320 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2018-01-01 12:37:57 461720 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-01-01 12:37:09 1426664 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2018-01-01 12:36:57 113560 ----a-w- C:\WINDOWS\System32\icfupgd.dll
2018-01-01 12:36:32 57752 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-01-01 12:36:25 413888 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2018-01-01 12:36:25 166296 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-01-01 12:36:20 374032 ----a-w- C:\WINDOWS\System32\vac.exe
2018-01-01 12:35:34 75160 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-01-01 12:35:16 1170008 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2018-01-01 12:34:51 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-01-01 12:34:45 7385088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-01-01 12:34:45 260896 ----a-w- C:\WINDOWS\System32\mfps.dll
2018-01-01 12:34:43 87384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2018-01-01 12:33:42 603920 ----a-w- C:\WINDOWS\System32\audiodg.exe
2018-01-01 12:33:36 2773400 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-01-01 12:32:57 4481240 ----a-w- C:\WINDOWS\System32\mfcore.dll
2018-01-01 12:32:30 617304 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2018-01-01 12:27:27 713624 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-01-01 12:27:26 163736 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-01-01 12:26:45 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-01-01 12:26:25 428952 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-01-01 12:25:50 147864 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-01-01 12:25:26 615768 ----a-w- C:\WINDOWS\System32\services.exe
2018-01-01 12:21:36 1103768 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-01-01 12:21:34 614296 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2018-01-01 12:06:49 311192 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2018-01-01 12:03:39 650328 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-01-01 12:03:38 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-01-01 12:03:36 566664 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-01-01 12:03:03 123512 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2018-01-01 11:53:43 1615712 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-01-01 11:49:35 258808 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2018-01-01 11:49:11 481464 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2018-01-01 11:46:57 289816 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2018-01-01 11:46:25 3485392 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-01-01 11:45:54 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-01-01 11:45:34 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-01-01 11:45:26 450928 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2018-01-01 11:42:56 982528 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2018-01-01 11:42:47 386424 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2018-01-01 11:42:41 4644912 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2018-01-01 11:42:40 6479552 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-01-01 11:42:33 1246432 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2018-01-01 11:42:32 74992 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
.
============= FINISH: 13:39:16.62 ===============

Attached Files

attach.txt (13.7 KB)

Hello,

It looks like when I bring up a blank page on Firefox, it brings up Rspark.com that I never heard of. Would you be able to help me get rid of this if this is a virus?

Just let me know what I need to do....

Thanks,

For about the past week my computer has presented intermittent faults, such as being unable to restart or shutdown or, more obviously, faults when trying to use USB sticks. For example, when trying to load new photos into Lightroom from an SDHC via a USB card reader the system sometimes enters a busy state which never completes. The only way I have found to exit this state is to physically power down. More specifically I am unable to create a Win 10 recovery USB: the process of calculating the size of USB required never completes - even after 12 hours. Furthermore, the process cannot be cancelled - a busy state is entered as described above.

