After tiredly (and mistakenly) clicking on a bad download link on a website for a program, my Windows Defender alarmed. I removed multiple detected malware's and after remembering Adaware's software does wonders for deeper scans, I downloaded and scanned my system using Adaware which found a few things.
After doing a bit more rummaging, I found & removed a few random folders inside my C:/ProgramFiles (x86) folder left over (I assume) from the malware problem; however, I notice (like others have) the 'msrtn32' and 'dataup' folders, and they both will not delete stating 'the folders are currently being used.'
ALSO, I noticed I had a few processes taking massive amounts of CPU & memory usage into my Task Manager. Those are: Wmi protect host, Driver helper service, and Antimalware Service Executable.
Please help! Thanks, Patrick
-----------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.420
Run by names at 23:13:58 on 2016-07-11
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.16348.12618 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files\Gramblr\gramblr.exe
C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\msrtn32\msrtn32.exe
C:\Windows\desktop-e74q7cu_020716\netsafe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\names\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\Windows Defender\msascui.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
D:\Program Files (x86)\Steam\Steam.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\Program Files (x86)\msrtn32\cdhtr.exe
C:\Program Files (x86)\msrtn32\rthdcpd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uSearch Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBDoGlswIsdvLRWm_j2rG-p9OawRKFwh6h2YlK7HxAPpAg9i_VT7o0kwAMz9NkaR8a8LAQbskk7-8-PETHjQtfXqPqrGR5tcTnmg8MnVWtR1TODSnT6rux-ZpLBJz2G_JLSxKpN8wfS0RSzDdkwkqy4dzaoQ6&q={searchTerms}
uSearch Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBDoGlswIsdvLRWm_j2rG-p9OawRKFwh6h2YlK7HxAPpAg9i_VT7o0kwAMz9NkaR8a8LAQbskk7-8-PETHjQtfXqPqrGR5tcTnmg8MnVWtR1TODSnT6rux-ZpLBJz2G_JLSxKpN8wfS0RSzDdkwkqy4dzaoQ6&q={searchTerms}
mStart Page = about:blank
uProxyServer = 127.0.0.1:8118
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\names\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [msrtn32] "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60
mRun: [Secured Net] "C:\WINDOWS\desktop-e74q7cu_020716\netsafe.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{c04ffec8-4ffc-4200-bfcb-7bf77035c367} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdAwareTray] "D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 Dataup;Dataup Service;C:\Program Files (x86)\dataup\dataup.exe [2015-8-6 77824]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 gramblrclient;Windows Connectivity Manager for Gramblr;C:\Program Files\Gramblr\gramblr.exe [2016-5-17 9654352]
R2 NetSecure;NetSecure;C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe --service --> C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe --service [?]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-11-4 188072]
R2 rzpmgrk;rzpmgrk;C:\WINDOWS\System32\drivers\rzpmgrk.sys [2016-5-2 37184]
R2 rzpnk;rzpnk;C:\WINDOWS\System32\drivers\rzpnk.sys [2016-5-2 130880]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-4-18 417400]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 lvrs64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2016-4-21 351520]
R3 LVUVC64;@oem6.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2016-4-21 4758176]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 rzdaendpt;Razer DeathAdder end point;C:\WINDOWS\System32\drivers\rzdaendpt.sys [2015-8-13 43720]
R3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\drivers\rzudd.sys [2015-8-13 202952]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\WINDOWS\System32\drivers\rzvkeyboard.sys [2015-8-13 44232]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe [2016-6-10 730496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2016-4-19 1863688]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-16 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-11 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-26 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-4-26 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-26 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown backlh;backlh; [x]
SUnknown BitTorrent;BitTorrent; [x]
SUnknown CloudPrinter;CloudPrinter; [x]
SUnknown windowsmanagementservice;windowsmanagementservice; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\WINDOWS\System32\NOTEPAD.EXE" %1 [UserChoice]
FileExt: .ini: inifile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2016-07-11 07:59:16 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86A5A94-B1DA-469D-AF01-7DB1BAAD9902}\mpengine.dll
