Hi there,
Sorry, i tried some removal process before asking here.
Its my 11 yr old Daughter's computer, My 6 yr old was doing some google search and she noticed a spinning wheel and out of curiosity clicked on it. Then something downloaded and asked permission to install. I clicked skip and skip and again skip but still i noticed a message on taskbar saying some programs been installed. I went to check on programs been installed there were 5-6 of them.
I immediately tried to uninstall them but some of them were uninstalled but next one get installed, it went like this and i guess about a dozen of them got installed.
I started to run MalwareBytes antimalware which detected quite a lot (in hundreds) and computer restarted. Apparently it was not cleaned (i might have had done some mistake here as i was doing in hast)
I ran it again and this time cleaned it thoroughly. Then restarted in safe mode and scaned with MBAM, nothing found this time.
Still my apps list has programs like MaxDriverUpdater Services by CSDI, DesktopSearch by Unique Solutions, Note-UP by QUAHOG LIMITED, Search module by Goodzo and space bar use by space bar use. when i click on them it gives uninstall option but clicking uninstall does nothing.
Then I ran AdwCleaner downloaded from bleeping computers which i think deleted quite a few of them, but i still have some left. which can not be uninstalled.
DDS logs are included and AdwCleaner log is also included. NOTE: AdwCleaner was run before DDS. sorry.
Edit: Browser home pages were all changed which i changed back and uninstalled the extensions. Some search bars were added which were uninstalled through control panel or by MBAM.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by P at 12:49:58 on 2015-09-17
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.2057.18.4095.2249 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\P\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0ceec13f-8aee-485f-8962-e532f6151bfd} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-15 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-16 256992]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-7-15 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-8-17 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-17 1133880]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2012-9-23 21160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2015-8-20 351520]
R3 LVUVC64;@oem30.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2015-8-20 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-17 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-17 64216]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-2-12 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 NvVCagdefcZ;NvVCagdefcZ;"C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" --> C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-15 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-15 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-15 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-15 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-09-17 02:24:14 16148 ----a-w- C:\WINDOWS\System32\PRAMOD_P_HistoryPrediction.bin
2015-09-17 02:21:24 -------- d-----w- C:\AdwCleaner
2015-09-16 23:55:54 -------- d-----w- C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-16 23:52:24 -------- d-----w- C:\WINDOWS\System32\tafi
2015-09-16 23:52:21 -------- d-----w- C:\Users\P\AppData\Local\Tempfolder
2015-09-16 23:52:06 -------- d-----w- C:\Users\P\AppData\Local\Installer
2015-09-16 23:42:23 -------- d-----w- C:\Users\P\AppData\Local\Opera Software
2015-09-16 23:42:22 -------- d-----w- C:\Users\P\AppData\Roaming\Opera Software
2015-09-16 23:37:01 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84FD077C-67A8-496E-B6FF-AF99506EE0E7}\mpengine.dll
2015-09-15 07:48:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-14 05:47:20 -------- d-----w- C:\Users\P\AppData\Roaming\Anvsoft
2015-09-14 05:47:12 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-09-09 08:33:22 -------- d-----w- C:\WINDOWS\PCHEALTH
2015-09-04 00:19:36 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12CCC164-86D5-4B2E-A076-A0276829540E}\gapaengine.dll
2015-08-30 23:26:22 113880 ----a-w- C:\WINDOWS\System32\drivers\3DA32461.sys
2015-08-23 04:17:02 -------- d-----w- C:\Program Files\CPUID
2015-08-22 05:20:59 89520 ----a-w- C:\WINDOWS\System32\atimpc64.dll
2015-08-20 03:04:41 -------- d-----w- C:\Users\P\Tracing
2015-08-20 03:04:02 -------- d-----w- C:\Users\P\AppData\Local\Logitech® Webcam Software
2015-08-20 02:59:59 40398 ----a-w- C:\WINDOWS\System32\Repository.reg
2015-08-20 02:59:58 351520 ----a-w- C:\WINDOWS\System32\drivers\lvrs64.sys
2015-08-20 02:59:58 262432 ----a-w- C:\WINDOWS\System32\lvco1380853.dll
2015-08-20 02:58:28 -------- d-----w- C:\Users\P\AppData\Local\Skype
2015-08-20 02:57:54 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-19 11:52:12 26851520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 11:45:32 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-08-19 11:45:32 37402720 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 07:49:59 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
.