I naturally suspect a faulty Win 10 update but have no way of knowing which update this might be. Obviously, I should also suspect a malware infection and am starting from that point, rather than a Windows Update issue. I have run DDS script as recommended and made the attachments as required:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15
Run by Tony at 15:56:41 on 2018-02-01
Microsoft Windows 10 Home 10.0.16299.0.1252.44.1033.18.16375.13489 [GMT 0:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus *Disabled/Updated* {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Advanced Protection *Enabled/Updated* {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall *Disabled* {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\dashost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\taskhostw.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
C:\WINDOWS\system32\mqsvc.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\viakaraokesrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\WINDOWS\Explorer.EXE
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\SettingSyncHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
svchost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://uk.yahoo.com/?fr=fp-comodo&type=33090001005_hp_sp
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\Tony\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{29474fee-b88a-47fa-a7d9-541e4225df64} : NameServer = 194.168.4.100,194.168.8.100
TCP: Interfaces\{29474fee-b88a-47fa-a7d9-541e4225df64} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6a952068-e907-4a13-87cf-2fd98d531ea8} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Windows Mobile Device Center] C:\WINDOWS\WindowsMobile\wmdc.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [Eraser] "C:\Program Files\Eraser\Eraser.exe" -atRestart
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2016-9-16 19152]
R0 SCMNdisP;General NDIS Protocol Driver;C:\WINDOWS\System32\drivers\SCMNdisP.sys [2016-3-23 29472]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-16 59800]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\WINDOWS\System32\drivers\cmderd.sys [2018-1-11 44056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\System32\drivers\cmdguard.sys [2018-1-11 830448]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\WINDOWS\System32\drivers\cmdhlp.sys [2018-1-11 50776]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 isedrv;Internet Security Essentials;C:\WINDOWS\System32\drivers\isedrv.sys [2017-8-31 62208]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2018-1-5 2319848]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-1-5 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_3507e;CDPUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-1-16 385024]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-8-17 135824]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-6-24 1659592]
R2 isesrv;isesrv;C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe [2017-8-31 133840]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-6-30 495224]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-1-7 462968]
R2 OneSyncSvc_3507e;OneSyncSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Centre Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-1-16 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\WINDOWS\System32\ViakaraokeSrv.exe [2012-12-11 27768]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-16 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_3507e;WpnUserService_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-11-24 671000]
R3 amdiox64;AMD IO Driver;C:\WINDOWS\System32\drivers\amdiox64.sys [2012-10-21 46136]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 FocusriteUSBSwRoot;USB Audio Root;C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [2017-1-22 102088]
R3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2012-10-21 14136]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-6-30 48248]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2017-6-30 57976]
R3 PimIndexMaintenanceSvc_3507e;PimIndexMaintenanceSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-9-29 604160]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UnistoreSvc_3507e;UnistoreSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2014-12-9 60640]
R3 UserDataSvc_3507e;UserDataSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\System32\drivers\viahduaa.sys [2015-8-11 692400]
R3 WacHidRouter;Wacom Hid Router;C:\WINDOWS\System32\drivers\wachidrouter.sys [2012-10-21 100664]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2012-10-21 15160]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-3-12 136544]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 ahcix64s;ahcix64s;C:\WINDOWS\System32\drivers\ahcix64s.sys [2009-7-14 226616]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2018-1-11 2875816]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
S3 DevicesFlowUserSvc_3507e;DevicesFlowUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 epmntdrv;epmntdrv;C:\WINDOWS\System32\epmntdrv.sys [2018-1-30 33448]
S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\System32\EuGdiDrv.sys [2018-1-30 10848]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_3507e;MessagingService_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-1-16 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-6-30 495224]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_3507e;PrintWorkflowUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PSSDK42;PSSDK42;C:\WINDOWS\System32\drivers\pssdk42.sys [2013-11-20 53312]
S3 PSSDKLBF;PSSDKLBF;C:\WINDOWS\System32\drivers\pssdklbf.sys [2013-11-20 65600]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2016-9-16 12504]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-1-16 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-16 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-13 45464]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-13 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-13 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-13 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-13 770048]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-1-16 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2010-3-12 52280]
S4 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-6-30 30328]
S4 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-5-11 450168]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: JSFile="C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2018-02-01 15:44:45 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{742FD558-4F7B-40ED-991B-86C17EE3B87E}\mpengine.dll
2018-01-30 16:39:51 -------- d-----w- C:\ProgramData\SystemAcCrux
2018-01-30 16:39:37 30320 ----a-w- C:\WINDOWS\System32\drivers\EPMVolFlt.sys
2018-01-30 16:39:36 4094608 ----a-w- C:\WINDOWS\System32\BootMan.exe
2018-01-30 16:39:36 33448 ----a-w- C:\WINDOWS\System32\epmntdrv.sys
2018-01-30 16:39:36 3076240 ----a-w- C:\WINDOWS\SysWow64\BootMan.exe
2018-01-30 16:39:36 30320 ----a-w- C:\WINDOWS\System32\EPMVolFlt.sys
2018-01-30 16:39:36 21088 ----a-w- C:\WINDOWS\SysWow64\EuEpmGdi.dll
2018-01-30 16:39:36 17504 ----a-w- C:\WINDOWS\System32\EuEpmGdi.dll
2018-01-30 16:39:36 131728 ----a-w- C:\WINDOWS\System32\setupempdrvx64.exe
2018-01-30 16:39:36 10848 ----a-w- C:\WINDOWS\System32\EuGdiDrv.sys
2018-01-30 16:39:23 -------- d-----w- C:\Program Files (x86)\EaseUS
2018-01-24 20:00:28 -------- d-----w- C:\Program Files\iPod
2018-01-24 20:00:08 -------- d-----w- C:\Program Files\iTunes
2018-01-16 19:04:45 824632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2018-01-16 19:04:45 822584 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-01-16 19:04:38 403968 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll
2018-01-16 19:04:22 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-01-16 19:04:19 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-01-11 18:00:59 924984 ----a-w- C:\WINDOWS\System32\guard64.dll
2018-01-11 18:00:59 830448 ----a-w- C:\WINDOWS\System32\drivers\cmdguard.sys
2018-01-11 18:00:59 710920 ----a-w- C:\WINDOWS\SysWow64\guard32.dll
2018-01-11 18:00:59 50776 ----a-w- C:\WINDOWS\System32\drivers\cmdhlp.sys
2018-01-11 18:00:59 467368 ----a-w- C:\WINDOWS\System32\cmdvrt64.dll
2018-01-11 18:00:59 44056 ----a-w- C:\WINDOWS\System32\drivers\cmderd.sys