2016-07-10 08:17:55 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-07-08 18:24:07 27624 ----a-w- C:\WINDOWS\System32\lsdel.exe
2016-07-08 18:20:03 -------- d-----w- C:\Users\names\AppData\Roaming\LavasoftStatistics
2016-07-08 18:17:46 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2016-07-08 07:56:36 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B96EC7E0-D34D-4E30-AACD-6E8281152331}\gapaengine.dll
2016-07-07 08:37:08 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4F2D827-828F-41EE-AA45-CD5412C56BD0}\gapaengine.dll
2016-07-06 09:19:48 -------- d-----w- C:\ProgramData\BOINC
2016-07-06 09:19:47 -------- d-----w- C:\WINDOWS\Downloaded Installations
2016-07-06 09:19:39 31232 ----a-w- C:\WINDOWS\System32\drivers\tap0901.sys
2016-07-06 09:19:35 -------- d-----w- C:\ProgramData\f6d8e18f-7ef3-0
2016-07-06 09:19:34 -------- d-----w- C:\ProgramData\f6d8e18f-3367-1
2016-07-06 09:19:23 133 ----a-w- C:\WINDOWS\ie.vbs
2016-07-06 09:19:23 -------- d-----w- C:\WINDOWS\desktop-e74q7cu_020716
2016-07-06 09:19:23 -------- d-----w- C:\Users\names\AppData\Local\Programs
2016-07-06 09:19:02 -------- d-----w- C:\Program Files\BitTorrent
2016-07-06 09:18:54 -------- d-----w- C:\ProgramData\Logic Handler
2016-07-06 09:18:53 -------- d-----w- C:\ProgramData\Ronzaps
2016-07-06 09:18:47 -------- d-----w- C:\ProgramData\Ronzap
2016-07-06 09:18:40 -------- d-----w- C:\ProgramData\CloudPrinter
2016-07-06 09:18:35 848437 ----a-w- C:\Users\names\AppData\Roaming\Isstock.bin
2016-07-06 09:18:19 -------- d-----w- C:\Users\names\AppData\Local\cpx
2016-07-06 09:18:17 -------- d-----w- C:\Users\names\AppData\Local\mstrn32
2016-07-06 09:18:15 -------- d-----w- C:\Program Files (x86)\msrtn32
2016-07-06 09:18:15 -------- d-----w- C:\Program Files (x86)\dataup
2016-07-06 09:17:42 -------- d-----w- C:\Users\names\AppData\Roaming\c
2016-07-06 09:17:42 -------- d-----w- C:\ProgramData\1467796662
2016-06-22 12:04:00 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD5AC2F8-BA38-4EEB-82D1-A4665969DA1A}\gapaengine.dll
2016-06-16 19:13:57 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
.
==================== Find3M ====================
.
2016-07-07 00:39:37 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2016-06-14 18:33:01 828408 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-06-14 18:33:01 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-05-28 06:13:27 46784 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-05-28 06:13:24 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-05-28 06:13:24 514752 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-05-28 06:13:24 290496 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-05-28 06:13:24 1401024 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-05-28 06:13:24 1184960 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-05-28 05:55:39 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-05-28 05:25:42 4268880 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll
2016-05-28 05:23:29 388384 ----a-w- C:\WINDOWS\SysWow64\ws2_32.dll
2016-05-28 05:23:28 312160 ----a-w- C:\WINDOWS\SysWow64\mswsock.dll
2016-05-28 05:22:29 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-05-28 05:22:11 118624 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2016-05-28 05:22:08 211296 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2016-05-28 05:22:02 4387680 ----a-w- C:\WINDOWS\System32\setupapi.dll
2016-05-28 05:20:21 430312 ----a-w- C:\WINDOWS\System32\ws2_32.dll
2016-05-28 05:18:49 357216 ----a-w- C:\WINDOWS\System32\mswsock.dll
2016-05-28 05:09:52 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-05-28 05:09:50 501600 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-05-28 05:09:27 170848 ----a-w- C:\WINDOWS\System32\NetworkUXBroker.exe
2016-05-28 05:08:59 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-05-28 05:08:51 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-05-28 05:08:25 258912 ----a-w- C:\WINDOWS\System32\drivers\ufx01000.sys
2016-05-28 05:07:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-05-28 05:07:45 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-05-28 05:07:40 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-05-28 05:07:19 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-05-28 05:07:12 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-05-28 05:06:36 254656 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-05-28 05:06:09 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-05-28 05:06:05 730344 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2016-05-28 05:06:05 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-05-28 05:05:38 4515264 ----a-w- C:\WINDOWS\explorer.exe