==================== Find3M ====================
.
2015-09-17 02:24:17 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-02 01:20:52 77400 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-09-02 00:25:58 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-02 00:25:34 1382912 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-08-27 06:32:24 608936 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-08-27 06:04:18 21874688 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-27 05:54:40 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-08-27 05:54:26 541248 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-27 05:51:48 1774592 ----a-w- C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-08-27 05:51:42 2350592 ----a-w- C:\WINDOWS\System32\authui.dll
2015-08-27 05:49:28 1008640 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2015-08-27 05:43:31 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-08-27 05:42:52 187904 ----a-w- C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-08-27 05:42:46 596480 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2015-08-27 05:42:36 184320 ----a-w- C:\WINDOWS\System32\shacct.dll
2015-08-27 05:42:25 578560 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-08-27 05:39:42 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2015-08-27 05:23:43 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-08-27 05:16:41 1612288 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
2015-08-27 05:16:38 2153472 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2015-08-27 05:16:03 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-27 05:12:35 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-08-27 05:11:54 484352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2015-08-27 05:11:39 139776 ----a-w- C:\WINDOWS\SysWow64\shacct.dll
2015-08-27 05:08:18 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2015-08-22 05:20:59 85472 ----a-w- C:\WINDOWS\System32\atig6pxx.dll
2015-08-20 06:07:55 8019296 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-20 06:06:53 609592 ----a-w- C:\WINDOWS\System32\ci.dll
2015-08-20 05:26:23 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-08-20 05:21:13 193024 ----a-w- C:\WINDOWS\System32\EnterpriseModernAppMgmtCSP.dll
2015-08-18 07:56:25 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-18 07:55:45 373072 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-18 07:54:30 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-08-18 07:27:23 1771592 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-08-18 07:24:35 963920 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-08-18 07:13:10 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-08-18 07:13:06 387584 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2015-08-18 07:12:20 692224 ----a-w- C:\WINDOWS\System32\drivers\UMDF\NfcCx.dll
2015-08-18 07:12:18 2225664 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-18 07:07:34 2226688 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-08-18 07:04:20 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-08-18 07:04:14 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-08-18 06:59:35 1294336 ----a-w- C:\WINDOWS\System32\wcnwiz.dll
2015-08-18 06:59:02 140288 ----a-w- C:\WINDOWS\System32\WcnApi.dll
2015-08-18 06:58:46 50176 ----a-w- C:\WINDOWS\System32\WcnNetsh.dll
2015-08-18 06:58:34 112640 ----a-w- C:\WINDOWS\System32\fdWCN.dll
2015-08-18 06:58:31 117760 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2015-08-18 06:58:25 187392 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-08-18 06:57:54 45568 ----a-w- C:\WINDOWS\System32\wfdprov.dll
2015-08-18 06:56:48 79872 ----a-w- C:\WINDOWS\System32\BthRadioMedia.dll
2015-08-18 06:55:01 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-18 06:54:11 247296 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2015-08-18 06:54:03 322048 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2015-08-18 06:52:26 1888768 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-18 06:50:04 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-18 06:49:52 1061888 ----a-w- C:\WINDOWS\System32\reseteng.dll
2015-08-18 06:49:20 246272 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2015-08-18 06:49:03 274432 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2015-08-18 06:36:08 1226752 ----a-w- C:\WINDOWS\SysWow64\wcnwiz.dll
2015-08-18 06:35:49 100352 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2015-08-18 06:35:18 95744 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2015-08-18 06:34:44 37376 ----a-w- C:\WINDOWS\SysWow64\wfdprov.dll
2015-08-18 06:29:11 1593344 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-18 06:26:08 195584 ----a-w- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
2015-08-17 02:27:15 113880 ----a-w- C:\WINDOWS\System32\drivers\0B1C68F6.sys
2015-08-14 14:43:59 911360 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2015-08-14 04:51:31 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2015-08-14 04:51:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-12 16:03:57 733696 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2015-08-12 15:58:57 15360 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-08-12 07:18:36 9284296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:23:59 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
.
