Hello,
For the past several months, I've had issues with an adobe flash player virus that keeps popping up.
What it does is create a small popup box occasionally, containing ads. It causes an instance of what appears to be adobe flash player to run which can be seen in task manager.
Not only does it sometimes make a small popup window appear, but it also uses almost 100% disc capacity when it is running. Occasionally the small window will play videos or audio, and the only way to stop it is to go into task manager and close flash player. However, it always comes back when I open my browser (chrome), and sometimes randomly.
I have discovered the viruses location, it is located in C:\Program Data\Adobe\ and it is called adobe_flash_player.exe
Malwarebytes, which I use as my only antivirus (licensed copy), sometimes blocks it from loading popup pages, which is how I know where it is located. However, when I open that folder, the virus file is not visible, despite my having set hidden items to visible in folder settings.
I am running Windows 10, and Malwarebytes is running the latest version, with the latest definitions.
This is the DDS.txt log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.73.2
Run by Deku Nut at 11:49:10 on 2016-03-25
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.16332.12384 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\ProgramData\Adobe\adobe_flash_player.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe
C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Deku Nut\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe"
uRun: [OneDrive] "C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
uRun: [uTorrent] "C:\Users\Deku Nut\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [Uninstall C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
mExplorerRun: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000081
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2b18a4c4-343e-408a-8dc0-7f4c6f854623} : NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{6b5f5053-7aa6-40f6-bb93-3e29a663cc36} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6b5f5053-7aa6-40f6-bb93-3e29a663cc36}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75d293f2-4760-456d-82e3-e8bee4324601} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= d3dgearload.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-ExplorerRun: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000081
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2015-12-23 40080]
R0 SCMNdisP;General NDIS Protocol Driver;C:\WINDOWS\System32\drivers\SCMNdisP.sys [2016-1-26 29472]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 mbamchameleon;mbamchameleon;C:\WINDOWS\System32\drivers\mbamchameleon.sys [2015-12-15 109272]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2016-2-26 1145928]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-13 1164672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-12-15 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-12-15 1136608]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max Design 2014 64-bit;C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-13 1880960]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-2-13 2609024]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 amdiox64;AMD IO Driver;C:\WINDOWS\System32\drivers\amdiox64.sys [2015-8-16 46136]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2016-3-1 1444544]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-3-7 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-3-7 47672]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-12-15 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-12-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-12-15 65408]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-13 28032]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-2-13 6474112]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-2-13 47760]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-13 935168]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2015-8-16 44672]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2015-8-21 108032]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\System32\drivers\bcmwlhigh664.sys [2016-1-26 1255672]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-4 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-9-19 1471352]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NVVADARM;NVIDIA Miracast Audio;C:\WINDOWS\System32\drivers\nvvadarm.sys [2015-9-19 49280]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-8-20 2104840]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-1 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-1 29696]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2015-10-30 95744]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-03-25 14:06:34 -------- d---a-w- C:\Program Files (x86)\Minecraft