2016-05-28 05:04:44 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-05-28 05:04:42 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-05-28 05:04:41 111064 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll
2016-05-28 05:04:37 97096 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2016-05-28 05:04:37 360480 ----a-w- C:\WINDOWS\SysWow64\bcryptprimitives.dll
2016-05-28 05:04:34 431296 ----a-w- C:\WINDOWS\System32\bcryptprimitives.dll
2016-05-28 05:03:58 131248 ----a-w- C:\WINDOWS\System32\gpapi.dll
2016-05-28 04:58:04 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-05-28 04:58:02 1996640 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-05-28 04:57:58 649792 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-05-28 04:57:58 2548944 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-05-28 04:57:56 316256 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-05-28 04:57:55 636304 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-05-28 04:57:53 577376 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-05-28 04:57:42 2195632 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-05-28 04:57:41 521664 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-05-28 04:57:40 546456 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-05-28 04:57:30 1594416 ----a-w- C:\WINDOWS\System32\gdi32.dll
2016-05-28 04:57:05 1372312 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2016-05-28 04:35:13 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-05-28 04:35:09 31744 ----a-w- C:\WINDOWS\System32\drivers\dumpsdport.sys
2016-05-28 04:31:21 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-05-28 04:31:15 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-05-28 04:31:14 66560 ----a-w- C:\WINDOWS\System32\MosHostClient.dll
2016-05-28 04:29:59 79360 ----a-w- C:\WINDOWS\System32\adhsvc.dll
2016-05-28 04:29:39 19456 ----a-w- C:\WINDOWS\System32\httpprxp.dll
2016-05-28 04:29:23 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-05-28 04:29:04 22379008 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-05-28 04:28:22 90112 ----a-w- C:\WINDOWS\System32\FwRemoteSvr.dll
2016-05-28 04:28:19 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-05-28 04:28:11 166400 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-05-28 04:27:48 28672 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll
2016-05-28 04:27:06 50176 ----a-w- C:\WINDOWS\SysWow64\MosHostClient.dll
2016-05-28 04:26:55 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-05-28 04:26:52 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2016-05-28 04:26:45 74752 ----a-w- C:\WINDOWS\System32\MosStorage.dll
2016-05-28 04:26:16 157184 ----a-w- C:\WINDOWS\System32\dmcertinst.exe
2016-05-28 04:26:12 145920 ----a-w- C:\WINDOWS\System32\omadmclient.exe
2016-05-28 04:26:11 120320 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
2016-05-28 04:25:51 51200 ----a-w- C:\WINDOWS\System32\gpscript.dll
2016-05-28 04:25:22 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-05-28 04:24:38 72704 ----a-w- C:\WINDOWS\System32\moshost.dll
2016-05-28 04:24:38 124928 ----a-w- C:\WINDOWS\System32\drivers\Ndu.sys
2016-05-28 04:24:35 91136 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2016-05-28 04:24:20 67072 ----a-w- C:\WINDOWS\System32\dhcpcsvc6.dll
2016-05-28 04:24:20 53760 ----a-w- C:\WINDOWS\SysWow64\FwRemoteSvr.dll
2016-05-28 04:24:17 93696 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2016-05-28 04:24:13 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-05-28 04:24:01 86528 ----a-w- C:\WINDOWS\System32\AppCapture.dll
2016-05-28 04:23:26 155136 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2016-05-28 04:22:59 464896 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2016-05-28 04:22:55 161280 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-05-28 04:22:46 368640 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-05-28 04:22:45 59904 ----a-w- C:\WINDOWS\SysWow64\MosStorage.dll
2016-05-28 04:22:43 79872 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2016-05-28 04:22:39 406528 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-05-28 04:22:37 278528 ----a-w- C:\WINDOWS\System32\drivers\netbt.sys
2016-05-28 04:22:17 269824 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2016-05-28 04:22:11 87040 ----a-w- C:\WINDOWS\SysWow64\MapsBtSvc.dll
2016-05-28 04:22:06 163328 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2016-05-28 04:21:52 42496 ----a-w- C:\WINDOWS\SysWow64\gpscript.dll
2016-05-28 04:21:48 239104 ----a-w- C:\WINDOWS\System32\BrokerLib.dll
2016-05-28 04:21:29 550912 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-05-28 04:21:27 190464 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2016-05-28 04:21:09 207360 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
.