============= FINISH: 12:51:19.27 ===============
Sorry, i tried some removal process before asking here.
Its my 11 yr old Daughter's computer, My 6 yr old was doing some google search and she noticed a spinning wheel and out of curiosity clicked on it. Then something downloaded and asked permission to install. I clicked skip and skip and again skip but still i noticed a message on taskbar saying some programs been installed. I went to check on programs been installed there were 5-6 of them.
I immediately tried to uninstall them but some of them were uninstalled but next one get installed, it went like this and i guess about a dozen of them got installed.
I started to run MalwareBytes antimalware which detected quite a lot (in hundreds) and computer restarted. Apparently it was not cleaned (i might have had done some mistake here as i was doing in hast)
I ran it again and this time cleaned it thoroughly. Then restarted in safe mode and scaned with MBAM, nothing found this time.
Still my apps list has programs like MaxDriverUpdater Services by CSDI, DesktopSearch by Unique Solutions, Note-UP by QUAHOG LIMITED, Search module by Goodzo and space bar use by space bar use. when i click on them it gives uninstall option but clicking uninstall does nothing.
Then I ran AdwCleaner downloaded from bleeping computers which i think deleted quite a few of them, but i still have some left. which can not be uninstalled.
DDS logs are included and AdwCleaner log is also included. NOTE: AdwCleaner was run before DDS. sorry.
Edit: Browser home pages were all changed which i changed back and uninstalled the extensions. Some search bars were added which were uninstalled through control panel or by MBAM.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by P at 12:49:58 on 2015-09-17
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.2057.18.4095.2249 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\P\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0ceec13f-8aee-485f-8962-e532f6151bfd} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-15 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-16 256992]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-7-15 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-8-17 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-17 1133880]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2012-9-23 21160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2015-8-20 351520]
R3 LVUVC64;@oem30.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2015-8-20 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-17 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-17 64216]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-2-12 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 NvVCagdefcZ;NvVCagdefcZ;"C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" --> C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-15 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-15 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-15 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-15 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-09-17 02:24:14 16148 ----a-w- C:\WINDOWS\System32\PRAMOD_P_HistoryPrediction.bin
2015-09-17 02:21:24 -------- d-----w- C:\AdwCleaner
2015-09-16 23:55:54 -------- d-----w- C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-16 23:52:24 -------- d-----w- C:\WINDOWS\System32\tafi
2015-09-16 23:52:21 -------- d-----w- C:\Users\P\AppData\Local\Tempfolder
2015-09-16 23:52:06 -------- d-----w- C:\Users\P\AppData\Local\Installer
2015-09-16 23:42:23 -------- d-----w- C:\Users\P\AppData\Local\Opera Software
2015-09-16 23:42:22 -------- d-----w- C:\Users\P\AppData\Roaming\Opera Software
2015-09-16 23:37:01 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84FD077C-67A8-496E-B6FF-AF99506EE0E7}\mpengine.dll
2015-09-15 07:48:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-14 05:47:20 -------- d-----w- C:\Users\P\AppData\Roaming\Anvsoft
2015-09-14 05:47:12 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-09-09 08:33:22 -------- d-----w- C:\WINDOWS\PCHEALTH
2015-09-04 00:19:36 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12CCC164-86D5-4B2E-A076-A0276829540E}\gapaengine.dll
2015-08-30 23:26:22 113880 ----a-w- C:\WINDOWS\System32\drivers\3DA32461.sys
2015-08-23 04:17:02 -------- d-----w- C:\Program Files\CPUID
2015-08-22 05:20:59 89520 ----a-w- C:\WINDOWS\System32\atimpc64.dll
2015-08-20 03:04:41 -------- d-----w- C:\Users\P\Tracing
2015-08-20 03:04:02 -------- d-----w- C:\Users\P\AppData\Local\Logitech® Webcam Software
2015-08-20 02:59:59 40398 ----a-w- C:\WINDOWS\System32\Repository.reg
2015-08-20 02:59:58 351520 ----a-w- C:\WINDOWS\System32\drivers\lvrs64.sys
2015-08-20 02:59:58 262432 ----a-w- C:\WINDOWS\System32\lvco1380853.dll
2015-08-20 02:58:28 -------- d-----w- C:\Users\P\AppData\Local\Skype
2015-08-20 02:57:54 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-19 11:52:12 26851520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 11:45:32 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-08-19 11:45:32 37402720 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 07:49:59 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
.