2018-01-10 13:41:48 1057976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58F4D502-D487-447D-985F-D3278C987F82}\gapaengine.dll
2018-01-10 13:41:46 152080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
2018-01-10 13:41:39 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-01-09 18:30:42 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-01-09 18:30:42 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-01-07 12:36:32 136312 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2018-01-07 12:36:31 927544 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2018-01-07 12:36:31 798008 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2018-01-07 12:36:31 591160 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2018-01-07 12:36:31 490296 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2018-01-07 12:36:31 -------- d-----w- C:\Program Files (x86)\VulkanRT
2018-01-07 11:17:22 123000 ----a-w- C:\WINDOWS\System32\nvshext.dll
.
==================== Find3M ====================
.
2018-02-01 15:44:18 548000 ------w- C:\WINDOWS\System32\MpSigStub.exe
2018-01-09 18:30:52 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-01-09 00:20:17 51528 ----a-w- C:\WINDOWS\System32\cmdcsr.dll
2018-01-09 00:15:53 371112 ----a-w- C:\WINDOWS\SysWow64\cmdvrt32.dll
2018-01-01 17:15:38 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-01-01 12:54:36 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-01-01 12:53:26 1090984 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-01-01 12:52:23 66712 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-01-01 12:51:59 59800 ----a-w- C:\WINDOWS\System32\drivers\bam.sys
2018-01-01 12:51:56 1055128 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-01-01 12:51:31 191816 ----a-w- C:\WINDOWS\System32\skci.dll
2018-01-01 12:51:23 1209240 ----a-w- C:\WINDOWS\System32\winload.exe
2018-01-01 12:51:18 1414784 ----a-w- C:\WINDOWS\System32\winload.efi
2018-01-01 12:50:58 479912 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-01-01 12:50:35 77208 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-01-01 12:50:17 780464 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-01-01 12:50:07 5905752 ----a-w- C:\WINDOWS\System32\StartTileData.dll
2018-01-01 12:49:34 8605080 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-01-01 12:49:34 292376 ----a-w- C:\WINDOWS\System32\wscapi.dll
2018-01-01 12:49:31 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-01-01 12:49:10 319352 ----a-w- C:\WINDOWS\System32\wow64.dll
2018-01-01 12:48:26 1954048 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-01-01 12:48:18 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-01-01 12:48:18 382360 ----a-w- C:\WINDOWS\System32\atmfd.dll
2018-01-01 12:47:06 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-01-01 12:47:01 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-01-01 12:46:23 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-01-01 12:46:21 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-01-01 12:45:54 2395032 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-01-01 12:45:48 1277848 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-01-01 12:45:17 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-01-01 12:43:31 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-01-01 12:43:16 367336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-01-01 12:43:03 62872 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-01-01 12:42:46 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-01-01 12:42:36 494488 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-01-01 12:42:34 184984 ----a-w- C:\WINDOWS\System32\sspicli.dll
2018-01-01 12:42:20 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-01-01 12:42:01 1029016 ----a-w- C:\WINDOWS\System32\efscore.dll
2018-01-01 12:41:32 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-01-01 12:41:24 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-01-01 12:41:18 7676296 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-01-01 12:40:19 1206680 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-01-01 12:39:58 508264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2018-01-01 12:39:53 902416 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-01-01 12:39:44 362904 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2018-01-01 12:39:17 677784 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-01-01 12:39:06 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-01-01 12:38:53 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-01-01 12:38:43 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2018-01-01 12:38:24 3904808 ----a-w- C:\WINDOWS\explorer.exe
2018-01-01 12:38:15 727448 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-01-01 12:38:09 103320 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2018-01-01 12:37:57 461720 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-01-01 12:37:09 1426664 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2018-01-01 12:36:57 113560 ----a-w- C:\WINDOWS\System32\icfupgd.dll
2018-01-01 12:36:32 57752 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-01-01 12:36:25 413888 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2018-01-01 12:36:25 166296 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-01-01 12:36:20 374032 ----a-w- C:\WINDOWS\System32\vac.exe
2018-01-01 12:35:34 75160 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-01-01 12:35:16 1170008 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2018-01-01 12:34:51 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-01-01 12:34:45 7385088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-01-01 12:34:45 260896 ----a-w- C:\WINDOWS\System32\mfps.dll
2018-01-01 12:34:43 87384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2018-01-01 12:33:42 603920 ----a-w- C:\WINDOWS\System32\audiodg.exe
2018-01-01 12:33:36 2773400 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-01-01 12:32:57 4481240 ----a-w- C:\WINDOWS\System32\mfcore.dll
2018-01-01 12:32:30 617304 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2018-01-01 12:27:27 713624 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-01-01 12:27:26 163736 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-01-01 12:26:45 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-01-01 12:26:25 428952 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-01-01 12:25:50 147864 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-01-01 12:25:26 615768 ----a-w- C:\WINDOWS\System32\services.exe
2018-01-01 12:21:36 1103768 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-01-01 12:21:34 614296 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2018-01-01 12:06:49 311192 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2018-01-01 12:03:39 650328 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-01-01 12:03:38 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-01-01 12:03:36 566664 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-01-01 12:03:03 123512 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2018-01-01 11:53:43 1615712 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-01-01 11:49:35 258808 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2018-01-01 11:49:11 481464 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2018-01-01 11:46:57 289816 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2018-01-01 11:46:25 3485392 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-01-01 11:45:54 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-01-01 11:45:34 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-01-01 11:45:26 450928 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2018-01-01 11:42:56 982528 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2018-01-01 11:42:47 386424 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2018-01-01 11:42:41 4644912 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2018-01-01 11:42:40 6479552 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-01-01 11:42:33 1246432 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2018-01-01 11:42:32 74992 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2018-01-01 11:42:32 129184 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2018-01-01 11:42:32 1003152 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2018-01-01 11:37:35 25247232 ----a-w- C:\WINDOWS\System32\edgehtml.dll
.
============= FINISH: 15:57:18.82 ===============