2016-03-25 03:11:24 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2016-03-25 03:10:25 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2016-03-25 03:10:25 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2016-03-25 03:10:25 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2016-03-25 03:10:25 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2016-03-25 03:10:25 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2016-03-25 03:10:25 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2016-03-25 03:10:24 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2016-03-25 03:10:23 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2016-03-25 03:09:53 178800 ----a-w- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
2016-03-25 03:09:46 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Oblivion
2016-03-22 16:29:30 140672 ----a-w- C:\WINDOWS\System32\drivers\is-MSN6M.tmp
2016-03-21 21:38:21 90112 ----a-w- C:\WINDOWS\unvise32.exe
2016-03-21 20:00:26 -------- d-----w- C:\Program Files (x86)\3D Object Converter 6.40
2016-03-21 20:00:19 796672 ----a-w- C:\WINDOWS\GPInstall.exe
2016-03-21 19:09:42 -------- d-----w- C:\UDK
2016-03-21 17:31:04 -------- d---a-w- C:\Program Files (x86)\3DRipperDX
2016-03-21 00:55:44 -------- d-----w- C:\Users\Deku Nut\AppData\Local\qBittorrent
2016-03-21 00:55:43 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\qBittorrent
2016-03-21 00:55:29 -------- d-----w- C:\Program Files (x86)\qBittorrent
2016-03-18 12:56:11 -------- d-----w- C:\Program Files (x86)\AdwCleaner
2016-03-17 14:15:45 45848 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-03-17 14:15:45 42264 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-03-17 14:15:45 126232 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-03-17 14:15:45 125720 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-03-17 14:15:34 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-03-14 20:58:51 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Nem's Tools
2016-03-14 20:58:45 -------- d-----w- C:\Program Files\Nem's Tools
2016-03-14 19:53:23 -------- d-----w- C:\Program Files\PeaZip
2016-03-14 19:52:33 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\PeaZip
2016-03-14 19:52:03 -------- d---a-w- C:\Program Files (x86)\PeaZip
2016-03-14 19:48:45 -------- d-----w- C:\Program Files (x86)\WinAce
2016-03-13 17:14:27 -------- d-----w- C:\Users\Deku Nut\AppData\Local\BattleFleetGothic
2016-03-13 15:32:52 11035328 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-03-09 18:08:26 -------- d-----w- C:\ProgramData\eBay
2016-03-09 18:08:26 -------- d-----w- C:\Program Files (x86)\eBay
2016-03-08 02:11:29 92208 ----a-w- C:\WINDOWS\system\WING.DLL
2016-03-08 02:11:29 12800 ----a-w- C:\WINDOWS\system\wing32.dll
2016-03-08 02:06:30 92208 ----a-w- C:\WINDOWS\SysWow64\WING.DLL
2016-03-08 02:06:30 6736 ----a-w- C:\WINDOWS\SysWow64\WINGDIB.DRV
2016-03-08 02:06:30 188960 ----a-w- C:\WINDOWS\SysWow64\WINGDE.DLL
2016-03-08 02:06:30 12800 ----a-w- C:\WINDOWS\SysWow64\wing32.dll
2016-03-08 02:06:30 127488 ----a-w- C:\WINDOWS\SysWow64\DSETUP.DLL
2016-03-08 02:05:18 304128 ----a-w- C:\WINDOWS\IsUninst.exe
2016-03-08 01:58:24 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Disc_Soft_Ltd
2016-03-08 01:57:59 47672 ----a-w- C:\WINDOWS\System32\drivers\dtliteusbbus.sys
2016-03-08 01:57:48 30264 ----a-w- C:\WINDOWS\System32\drivers\dtlitescsibus.sys
2016-03-08 01:57:47 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\DAEMON Tools Lite
2016-03-08 01:57:45 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2016-03-08 01:57:15 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-03-03 22:56:48 1924152 ----a-w- C:\WINDOWS\System32\nvdispco6436200.dll
2016-03-03 22:56:48 17320280 ----a-w- C:\WINDOWS\SysWow64\nvwgf2um.dll
2016-03-03 22:56:48 1571776 ----a-w- C:\WINDOWS\System32\nvdispgenco6436200.dll
2016-03-03 22:39:42 49152 ----a-w- C:\WINDOWS\SysWow64\inetwh32.dll
2016-03-03 22:39:42 1044480 ----a-w- C:\WINDOWS\SysWow64\roboex32.dll
2016-03-03 17:25:48 -------- d-----w- C:\Program Files\Unlocker
2016-03-01 22:31:59 980352 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-03-01 19:05:48 -------- d-----w- C:\Users\Deku Nut\AppData\Local\spacegame
2016-02-26 21:47:06 107368 ----a-w- C:\WINDOWS\System32\xinput1_3.dll
.
==================== Find3M ====================
.