============= FINISH: 23:14:12.21 ===============
After doing a bit more rummaging, I found & removed a few random folders inside my C:/ProgramFiles (x86) folder left over (I assume) from the malware problem; however, I notice (like others have) the 'msrtn32' and 'dataup' folders, and they both will not delete stating 'the folders are currently being used.'
ALSO, I noticed I had a few processes taking massive amounts of CPU & memory usage into my Task Manager. Those are: Wmi protect host, Driver helper service, and Antimalware Service Executable.
Please help! Thanks, Patrick
-----------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.420
Run by names at 23:13:58 on 2016-07-11
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.16348.12618 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files\Gramblr\gramblr.exe
C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\msrtn32\msrtn32.exe
C:\Windows\desktop-e74q7cu_020716\netsafe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\names\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files\Windows Defender\msascui.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
D:\Program Files (x86)\Steam\Steam.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\Program Files (x86)\msrtn32\cdhtr.exe
C:\Program Files (x86)\msrtn32\rthdcpd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uSearch Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBDoGlswIsdvLRWm_j2rG-p9OawRKFwh6h2YlK7HxAPpAg9i_VT7o0kwAMz9NkaR8a8LAQbskk7-8-PETHjQtfXqPqrGR5tcTnmg8MnVWtR1TODSnT6rux-ZpLBJz2G_JLSxKpN8wfS0RSzDdkwkqy4dzaoQ6&q={searchTerms}
uSearch Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBDoGlswIsdvLRWm_j2rG-p9OawRKFwh6h2YlK7HxAPpAg9i_VT7o0kwAMz9NkaR8a8LAQbskk7-8-PETHjQtfXqPqrGR5tcTnmg8MnVWtR1TODSnT6rux-ZpLBJz2G_JLSxKpN8wfS0RSzDdkwkqy4dzaoQ6&q={searchTerms}
mStart Page = about:blank
uProxyServer = 127.0.0.1:8118
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\names\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [msrtn32] "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60
mRun: [Secured Net] "C:\WINDOWS\desktop-e74q7cu_020716\netsafe.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{c04ffec8-4ffc-4200-bfcb-7bf77035c367} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdAwareTray] "D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 Dataup;Dataup Service;C:\Program Files (x86)\dataup\dataup.exe [2015-8-6 77824]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 gramblrclient;Windows Connectivity Manager for Gramblr;C:\Program Files\Gramblr\gramblr.exe [2016-5-17 9654352]
R2 NetSecure;NetSecure;C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe --service --> C:\WINDOWS\desktop-e74q7cu_020716\oxy.exe --service [?]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-11-4 188072]
R2 rzpmgrk;rzpmgrk;C:\WINDOWS\System32\drivers\rzpmgrk.sys [2016-5-2 37184]
R2 rzpnk;rzpnk;C:\WINDOWS\System32\drivers\rzpnk.sys [2016-5-2 130880]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-4-18 417400]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 lvrs64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2016-4-21 351520]
R3 LVUVC64;@oem6.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2016-4-21 4758176]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 rzdaendpt;Razer DeathAdder end point;C:\WINDOWS\System32\drivers\rzdaendpt.sys [2015-8-13 43720]