Attached Files

attach.txt (12.5 KB)

Hello I am usually not turning off PC during the night, so after I woke up today I noticed a certain popup that probably open when I was on some sport streaming site... What I noticed is that my CPU was at 99% when I closed the popup it immediately went to normal... I also copy pasted the address of the popup and just tested it and open again ... which made CPU go back to 99% everytime the URL was open...
Is there a way to test that URL what is actually happening? Can I give you guys the URL name and you tell me what is going on ? I am not sure if I am allowed to just paste URLs that might even be infected.

Hello,

It looks like when I bring up a blank page on Firefox, it brings up Rspark.com that I never heard of. Would you be able to help me get rid of this if this is a virus?

Just let me know what I need to do....

Thanks,

For about the past week my computer has presented intermittent faults, such as being unable to restart or shutdown or, more obviously, faults when trying to use USB sticks. For example, when trying to load new photos into Lightroom from an SDHC via a USB card reader the system sometimes enters a busy state which never completes. The only way I have found to exit this state is to physically power down. More specifically I am unable to create a Win 10 recovery USB: the process of calculating the size of USB required never completes - even after 12 hours. Furthermore, the process cannot be cancelled - a busy state is entered as described above.

I naturally suspect a faulty Win 10 update but have no way of knowing which update this might be. Obviously, I should also suspect a malware infection and am starting from that point, rather than a Windows Update issue. I have run DDS script as recommended and made the attachments as required:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15
Run by Tony at 15:56:41 on 2018-02-01
Microsoft Windows 10 Home 10.0.16299.0.1252.44.1033.18.16375.13489 [GMT 0:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus *Disabled/Updated* {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Advanced Protection *Enabled/Updated* {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall *Disabled* {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\dashost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\taskhostw.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
C:\WINDOWS\system32\mqsvc.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\viakaraokesrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\WINDOWS\Explorer.EXE
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\SettingSyncHost.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
svchost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://uk.yahoo.com/?fr=fp-comodo&type=33090001005_hp_sp
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\Tony\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{29474fee-b88a-47fa-a7d9-541e4225df64} : NameServer = 194.168.4.100,194.168.8.100
TCP: Interfaces\{29474fee-b88a-47fa-a7d9-541e4225df64} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6a952068-e907-4a13-87cf-2fd98d531ea8} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Windows Mobile Device Center] C:\WINDOWS\WindowsMobile\wmdc.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [Eraser] "C:\Program Files\Eraser\Eraser.exe" -atRestart
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2016-9-16 19152]
R0 SCMNdisP;General NDIS Protocol Driver;C:\WINDOWS\System32\drivers\SCMNdisP.sys [2016-3-23 29472]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-16 59800]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\WINDOWS\System32\drivers\cmderd.sys [2018-1-11 44056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\System32\drivers\cmdguard.sys [2018-1-11 830448]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\WINDOWS\System32\drivers\cmdhlp.sys [2018-1-11 50776]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 isedrv;Internet Security Essentials;C:\WINDOWS\System32\drivers\isedrv.sys [2017-8-31 62208]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2018-1-5 2319848]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-1-5 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_3507e;CDPUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-1-16 385024]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-8-17 135824]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-6-24 1659592]
R2 isesrv;isesrv;C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe [2017-8-31 133840]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-6-30 495224]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-1-7 462968]
R2 OneSyncSvc_3507e;OneSyncSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Centre Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-1-16 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\WINDOWS\System32\ViakaraokeSrv.exe [2012-12-11 27768]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-16 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_3507e;WpnUserService_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-11-24 671000]
R3 amdiox64;AMD IO Driver;C:\WINDOWS\System32\drivers\amdiox64.sys [2012-10-21 46136]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 FocusriteUSBSwRoot;USB Audio Root;C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [2017-1-22 102088]
R3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2012-10-21 14136]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-6-30 48248]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2017-6-30 57976]
R3 PimIndexMaintenanceSvc_3507e;PimIndexMaintenanceSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-9-29 604160]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UnistoreSvc_3507e;UnistoreSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2014-12-9 60640]
R3 UserDataSvc_3507e;UserDataSvc_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\System32\drivers\viahduaa.sys [2015-8-11 692400]
R3 WacHidRouter;Wacom Hid Router;C:\WINDOWS\System32\drivers\wachidrouter.sys [2012-10-21 100664]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2012-10-21 15160]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-9-29 355304]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-3-12 136544]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 ahcix64s;ahcix64s;C:\WINDOWS\System32\drivers\ahcix64s.sys [2009-7-14 226616]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2018-1-11 2875816]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
S3 DevicesFlowUserSvc_3507e;DevicesFlowUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 epmntdrv;epmntdrv;C:\WINDOWS\System32\epmntdrv.sys [2018-1-30 33448]
S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\System32\EuGdiDrv.sys [2018-1-30 10848]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_3507e;MessagingService_3507e;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-1-16 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-6-30 495224]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_3507e;PrintWorkflowUserSvc_3507e;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PSSDK42;PSSDK42;C:\WINDOWS\System32\drivers\pssdk42.sys [2013-11-20 53312]
S3 PSSDKLBF;PSSDKLBF;C:\WINDOWS\System32\drivers\pssdklbf.sys [2013-11-20 65600]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2016-9-16 12504]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-1-16 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-16 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-13 45464]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-13 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-13 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-13 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2017-9-29 48688]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-13 770048]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-1-16 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2010-3-12 52280]
S4 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-6-30 30328]
S4 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-5-11 450168]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: JSFile="C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2018-02-01 15:44:45 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{742FD558-4F7B-40ED-991B-86C17EE3B87E}\mpengine.dll
2018-01-30 16:39:51 -------- d-----w- C:\ProgramData\SystemAcCrux
2018-01-30 16:39:37 30320 ----a-w- C:\WINDOWS\System32\drivers\EPMVolFlt.sys
2018-01-30 16:39:36 4094608 ----a-w- C:\WINDOWS\System32\BootMan.exe
2018-01-30 16:39:36 33448 ----a-w- C:\WINDOWS\System32\epmntdrv.sys
2018-01-30 16:39:36 3076240 ----a-w- C:\WINDOWS\SysWow64\BootMan.exe
2018-01-30 16:39:36 30320 ----a-w- C:\WINDOWS\System32\EPMVolFlt.sys
2018-01-30 16:39:36 21088 ----a-w- C:\WINDOWS\SysWow64\EuEpmGdi.dll
2018-01-30 16:39:36 17504 ----a-w- C:\WINDOWS\System32\EuEpmGdi.dll
2018-01-30 16:39:36 131728 ----a-w- C:\WINDOWS\System32\setupempdrvx64.exe
2018-01-30 16:39:36 10848 ----a-w- C:\WINDOWS\System32\EuGdiDrv.sys
2018-01-30 16:39:23 -------- d-----w- C:\Program Files (x86)\EaseUS
2018-01-24 20:00:28 -------- d-----w- C:\Program Files\iPod
2018-01-24 20:00:08 -------- d-----w- C:\Program Files\iTunes