2016-03-25 15:23:03 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-03-10 18:09:10 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-03-10 18:08:54 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-03-10 03:19:52 12653504 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-03-08 06:42:34 6371384 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2016-03-08 06:42:34 2992576 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2016-03-08 06:42:32 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2016-03-08 06:42:32 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2016-03-08 06:42:32 530880 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2016-03-08 06:42:32 393784 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2016-03-08 06:42:32 2563128 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2016-03-08 06:42:32 1264064 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2016-03-07 04:22:46 6203411 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2016-03-01 05:31:29 848168 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-03-01 05:22:47 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-02-24 09:52:06 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-02-24 09:51:58 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-02-24 09:48:32 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-02-24 09:47:03 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-02-24 09:40:06 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-02-24 09:34:50 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-02-24 09:28:35 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-02-24 09:15:07 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-02-24 08:58:26 794888 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-02-24 08:51:24 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-02-24 08:50:49 808800 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-02-24 08:46:25 6607080 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-02-24 08:43:01 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-02-24 08:39:30 141560 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2016-02-24 08:39:01 358752 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-02-24 08:19:18 670928 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-02-24 08:14:23 216416 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2016-02-24 08:11:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-02-24 08:11:07 258280 ----a-w- C:\WINDOWS\System32\sqmapi.dll
2016-02-24 08:11:03 652392 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-02-24 08:11:03 394080 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03 1997152 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-02-24 08:10:54 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52 630632 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-02-24 08:09:58 640472 ----a-w- C:\WINDOWS\System32\wer.dll
2016-02-24 08:09:49 147808 ----a-w- C:\WINDOWS\System32\wermgr.exe
2016-02-24 08:06:39 5242496 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-02-24 07:59:11 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-02-24 07:39:44 23552 ----a-w- C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34 45568 ----a-w- C:\WINDOWS\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35 187744 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12 111616 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58 45056 ----a-w- C:\WINDOWS\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17 60416 ----a-w- C:\WINDOWS\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26 220064 ----a-w- C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-24 07:35:24 523752 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-02-24 07:35:18 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-02-24 07:35:08 540752 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53 141664 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2016-02-24 07:33:49 538736 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-02-24 07:31:49 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-02-24 07:30:18 25600 ----a-w- C:\WINDOWS\System32\wfapigp.dll
2016-02-24 07:28:12 70656 ----a-w- C:\WINDOWS\System32\POSyncServices.dll
2016-02-24 07:23:20 68096 ----a-w- C:\WINDOWS\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:09 91648 ----a-w- C:\WINDOWS\System32\asycfilt.dll
2016-02-24 07:22:03 196608 ----a-w- C:\WINDOWS\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57 167936 ----a-w- C:\WINDOWS\System32\dafBth.dll
2016-02-24 07:20:35 195072 ----a-w- C:\WINDOWS\System32\VCardParser.dll
2016-02-24 07:20:00 87552 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
2016-02-24 07:19:56 31232 ----a-w- C:\WINDOWS\System32\seclogon.dll
2016-02-24 07:19:10 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2016-02-24 07:15:29 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-02-24 07:14:00 274944 ----a-w- C:\WINDOWS\System32\ExSMime.dll
2016-02-24 07:13:57 121856 ----a-w- C:\WINDOWS\System32\AppointmentActivation.dll
2016-02-24 07:12:54 243712 ----a-w- C:\WINDOWS\System32\cemapi.dll
2016-02-24 07:12:03 221184 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05 93184 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2016-02-24 07:09:04 258560 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2016-02-24 07:09:00 161792 ----a-w- C:\WINDOWS\System32\AppxSip.dll
2016-02-24 07:07:53 252928 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00 208896 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2016-02-24 07:03:16 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-02-24 07:02:17 161280 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2016-02-24 07:01:56 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-02-24 07:01:21 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-02-24 07:01:15 67584 ----a-w- C:\WINDOWS\System32\profext.dll
2016-02-24 07:00:00 214528 ----a-w- C:\WINDOWS\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55 450560 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44 318976 ----a-w- C:\WINDOWS\System32\domgmt.dll
2016-02-24 06:59:32 360448 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2016-02-24 06:58:29 685568 ----a-w- C:\WINDOWS\System32\scapi.dll
2016-02-24 06:55:57 790528 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-02-24 06:55:39 224256 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2016-02-24 06:55:08 18944 ----a-w- C:\WINDOWS\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:57 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll
2016-02-24 06:54:55 228352 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2016-02-24 06:54:45 288768 ----a-w- C:\WINDOWS\System32\vaultcli.dll
2016-02-24 06:54:09 526336 ----a-w- C:\WINDOWS\System32\FirewallAPI.dll
2016-02-24 06:53:47 89088 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2016-02-24 06:53:35 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataLanguageUtil.dll
2016-02-24 06:52:12 48128 ----a-w- C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll
2016-02-24 06:52:11 451584 ----a-w- C:\WINDOWS\System32\werui.dll
.
============= FINISH: 11:49:36.24 ===============
Thanks for your help!
For the past several months, I've had issues with an adobe flash player virus that keeps popping up.