==================== Find3M ====================
.
2015-09-17 02:24:17 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-02 01:20:52 77400 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-09-02 00:25:58 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-02 00:25:34 1382912 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-08-27 06:32:24 608936 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-08-27 06:04:18 21874688 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-27 05:54:40 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-08-27 05:54:26 541248 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-27 05:51:48 1774592 ----a-w- C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-08-27 05:51:42 2350592 ----a-w- C:\WINDOWS\System32\authui.dll
2015-08-27 05:49:28 1008640 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2015-08-27 05:43:31 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-08-27 05:42:52 187904 ----a-w- C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-08-27 05:42:46 596480 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2015-08-27 05:42:36 184320 ----a-w- C:\WINDOWS\System32\shacct.dll
2015-08-27 05:42:25 578560 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-08-27 05:39:42 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2015-08-27 05:23:43 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-08-27 05:16:41 1612288 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
2015-08-27 05:16:38 2153472 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2015-08-27 05:16:03 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-27 05:12:35 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-08-27 05:11:54 484352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2015-08-27 05:11:39 139776 ----a-w- C:\WINDOWS\SysWow64\shacct.dll
2015-08-27 05:08:18 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2015-08-22 05:20:59 85472 ----a-w- C:\WINDOWS\System32\atig6pxx.dll
2015-08-20 06:07:55 8019296 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-20 06:06:53 609592 ----a-w- C:\WINDOWS\System32\ci.dll
2015-08-20 05:26:23 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-08-20 05:21:13 193024 ----a-w- C:\WINDOWS\System32\EnterpriseModernAppMgmtCSP.dll
2015-08-18 07:56:25 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-18 07:55:45 373072 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-18 07:54:30 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-08-18 07:27:23 1771592 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-08-18 07:24:35 963920 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-08-18 07:13:10 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-08-18 07:13:06 387584 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2015-08-18 07:12:20 692224 ----a-w- C:\WINDOWS\System32\drivers\UMDF\NfcCx.dll
2015-08-18 07:12:18 2225664 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-18 07:07:34 2226688 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-08-18 07:04:20 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-08-18 07:04:14 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-08-18 06:59:35 1294336 ----a-w- C:\WINDOWS\System32\wcnwiz.dll
2015-08-18 06:59:02 140288 ----a-w- C:\WINDOWS\System32\WcnApi.dll
2015-08-18 06:58:46 50176 ----a-w- C:\WINDOWS\System32\WcnNetsh.dll
2015-08-18 06:58:34 112640 ----a-w- C:\WINDOWS\System32\fdWCN.dll
2015-08-18 06:58:31 117760 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2015-08-18 06:58:25 187392 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-08-18 06:57:54 45568 ----a-w- C:\WINDOWS\System32\wfdprov.dll
2015-08-18 06:56:48 79872 ----a-w- C:\WINDOWS\System32\BthRadioMedia.dll
2015-08-18 06:55:01 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-18 06:54:11 247296 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2015-08-18 06:54:03 322048 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2015-08-18 06:52:26 1888768 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-18 06:50:04 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-18 06:49:52 1061888 ----a-w- C:\WINDOWS\System32\reseteng.dll
2015-08-18 06:49:20 246272 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2015-08-18 06:49:03 274432 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2015-08-18 06:36:08 1226752 ----a-w- C:\WINDOWS\SysWow64\wcnwiz.dll
2015-08-18 06:35:49 100352 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2015-08-18 06:35:18 95744 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2015-08-18 06:34:44 37376 ----a-w- C:\WINDOWS\SysWow64\wfdprov.dll
2015-08-18 06:29:11 1593344 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-18 06:26:08 195584 ----a-w- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
2015-08-17 02:27:15 113880 ----a-w- C:\WINDOWS\System32\drivers\0B1C68F6.sys
2015-08-14 14:43:59 911360 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2015-08-14 04:51:31 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2015-08-14 04:51:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-12 16:03:57 733696 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2015-08-12 15:58:57 15360 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-08-12 07:18:36 9284296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:23:59 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
.
============= FINISH: 12:51:19.27 ===============