2018-01-16 19:04:45 824632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2018-01-16 19:04:45 822584 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-01-16 19:04:38 403968 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll
2018-01-16 19:04:22 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-01-16 19:04:19 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-01-11 18:00:59 924984 ----a-w- C:\WINDOWS\System32\guard64.dll
2018-01-11 18:00:59 830448 ----a-w- C:\WINDOWS\System32\drivers\cmdguard.sys
2018-01-11 18:00:59 710920 ----a-w- C:\WINDOWS\SysWow64\guard32.dll
2018-01-11 18:00:59 50776 ----a-w- C:\WINDOWS\System32\drivers\cmdhlp.sys
2018-01-11 18:00:59 467368 ----a-w- C:\WINDOWS\System32\cmdvrt64.dll
2018-01-11 18:00:59 44056 ----a-w- C:\WINDOWS\System32\drivers\cmderd.sys
2018-01-10 13:41:48 1057976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58F4D502-D487-447D-985F-D3278C987F82}\gapaengine.dll
2018-01-10 13:41:46 152080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
2018-01-10 13:41:39 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-01-09 18:30:42 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-01-09 18:30:42 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-01-07 12:36:32 136312 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2018-01-07 12:36:31 927544 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2018-01-07 12:36:31 798008 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2018-01-07 12:36:31 591160 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2018-01-07 12:36:31 490296 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2018-01-07 12:36:31 -------- d-----w- C:\Program Files (x86)\VulkanRT
2018-01-07 11:17:22 123000 ----a-w- C:\WINDOWS\System32\nvshext.dll
.
==================== Find3M ====================
.
2018-02-01 15:44:18 548000 ------w- C:\WINDOWS\System32\MpSigStub.exe
2018-01-09 18:30:52 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-01-09 00:20:17 51528 ----a-w- C:\WINDOWS\System32\cmdcsr.dll
2018-01-09 00:15:53 371112 ----a-w- C:\WINDOWS\SysWow64\cmdvrt32.dll
2018-01-01 17:15:38 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-01-01 12:54:36 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-01-01 12:53:26 1090984 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-01-01 12:52:23 66712 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-01-01 12:51:59 59800 ----a-w- C:\WINDOWS\System32\drivers\bam.sys
2018-01-01 12:51:56 1055128 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-01-01 12:51:31 191816 ----a-w- C:\WINDOWS\System32\skci.dll
2018-01-01 12:51:23 1209240 ----a-w- C:\WINDOWS\System32\winload.exe
2018-01-01 12:51:18 1414784 ----a-w- C:\WINDOWS\System32\winload.efi
2018-01-01 12:50:58 479912 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-01-01 12:50:35 77208 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-01-01 12:50:17 780464 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-01-01 12:50:07 5905752 ----a-w- C:\WINDOWS\System32\StartTileData.dll
2018-01-01 12:49:34 8605080 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-01-01 12:49:34 292376 ----a-w- C:\WINDOWS\System32\wscapi.dll
2018-01-01 12:49:31 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-01-01 12:49:10 319352 ----a-w- C:\WINDOWS\System32\wow64.dll
2018-01-01 12:48:26 1954048 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-01-01 12:48:18 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-01-01 12:48:18 382360 ----a-w- C:\WINDOWS\System32\atmfd.dll
2018-01-01 12:47:06 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-01-01 12:47:01 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-01-01 12:46:23 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-01-01 12:46:21 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-01-01 12:45:54 2395032 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-01-01 12:45:48 1277848 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-01-01 12:45:17 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-01-01 12:43:31 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-01-01 12:43:16 367336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-01-01 12:43:03 62872 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-01-01 12:42:46 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-01-01 12:42:36 494488 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-01-01 12:42:34 184984 ----a-w- C:\WINDOWS\System32\sspicli.dll
2018-01-01 12:42:20 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-01-01 12:42:01 1029016 ----a-w- C:\WINDOWS\System32\efscore.dll
2018-01-01 12:41:32 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-01-01 12:41:24 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-01-01 12:41:18 7676296 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-01-01 12:40:19 1206680 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-01-01 12:39:58 508264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2018-01-01 12:39:53 902416 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-01-01 12:39:44 362904 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2018-01-01 12:39:17 677784 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-01-01 12:39:06 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-01-01 12:38:53 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-01-01 12:38:43 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2018-01-01 12:38:24 3904808 ----a-w- C:\WINDOWS\explorer.exe
2018-01-01 12:38:15 727448 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-01-01 12:38:09 103320 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2018-01-01 12:37:57 461720 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-01-01 12:37:09 1426664 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2018-01-01 12:36:57 113560 ----a-w- C:\WINDOWS\System32\icfupgd.dll
2018-01-01 12:36:32 57752 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-01-01 12:36:25 413888 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2018-01-01 12:36:25 166296 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-01-01 12:36:20 374032 ----a-w- C:\WINDOWS\System32\vac.exe
2018-01-01 12:35:34 75160 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-01-01 12:35:16 1170008 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2018-01-01 12:34:51 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-01-01 12:34:45 7385088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-01-01 12:34:45 260896 ----a-w- C:\WINDOWS\System32\mfps.dll
2018-01-01 12:34:43 87384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2018-01-01 12:33:42 603920 ----a-w- C:\WINDOWS\System32\audiodg.exe
2018-01-01 12:33:36 2773400 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-01-01 12:32:57 4481240 ----a-w- C:\WINDOWS\System32\mfcore.dll
2018-01-01 12:32:30 617304 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2018-01-01 12:27:27 713624 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-01-01 12:27:26 163736 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-01-01 12:26:45 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-01-01 12:26:25 428952 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-01-01 12:25:50 147864 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-01-01 12:25:26 615768 ----a-w- C:\WINDOWS\System32\services.exe
2018-01-01 12:21:36 1103768 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-01-01 12:21:34 614296 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2018-01-01 12:06:49 311192 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2018-01-01 12:03:39 650328 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-01-01 12:03:38 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-01-01 12:03:36 566664 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-01-01 12:03:03 123512 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2018-01-01 11:53:43 1615712 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-01-01 11:49:35 258808 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2018-01-01 11:49:11 481464 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2018-01-01 11:46:57 289816 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2018-01-01 11:46:25 3485392 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-01-01 11:45:54 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-01-01 11:45:34 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-01-01 11:45:26 450928 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2018-01-01 11:42:56 982528 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2018-01-01 11:42:47 386424 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2018-01-01 11:42:41 4644912 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2018-01-01 11:42:40 6479552 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-01-01 11:42:33 1246432 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2018-01-01 11:42:32 74992 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2018-01-01 11:42:32 129184 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2018-01-01 11:42:32 1003152 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2018-01-01 11:37:35 25247232 ----a-w- C:\WINDOWS\System32\edgehtml.dll
.
============= FINISH: 15:57:18.82 ===============