What it does is create a small popup box occasionally, containing ads. It causes an instance of what appears to be adobe flash player to run which can be seen in task manager.
Not only does it sometimes make a small popup window appear, but it also uses almost 100% disc capacity when it is running. Occasionally the small window will play videos or audio, and the only way to stop it is to go into task manager and close flash player. However, it always comes back when I open my browser (chrome), and sometimes randomly.
I have discovered the viruses location, it is located in C:\Program Data\Adobe\ and it is called adobe_flash_player.exe
Malwarebytes, which I use as my only antivirus (licensed copy), sometimes blocks it from loading popup pages, which is how I know where it is located. However, when I open that folder, the virus file is not visible, despite my having set hidden items to visible in folder settings.
I am running Windows 10, and Malwarebytes is running the latest version, with the latest definitions.
This is the DDS.txt log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.73.2
Run by Deku Nut at 11:49:10 on 2016-03-25
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.16332.12384 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\ProgramData\Adobe\adobe_flash_player.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe
C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Deku Nut\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\Deku Nut\AppData\Local\Akamai\netsession_win.exe"
uRun: [OneDrive] "C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
uRun: [uTorrent] "C:\Users\Deku Nut\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [Uninstall C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Deku Nut\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
mExplorerRun: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000081
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2b18a4c4-343e-408a-8dc0-7f4c6f854623} : NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{6b5f5053-7aa6-40f6-bb93-3e29a663cc36} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6b5f5053-7aa6-40f6-bb93-3e29a663cc36}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75d293f2-4760-456d-82e3-e8bee4324601} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= d3dgearload.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-ExplorerRun: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000081
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2015-12-23 40080]
R0 SCMNdisP;General NDIS Protocol Driver;C:\WINDOWS\System32\drivers\SCMNdisP.sys [2016-1-26 29472]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 mbamchameleon;mbamchameleon;C:\WINDOWS\System32\drivers\mbamchameleon.sys [2015-12-15 109272]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2016-2-26 1145928]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-13 1164672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-12-15 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-12-15 1136608]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max Design 2014 64-bit;C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-13 1880960]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-2-13 2609024]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 amdiox64;AMD IO Driver;C:\WINDOWS\System32\drivers\amdiox64.sys [2015-8-16 46136]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2016-3-1 1444544]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-3-7 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-3-7 47672]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-12-15 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-12-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-12-15 65408]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-13 28032]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-2-13 6474112]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-2-13 47760]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-13 935168]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2015-8-16 44672]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2015-8-21 108032]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\System32\drivers\bcmwlhigh664.sys [2016-1-26 1255672]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-4 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-9-19 1471352]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NVVADARM;NVIDIA Miracast Audio;C:\WINDOWS\System32\drivers\nvvadarm.sys [2015-9-19 49280]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-8-20 2104840]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-1 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-1 29696]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2015-10-30 95744]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-03-25 14:06:34 -------- d---a-w- C:\Program Files (x86)\Minecraft