R3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\drivers\rzudd.sys [2015-8-13 202952]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\WINDOWS\System32\drivers\rzvkeyboard.sys [2015-8-13 44232]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;D:\Program Files (x86)\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe [2016-6-10 730496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2016-4-19 1863688]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-16 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-11 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-26 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-4-26 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-26 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown backlh;backlh; [x]
SUnknown BitTorrent;BitTorrent; [x]
SUnknown CloudPrinter;CloudPrinter; [x]
SUnknown windowsmanagementservice;windowsmanagementservice; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\WINDOWS\System32\NOTEPAD.EXE" %1 [UserChoice]
FileExt: .ini: inifile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2016-07-11 07:59:16 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86A5A94-B1DA-469D-AF01-7DB1BAAD9902}\mpengine.dll
2016-07-10 08:17:55 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-07-08 18:24:07 27624 ----a-w- C:\WINDOWS\System32\lsdel.exe
2016-07-08 18:20:03 -------- d-----w- C:\Users\names\AppData\Roaming\LavasoftStatistics
2016-07-08 18:17:46 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2016-07-08 07:56:36 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B96EC7E0-D34D-4E30-AACD-6E8281152331}\gapaengine.dll
2016-07-07 08:37:08 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4F2D827-828F-41EE-AA45-CD5412C56BD0}\gapaengine.dll
2016-07-06 09:19:48 -------- d-----w- C:\ProgramData\BOINC
2016-07-06 09:19:47 -------- d-----w- C:\WINDOWS\Downloaded Installations
2016-07-06 09:19:39 31232 ----a-w- C:\WINDOWS\System32\drivers\tap0901.sys
2016-07-06 09:19:35 -------- d-----w- C:\ProgramData\f6d8e18f-7ef3-0
2016-07-06 09:19:34 -------- d-----w- C:\ProgramData\f6d8e18f-3367-1
2016-07-06 09:19:23 133 ----a-w- C:\WINDOWS\ie.vbs
2016-07-06 09:19:23 -------- d-----w- C:\WINDOWS\desktop-e74q7cu_020716
2016-07-06 09:19:23 -------- d-----w- C:\Users\names\AppData\Local\Programs
2016-07-06 09:19:02 -------- d-----w- C:\Program Files\BitTorrent
2016-07-06 09:18:54 -------- d-----w- C:\ProgramData\Logic Handler
2016-07-06 09:18:53 -------- d-----w- C:\ProgramData\Ronzaps
2016-07-06 09:18:47 -------- d-----w- C:\ProgramData\Ronzap
2016-07-06 09:18:40 -------- d-----w- C:\ProgramData\CloudPrinter
2016-07-06 09:18:35 848437 ----a-w- C:\Users\names\AppData\Roaming\Isstock.bin
2016-07-06 09:18:19 -------- d-----w- C:\Users\names\AppData\Local\cpx
2016-07-06 09:18:17 -------- d-----w- C:\Users\names\AppData\Local\mstrn32
2016-07-06 09:18:15 -------- d-----w- C:\Program Files (x86)\msrtn32
2016-07-06 09:18:15 -------- d-----w- C:\Program Files (x86)\dataup
2016-07-06 09:17:42 -------- d-----w- C:\Users\names\AppData\Roaming\c
2016-07-06 09:17:42 -------- d-----w- C:\ProgramData\1467796662
2016-06-22 12:04:00 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD5AC2F8-BA38-4EEB-82D1-A4665969DA1A}\gapaengine.dll
2016-06-16 19:13:57 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
.
==================== Find3M ====================
.