Attached Files

attach.txt (12.5 KB)

When I type a search item in Google, the results immediately redirect to Yahoo results. What can I do to fix this?

EDIT: I'm using Google Chrome. This problem doesn't present itself on Firefox.

HP ALL in One Desktop computer (4.5 years old)- Google Chrome Version 65 - Windoes 8.1
Processor: AMD A4-5300 APU w/Radeon HD Graphis - 64 bit - 6.0 GB RAM / 5.45 GB usable

It spikes at 100% - computer gets loud - even with NO TABS open
I checked task manager processes - its usually Google but that's with one window open and no extensions - I tried re-setting Google and turning off hardware acceleration
When it gets loud with no tabs open, its usually "System" process. Completed Windows update.

I checked for malware with Windows Defender full scan - Malwarebytes scan - Superantispyware scan - Kaspersky rootkit remover tool - CC cleaner - Windows malware removal tool and all of these came with a result of no threats. I cleared cookies / browsing data. I checked start up programs and disabled or limited them. Did a reboot and re-start. Deleted programs I never use. Tried shutting off anti-virus (Windows Defender). Did disk de-fragment. Checked Control programs for any suspicious programs and deleted ones I don't use.

I've run out of ideas, it may be time for new PC.. Any other things I could try?

My laptop doesn't turn off. When I try to restart or shut down the system the screen goes black after windows log off screen but the computer is still running and I get the blue screen after 10 minutes and the laptop restarts.
This problem has occurred before and I managed to solve it by restoring windows, reinstalling drivers, web browsers, antivirus (I was getting some error while trying to update it) and doing some other stuff, so I don't really know what was the problem.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18921
Run by ogin at 9:06:58 on 2018-02-28
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.12234.10286 [GMT 1:00]
.
AV: Bitdefender Antivirus Free Antimalware *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antivirus Free Antimalware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\ogin\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Użytkownicy\ogin\Pobrane\dds.scr
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned>
uRun: [f.lux] "C:\Users\ogin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 217.113.224.135 217.113.224.36
TCP: Interfaces\{94B4E6BF-FB28-4D0E-9D47-F7A310E36353} : DHCPNameServer = 217.113.224.135 217.113.224.36
SSODL: WebCheck - <orphaned>
x64-BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned>
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ogin\AppData\Roaming\Mozilla\Firefox\Profiles\g0x5904o.default\
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atc;atc;C:\Windows\System32\drivers\atc.sys [2018-2-23 1177720]
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2017-10-5 1725800]
R0 BdDci;BdDci Service;C:\Windows\System32\drivers\bddci.sys [2018-2-23 154888]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2018-2-23 191784]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2017-10-5 89600]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-2-27 2319848]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ProductAgentService;ProductAgentService;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2017-10-5 1269824]
R2 updatesrv;Bitdefender Update Service;C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [2017-10-5 100392]
R2 vsservppl;Bitdefender Correlation Service;C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [2017-10-5 100392]
R3 edrsensor;edrsensor;C:\Windows\System32\drivers\edrsensor.sys [2017-10-5 248336]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-7-31 175928]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-7-16 26208]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-2-27 116224]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2018-2-7 19456]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2018-2-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2018-2-7 30208]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2017-10-5 1255736]
S4 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760]
S4 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-10-20 1659456]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-2-29 30520]
S4 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
.
=============== Created Last 30 ================
.
2018-02-28 07:52:38 -------- d-----w- C:\Windows\System32\tmp00004828
2018-02-27 09:49:35 -------- d-----w- C:\Users\ogin\AppData\Roaming\LibreOffice
2018-02-27 09:25:50 -------- d-----w- C:\Program Files (x86)\LibreOffice
2018-02-27 09:13:31 -------- d-----w- C:\Windows\System32\tmp00007e30
2018-02-27 08:08:29 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign924e0e39fd6b51ed
2018-02-26 22:50:59 -------- d-----w- C:\Windows\System32\tmp00000d92
2018-02-26 21:20:34 -------- d-----w- C:\Windows\System32\tmp000067b2
2018-02-26 00:04:16 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigndca1b95786b32ff8
2018-02-25 23:54:03 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignef11396bbbfa61c0
2018-02-25 23:53:02 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigndb783900d0e5e95d
2018-02-25 23:53:02 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign1eae3e1977c7a67a
2018-02-25 23:40:31 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignd87469fed99faab7
2018-02-25 23:36:45 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign3f91c557915ea4a4
2018-02-25 23:31:50 -------- d-----w- C:\Program Files (x86)\MSECache
2018-02-25 22:53:04 -------- d-----w- C:\Windows\System32\tmp00007972
2018-02-24 11:32:23 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignd6de1e03110e8f6f
2018-02-24 11:17:29 -------- d-----w- C:\Windows\System32\tmp00005340
2018-02-23 11:35:57 191784 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2018-02-23 11:35:51 154888 ----a-w- C:\Windows\System32\drivers\bddci.sys
2018-02-23 11:35:50 1177720 ----a-w- C:\Windows\System32\drivers\atc.sys
2018-02-22 12:55:42 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign216c5a383e2e7bef
2018-02-22 12:55:41 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignde83b22e8aed9032
2018-02-22 12:55:41 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2c3ff15fdf18b842
2018-02-22 11:48:41 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2d29c62d3fa70c9c
2018-02-20 20:13:11 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign209ce961ec7b3c4b
2018-02-20 09:02:46 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign72ebb72d30e4c93a
2018-02-20 09:01:52 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign5cbd8d891340fe27
2018-02-20 08:50:50 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne571d1ea29e019aa
2018-02-20 08:50:49 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign841ed80208f8e2af
2018-02-20 08:50:49 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6994c3a6ea5bdbdb
2018-02-20 08:45:33 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign3aa2b9440b974920
2018-02-20 08:40:57 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6e3cf2f1e1611400
2018-02-19 22:02:31 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign73f3aa24e1903a76
2018-02-16 01:22:59 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2e892974f9f31943
2018-02-15 18:10:08 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignb1e9bb737668a48d
2018-02-15 18:06:32 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigndea8a639420f85e4
2018-02-15 18:06:32 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigna609bea8967b5b5d
2018-02-14 08:11:44 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignbc81a14ec3a385c1
2018-02-13 23:23:52 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignad9c0cc76a7f497b
2018-02-12 19:08:11 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6156eb5c661cbc3b
2018-02-12 19:08:08 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignbd1a5803e25a9105
2018-02-12 19:08:08 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign804f01cfde46d1cc
2018-02-12 10:48:20 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign7a1937b4f28644b2
2018-02-08 21:42:10 83792 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2018-02-08 21:42:10 440120 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2018-02-08 21:42:10 267592 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2018-02-08 21:42:10 244032 ----a-w- C:\Windows\SysWow64\concrt140.dll
2018-02-08 10:21:50 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign80d3610b3dab0fe1
2018-02-07 22:38:48 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign7b6eaccf4a594faa