2016-03-25 03:11:24 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2016-03-25 03:10:25 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2016-03-25 03:10:25 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2016-03-25 03:10:25 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2016-03-25 03:10:25 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2016-03-25 03:10:25 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2016-03-25 03:10:25 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2016-03-25 03:10:24 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2016-03-25 03:10:23 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2016-03-25 03:09:53 178800 ----a-w- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
2016-03-25 03:09:46 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Oblivion
2016-03-22 16:29:30 140672 ----a-w- C:\WINDOWS\System32\drivers\is-MSN6M.tmp
2016-03-21 21:38:21 90112 ----a-w- C:\WINDOWS\unvise32.exe
2016-03-21 20:00:26 -------- d-----w- C:\Program Files (x86)\3D Object Converter 6.40
2016-03-21 20:00:19 796672 ----a-w- C:\WINDOWS\GPInstall.exe
2016-03-21 19:09:42 -------- d-----w- C:\UDK
2016-03-21 17:31:04 -------- d---a-w- C:\Program Files (x86)\3DRipperDX
2016-03-21 00:55:44 -------- d-----w- C:\Users\Deku Nut\AppData\Local\qBittorrent
2016-03-21 00:55:43 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\qBittorrent
2016-03-21 00:55:29 -------- d-----w- C:\Program Files (x86)\qBittorrent
2016-03-18 12:56:11 -------- d-----w- C:\Program Files (x86)\AdwCleaner
2016-03-17 14:15:45 45848 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-03-17 14:15:45 42264 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-03-17 14:15:45 126232 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-03-17 14:15:45 125720 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-03-17 14:15:34 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-03-14 20:58:51 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Nem's Tools
2016-03-14 20:58:45 -------- d-----w- C:\Program Files\Nem's Tools
2016-03-14 19:53:23 -------- d-----w- C:\Program Files\PeaZip
2016-03-14 19:52:33 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\PeaZip
2016-03-14 19:52:03 -------- d---a-w- C:\Program Files (x86)\PeaZip
2016-03-14 19:48:45 -------- d-----w- C:\Program Files (x86)\WinAce
2016-03-13 17:14:27 -------- d-----w- C:\Users\Deku Nut\AppData\Local\BattleFleetGothic
2016-03-13 15:32:52 11035328 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-03-09 18:08:26 -------- d-----w- C:\ProgramData\eBay
2016-03-09 18:08:26 -------- d-----w- C:\Program Files (x86)\eBay
2016-03-08 02:11:29 92208 ----a-w- C:\WINDOWS\system\WING.DLL
2016-03-08 02:11:29 12800 ----a-w- C:\WINDOWS\system\wing32.dll
2016-03-08 02:06:30 92208 ----a-w- C:\WINDOWS\SysWow64\WING.DLL
2016-03-08 02:06:30 6736 ----a-w- C:\WINDOWS\SysWow64\WINGDIB.DRV
2016-03-08 02:06:30 188960 ----a-w- C:\WINDOWS\SysWow64\WINGDE.DLL
2016-03-08 02:06:30 12800 ----a-w- C:\WINDOWS\SysWow64\wing32.dll
2016-03-08 02:06:30 127488 ----a-w- C:\WINDOWS\SysWow64\DSETUP.DLL
2016-03-08 02:05:18 304128 ----a-w- C:\WINDOWS\IsUninst.exe
2016-03-08 01:58:24 -------- d-----w- C:\Users\Deku Nut\AppData\Local\Disc_Soft_Ltd
2016-03-08 01:57:59 47672 ----a-w- C:\WINDOWS\System32\drivers\dtliteusbbus.sys
2016-03-08 01:57:48 30264 ----a-w- C:\WINDOWS\System32\drivers\dtlitescsibus.sys
2016-03-08 01:57:47 -------- d-----w- C:\Users\Deku Nut\AppData\Roaming\DAEMON Tools Lite
2016-03-08 01:57:45 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2016-03-08 01:57:15 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-03-03 22:56:48 1924152 ----a-w- C:\WINDOWS\System32\nvdispco6436200.dll
2016-03-03 22:56:48 17320280 ----a-w- C:\WINDOWS\SysWow64\nvwgf2um.dll
2016-03-03 22:56:48 1571776 ----a-w- C:\WINDOWS\System32\nvdispgenco6436200.dll
2016-03-03 22:39:42 49152 ----a-w- C:\WINDOWS\SysWow64\inetwh32.dll
2016-03-03 22:39:42 1044480 ----a-w- C:\WINDOWS\SysWow64\roboex32.dll
2016-03-03 17:25:48 -------- d-----w- C:\Program Files\Unlocker
2016-03-01 22:31:59 980352 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-03-01 19:05:48 -------- d-----w- C:\Users\Deku Nut\AppData\Local\spacegame
2016-02-26 21:47:06 107368 ----a-w- C:\WINDOWS\System32\xinput1_3.dll
.
==================== Find3M ====================
.