2018-02-07 19:13:44 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2018-02-07 19:13:44 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2018-02-07 19:13:44 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2018-02-07 19:13:44 429568 ----a-w- C:\Windows\System32\wksprt.exe
2018-02-07 19:13:44 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2018-02-07 19:13:43 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2018-02-07 19:13:43 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2018-02-07 19:13:41 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2018-02-07 19:09:36 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigna68a4bd2827f6603
2018-02-07 19:08:46 71224 ----a-w- C:\Windows\System32\nvshext.dll
2018-02-07 19:08:46 6475466 ----a-w- C:\Windows\System32\nvcoproc.bin
2018-02-07 19:08:46 6368192 ----a-w- C:\Windows\System32\nvcpl.dll
2018-02-07 19:08:46 393784 ----a-w- C:\Windows\System32\nvmctray.dll
2018-02-07 19:08:46 2993720 ----a-w- C:\Windows\System32\nvsvc64.dll
2018-02-07 19:08:46 2563128 ----a-w- C:\Windows\System32\nvsvcr.dll
2018-02-07 19:08:46 1201088 ----a-w- C:\Windows\System32\nvvsvc.exe
2018-02-07 19:08:35 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2018-02-07 18:27:48 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign1e70cf1201b7bd5c
2018-02-07 16:07:17 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign4b22afaeb2dcd612
2018-02-07 15:44:14 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignf05275b42d6749bb
2018-02-07 13:37:35 -------- d-----w- C:\Users\ogin\AppData\Local\HP_Inc
2018-02-07 13:29:55 -------- d-----w- C:\ProgramData\Qualcomm Atheros
2018-02-07 13:23:34 -------- d-----w- C:\Windows\SysWow64\SDA
2018-02-07 13:23:33 -------- d-----w- C:\Program Files (x86)\JMicron
2018-02-07 13:18:27 89888 ----a-w- C:\Windows\System32\NicInstC.dll
2018-02-07 13:18:27 73480 ----a-w- C:\Windows\System32\e1cmsg.dll
2018-02-07 13:18:27 495376 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2018-02-07 13:12:18 -------- d-----w- C:\Users\ogin\AppData\Roaming\IDT
2018-02-07 13:12:15 -------- d-----w- C:\ProgramData\HP Inc
2018-02-07 13:12:10 -------- d-----w- C:\System.sav
2018-02-07 13:10:45 -------- d-----w- C:\Users\ogin\AppData\Roaming\hpqLog
2018-02-07 13:10:27 -------- d-----w- C:\Users\ogin\AppData\Local\Hewlett-Packard
2018-02-07 12:01:35 -------- d-----w- C:\Program Files\Malwarebytes
2018-02-07 11:59:44 -------- d-----w- C:\Users\ogin\AppData\Local\CrashDumps
2018-02-07 11:46:45 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign4aed85987bc15022
2018-02-07 11:25:40 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6acdd550012d25fb
2018-02-07 11:25:37 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign49fcaeb9baddc437
2018-02-07 11:25:37 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign49bd478d4f6e8f8a
2018-02-07 11:03:18 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigna306a659b055b986
2018-02-07 11:01:41 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignd69e78bd8e05b7b6
2018-02-07 11:01:41 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign267c80b9a1488712
2018-02-07 10:56:12 3181568 ----a-w- C:\Windows\System32\rdpcorets.dll
2018-02-07 10:56:12 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2018-02-07 10:56:12 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2018-02-07 10:14:59 -------- d-s---w- C:\Windows\System32\CompatTel
2018-02-07 10:14:59 -------- d-----w- C:\Windows\System32\appraiser
2018-02-07 10:05:21 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2018-02-07 10:05:18 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2018-02-07 10:05:18 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2018-02-07 10:05:18 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2018-02-07 10:05:18 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2018-02-07 10:05:18 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2018-02-07 10:05:18 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2018-02-07 10:05:18 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2018-02-07 10:05:18 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2018-02-07 10:05:17 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2018-02-07 10:05:17 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2018-02-07 10:03:13 2560 ----a-w- C:\Windows\System32\drivers\pl-PL\wdf01000.sys.mui
2018-02-07 10:01:50 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2018-02-07 10:01:50 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2018-02-07 10:01:49 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2018-02-07 10:01:49 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2018-02-07 09:56:16 -------- d-----w- C:\Windows\Migration
2018-02-07 09:55:04 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2018-02-07 09:55:04 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2018-02-07 09:55:03 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2018-02-07 09:55:03 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2018-02-07 09:55:03 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2018-02-07 09:55:03 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2018-02-07 09:55:03 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2018-02-07 09:52:57 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2018-02-07 09:51:19 3229696 ----a-w- C:\Windows\explorer.exe
2018-02-07 09:51:19 2972672 ----a-w- C:\Windows\SysWow64\explorer.exe
2018-02-07 09:49:58 950272 ----a-w- C:\Windows\System32\perftrack.dll
2018-02-07 08:49:17 -------- d-----w- C:\Windows\pss
2018-02-07 08:17:51 30242 ----a-w- C:\ProgramData\agent.update.1517991468.bdinstall.bin
2018-02-06 18:24:11 22483 ----a-w- C:\ProgramData\agent.uninstall.1517941447.bdinstall.bin
2018-02-06 18:10:05 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign3d9a8b1d926d808d
2018-02-06 18:10:03 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignc393e9a8e12c313b
2018-02-06 18:10:03 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign85cb01ec83ece471
2018-02-06 13:10:29 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign659cef8b8db91998
2018-02-06 13:04:54 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2127fbd07c6d2d55
2018-02-06 13:04:43 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigna891c9241a39a6da
2018-02-06 13:04:43 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign9b0ea52f9c8c492e
2018-02-06 10:52:37 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigndb601679adb4b6b1
2018-02-06 05:13:59 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign79017e44dc58a9ad
2018-02-05 17:53:55 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignb57fd35fb80711dd
2018-02-05 17:53:46 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign99d1d87492efad83
2018-02-05 17:53:46 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign0caf4d65ef96d520
2018-02-05 14:05:59 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign8b95773e88410c2f
2018-02-05 14:05:57 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign3dd0cef07d0ce76d
2018-02-05 14:05:57 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign3566540ea2833b71
2018-02-04 21:19:34 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign69c0a902bd9634bd
2018-02-04 21:18:24 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign64191917c0b05bd1
2018-02-03 21:31:06 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne337689e0ffc90b8
2018-02-03 21:31:04 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign46943f9a2c604c8d
2018-02-03 21:31:04 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign35dd43d9291c5763
2018-02-03 21:23:06 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign5064c96e4c3ebe58
2018-02-03 21:23:01 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne591cf21167c8e13
2018-02-03 21:23:01 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign1375d6f863ecf024
2018-02-02 13:46:50 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignfc0a9f93b36e089b
2018-02-02 12:13:02 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign06c9e1e7e741dacf
2018-02-02 11:59:56 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne5228326e6be3f19
2018-02-02 11:45:42 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign7f7224015cb7b9e8
2018-02-01 23:02:49 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign8c82e6efae5a705c
2018-02-01 22:37:06 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignc28dcf3c971d2fc0
2018-02-01 21:23:26 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6ef37e6e00d63861
2018-02-01 21:09:12 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign0a97881a7bd16cb4
2018-02-01 20:35:24 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignf98d5a29d6edd8ba
2018-02-01 20:19:23 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign152d9a289372f8ed
2018-02-01 18:34:04 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign51aa98a23d2a8a61
2018-02-01 18:19:47 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne6bd9c3cc7119abb
2018-02-01 13:04:57 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign1ab8d4201cf503d1
2018-02-01 13:01:14 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign6d1a68d840ff8185
2018-02-01 11:52:32 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign8726c10a45ce14bb
2018-02-01 10:31:00 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2a2d16bd12b05bbf
2018-02-01 10:25:56 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign94c743f8172140f8
2018-02-01 10:25:50 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignbb9f3d12d7b41979
2018-02-01 10:20:19 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignab91b76b09c58292
2018-02-01 10:04:06 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign43b2e7596aff849e
2018-02-01 09:46:11 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignfd147bf63b1aa338
2018-02-01 08:33:55 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsigne5ba2b1680fc5418
2018-02-01 08:20:28 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign8a3cafb4dcb9058e
2018-01-31 20:07:03 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsignbf59b898aa6ba18c
2018-01-31 17:02:28 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign4727274b1ce0c98b
2018-01-29 21:38:18 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign2bf1b6d8c581ac30
2018-01-29 21:26:01 -------- d-----w- C:\Users\ogin\AppData\Local\Tempzxpsign62cce8239c57eda6
.
==================== Find3M ====================
.
2018-02-27 08:04:28 130067560 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-02-23 11:35:40 248336 ----a-w- C:\Windows\System32\drivers\edrsensor.sys
2018-02-23 11:35:38 1725800 ----a-w- C:\Windows\System32\drivers\avc3.sys
2018-02-10 07:30:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-02-10 07:29:53 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-02-10 07:17:49 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-02-10 07:17:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-02-10 07:17:07 417280 ----a-w- C:\Windows\System32\html.iec
2018-02-10 07:16:59 577536 ----a-w- C:\Windows\System32\vbscript.dll
2018-02-10 07:16:41 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-02-10 07:09:15 5782016 ----a-w- C:\Windows\System32\jscript9.dll
2018-02-10 07:06:41 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-02-10 07:06:40 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-02-10 07:06:13 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-02-10 07:01:11 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-02-10 06:52:40 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-02-10 06:52:14 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-02-10 06:33:03 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-02-10 06:32:50 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-02-10 06:27:22 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-02-10 06:08:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-02-10 05:57:53 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-02-10 05:57:39 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-02-10 05:57:10 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-02-10 05:57:03 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-02-10 05:56:17 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-02-10 05:49:28 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-02-10 05:49:11 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-02-10 05:39:12 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-02-10 05:38:50 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-02-10 05:35:10 4498944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-02-10 05:27:03 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-02-10 05:26:56 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-02-10 05:14:08 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-01-12 16:46:20 631680 ----a-w- C:\Windows\System32\winresume.efi
2018-01-12 16:44:05 708328 ----a-w- C:\Windows\System32\winload.efi
2018-01-12 16:44:05 5581544 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-01-12 16:44:05 1894120 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2018-01-12 16:44:04 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-01-12 16:44:04 377064 ----a-w- C:\Windows\System32\drivers\netio.sys
2018-01-12 16:44:04 287976 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2018-01-12 16:44:04 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-01-12 16:44:03 371432 ----a-w- C:\Windows\System32\clfs.sys
2018-01-12 16:33:04 1665384 ----a-w- C:\Windows\System32\ntdll.dll
2018-01-12 16:29:27 4014312 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-01-12 16:29:27 3959016 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-01-12 16:27:57 4834816 ----a-w- C:\Windows\System32\xpsrchvw.exe
2018-01-12 16:27:42 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-01-12 16:16:32 3405824 ----a-w- C:\Windows\SysWow64\xpsrchvw.exe
2018-01-12 16:16:01 30208 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2018-01-12 16:16:00 76288 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2018-01-12 16:15:59 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2018-01-12 16:11:24 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-01-12 16:11:20 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-01-12 16:11:18 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-01-12 16:10:34 64000 ----a-w- C:\Windows\System32\auditpol.exe
2018-01-12 16:07:15 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-01-12 16:06:18 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-01-12 16:03:18 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-01-12 16:02:42 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-01-12 16:02:40 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-01-12 16:02:09 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-01-12 16:01:53 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-01-12 16:01:49 112640 ----a-w- C:\Windows\System32\smss.exe
2018-01-12 15:57:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-01-12 15:57:55 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-01-12 15:57:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-01-12 15:57:53 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-01-12 15:57:00 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-01-12 15:56:51 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-01-12 15:56:51 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-12 15:56:51 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-12 15:56:51 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-01-11 16:41:11 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2018-01-11 16:22:57 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2018-01-11 16:09:02 3224064 ----a-w- C:\Windows\System32\win32k.sys
2018-01-05 16:31:12 151552 ----a-w- C:\Windows\System32\t2embed.dll
2018-01-05 16:31:02 41472 ----a-w- C:\Windows\System32\lpk.dll
2018-01-05 16:30:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
2018-01-05 16:30:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-01-05 16:30:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2018-01-05 16:25:54 383720 ----a-w- C:\Windows\System32\atmfd.dll
2018-01-05 16:14:01 309480 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-01-05 16:11:37 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2018-01-05 16:11:35 111104 ----a-w- C:\Windows\SysWow64\t2embed.dll
2018-01-05 16:11:25 71168 ----a-w- C:\Windows\SysWow64\fontsub.dll
2018-01-05 16:11:23 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2018-01-05 15:50:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2018-01-01 16:12:27 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2018-01-01 02:21:11 948968 ----a-w- C:\Windows\System32\drivers\ndis.sys
2018-01-01 02:21:11 288488 ----a-w- C:\Windows\System32\drivers\fltMgr.sys
2018-01-01 02:21:11 213736 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2018-01-01 02:21:11 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2018-01-01 02:21:10 114408 ----a-w- C:\Windows\System32\consent.exe
2018-01-01 02:04:05 559616 ----a-w- C:\Windows\System32\spoolsv.exe
2018-01-01 01:59:59 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2018-01-01 01:59:58 309760 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2018-01-01 01:55:16 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2018-01-01 01:55:09 58368 ----a-w- C:\Windows\System32\drivers\ndproxy.sys
2018-01-01 01:55:07 24064 ----a-w- C:\Windows\System32\drivers\ndistapi.sys
.
============= FINISH: 9:07:14,58 ===============

Attached Files

attach.txt (4.5 KB)