2016-03-25 15:23:03 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-03-10 18:09:10 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-03-10 18:08:54 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-03-10 03:19:52 12653504 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-03-08 06:42:34 6371384 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2016-03-08 06:42:34 2992576 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2016-03-08 06:42:32 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2016-03-08 06:42:32 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2016-03-08 06:42:32 530880 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2016-03-08 06:42:32 393784 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2016-03-08 06:42:32 2563128 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2016-03-08 06:42:32 1264064 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2016-03-07 04:22:46 6203411 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2016-03-01 05:31:29 848168 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-03-01 05:22:47 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-02-24 09:52:06 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-02-24 09:51:58 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-02-24 09:48:32 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-02-24 09:47:03 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-02-24 09:40:06 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-02-24 09:34:50 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-02-24 09:28:35 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-02-24 09:15:07 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-02-24 08:58:26 794888 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-02-24 08:51:24 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-02-24 08:50:49 808800 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-02-24 08:46:25 6607080 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-02-24 08:43:01 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-02-24 08:39:30 141560 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2016-02-24 08:39:01 358752 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-02-24 08:19:18 670928 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-02-24 08:14:23 216416 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2016-02-24 08:11:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-02-24 08:11:07 258280 ----a-w- C:\WINDOWS\System32\sqmapi.dll
2016-02-24 08:11:03 652392 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-02-24 08:11:03 394080 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03 1997152 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-02-24 08:10:54 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52 630632 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-02-24 08:09:58 640472 ----a-w- C:\WINDOWS\System32\wer.dll
2016-02-24 08:09:49 147808 ----a-w- C:\WINDOWS\System32\wermgr.exe
2016-02-24 08:06:39 5242496 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-02-24 07:59:11 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-02-24 07:39:44 23552 ----a-w- C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34 45568 ----a-w- C:\WINDOWS\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35 187744 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12 111616 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58 45056 ----a-w- C:\WINDOWS\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17 60416 ----a-w- C:\WINDOWS\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26 220064 ----a-w- C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-24 07:35:24 523752 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-02-24 07:35:18 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-02-24 07:35:08 540752 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53 141664 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2016-02-24 07:33:49 538736 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-02-24 07:31:49 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-02-24 07:30:18 25600 ----a-w- C:\WINDOWS\System32\wfapigp.dll
2016-02-24 07:28:12 70656 ----a-w- C:\WINDOWS\System32\POSyncServices.dll
2016-02-24 07:23:20 68096 ----a-w- C:\WINDOWS\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:09 91648 ----a-w- C:\WINDOWS\System32\asycfilt.dll
2016-02-24 07:22:03 196608 ----a-w- C:\WINDOWS\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57 167936 ----a-w- C:\WINDOWS\System32\dafBth.dll
2016-02-24 07:20:35 195072 ----a-w- C:\WINDOWS\System32\VCardParser.dll
2016-02-24 07:20:00 87552 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
2016-02-24 07:19:56 31232 ----a-w- C:\WINDOWS\System32\seclogon.dll
2016-02-24 07:19:10 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2016-02-24 07:15:29 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-02-24 07:14:00 274944 ----a-w- C:\WINDOWS\System32\ExSMime.dll
2016-02-24 07:13:57 121856 ----a-w- C:\WINDOWS\System32\AppointmentActivation.dll
2016-02-24 07:12:54 243712 ----a-w- C:\WINDOWS\System32\cemapi.dll
2016-02-24 07:12:03 221184 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05 93184 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2016-02-24 07:09:04 258560 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2016-02-24 07:09:00 161792 ----a-w- C:\WINDOWS\System32\AppxSip.dll
2016-02-24 07:07:53 252928 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00 208896 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2016-02-24 07:03:16 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-02-24 07:02:17 161280 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2016-02-24 07:01:56 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-02-24 07:01:21 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-02-24 07:01:15 67584 ----a-w- C:\WINDOWS\System32\profext.dll
2016-02-24 07:00:00 214528 ----a-w- C:\WINDOWS\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55 450560 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44 318976 ----a-w- C:\WINDOWS\System32\domgmt.dll
2016-02-24 06:59:32 360448 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2016-02-24 06:58:29 685568 ----a-w- C:\WINDOWS\System32\scapi.dll
2016-02-24 06:55:57 790528 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-02-24 06:55:39 224256 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2016-02-24 06:55:08 18944 ----a-w- C:\WINDOWS\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:57 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll
2016-02-24 06:54:55 228352 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2016-02-24 06:54:45 288768 ----a-w- C:\WINDOWS\System32\vaultcli.dll
2016-02-24 06:54:09 526336 ----a-w- C:\WINDOWS\System32\FirewallAPI.dll
2016-02-24 06:53:47 89088 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2016-02-24 06:53:35 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataLanguageUtil.dll
2016-02-24 06:52:12 48128 ----a-w- C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll
2016-02-24 06:52:11 451584 ----a-w- C:\WINDOWS\System32\werui.dll
.
============= FINISH: 11:49:36.24 ===============
Thanks for your help!