2016-07-07 00:39:37 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2016-06-14 18:33:01 828408 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-06-14 18:33:01 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-05-28 06:13:27 46784 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-05-28 06:13:24 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-05-28 06:13:24 514752 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-05-28 06:13:24 290496 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-05-28 06:13:24 1401024 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-05-28 06:13:24 1184960 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-05-28 05:55:39 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-05-28 05:25:42 4268880 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll
2016-05-28 05:23:29 388384 ----a-w- C:\WINDOWS\SysWow64\ws2_32.dll
2016-05-28 05:23:28 312160 ----a-w- C:\WINDOWS\SysWow64\mswsock.dll
2016-05-28 05:22:29 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-05-28 05:22:11 118624 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2016-05-28 05:22:08 211296 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2016-05-28 05:22:02 4387680 ----a-w- C:\WINDOWS\System32\setupapi.dll
2016-05-28 05:20:21 430312 ----a-w- C:\WINDOWS\System32\ws2_32.dll
2016-05-28 05:18:49 357216 ----a-w- C:\WINDOWS\System32\mswsock.dll
2016-05-28 05:09:52 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-05-28 05:09:50 501600 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-05-28 05:09:27 170848 ----a-w- C:\WINDOWS\System32\NetworkUXBroker.exe
2016-05-28 05:08:59 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-05-28 05:08:51 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-05-28 05:08:25 258912 ----a-w- C:\WINDOWS\System32\drivers\ufx01000.sys
2016-05-28 05:07:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-05-28 05:07:45 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-05-28 05:07:40 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-05-28 05:07:19 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-05-28 05:07:12 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-05-28 05:06:36 254656 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-05-28 05:06:09 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-05-28 05:06:05 730344 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2016-05-28 05:06:05 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-05-28 05:05:38 4515264 ----a-w- C:\WINDOWS\explorer.exe
2016-05-28 05:04:44 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-05-28 05:04:42 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-05-28 05:04:41 111064 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll
2016-05-28 05:04:37 97096 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2016-05-28 05:04:37 360480 ----a-w- C:\WINDOWS\SysWow64\bcryptprimitives.dll
2016-05-28 05:04:34 431296 ----a-w- C:\WINDOWS\System32\bcryptprimitives.dll
2016-05-28 05:03:58 131248 ----a-w- C:\WINDOWS\System32\gpapi.dll
2016-05-28 04:58:04 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-05-28 04:58:02 1996640 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-05-28 04:57:58 649792 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-05-28 04:57:58 2548944 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-05-28 04:57:56 316256 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-05-28 04:57:55 636304 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-05-28 04:57:53 577376 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-05-28 04:57:42 2195632 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-05-28 04:57:41 521664 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-05-28 04:57:40 546456 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-05-28 04:57:30 1594416 ----a-w- C:\WINDOWS\System32\gdi32.dll
2016-05-28 04:57:05 1372312 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2016-05-28 04:35:13 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-05-28 04:35:09 31744 ----a-w- C:\WINDOWS\System32\drivers\dumpsdport.sys
2016-05-28 04:31:21 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-05-28 04:31:15 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-05-28 04:31:14 66560 ----a-w- C:\WINDOWS\System32\MosHostClient.dll
2016-05-28 04:29:59 79360 ----a-w- C:\WINDOWS\System32\adhsvc.dll
2016-05-28 04:29:39 19456 ----a-w- C:\WINDOWS\System32\httpprxp.dll
2016-05-28 04:29:23 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-05-28 04:29:04 22379008 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-05-28 04:28:22 90112 ----a-w- C:\WINDOWS\System32\FwRemoteSvr.dll
2016-05-28 04:28:19 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-05-28 04:28:11 166400 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-05-28 04:27:48 28672 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll
2016-05-28 04:27:06 50176 ----a-w- C:\WINDOWS\SysWow64\MosHostClient.dll
2016-05-28 04:26:55 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-05-28 04:26:52 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2016-05-28 04:26:45 74752 ----a-w- C:\WINDOWS\System32\MosStorage.dll
2016-05-28 04:26:16 157184 ----a-w- C:\WINDOWS\System32\dmcertinst.exe
2016-05-28 04:26:12 145920 ----a-w- C:\WINDOWS\System32\omadmclient.exe
2016-05-28 04:26:11 120320 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
2016-05-28 04:25:51 51200 ----a-w- C:\WINDOWS\System32\gpscript.dll
2016-05-28 04:25:22 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-05-28 04:24:38 72704 ----a-w- C:\WINDOWS\System32\moshost.dll
2016-05-28 04:24:38 124928 ----a-w- C:\WINDOWS\System32\drivers\Ndu.sys
2016-05-28 04:24:35 91136 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2016-05-28 04:24:20 67072 ----a-w- C:\WINDOWS\System32\dhcpcsvc6.dll
2016-05-28 04:24:20 53760 ----a-w- C:\WINDOWS\SysWow64\FwRemoteSvr.dll
2016-05-28 04:24:17 93696 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2016-05-28 04:24:13 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-05-28 04:24:01 86528 ----a-w- C:\WINDOWS\System32\AppCapture.dll
2016-05-28 04:23:26 155136 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2016-05-28 04:22:59 464896 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2016-05-28 04:22:55 161280 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-05-28 04:22:46 368640 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-05-28 04:22:45 59904 ----a-w- C:\WINDOWS\SysWow64\MosStorage.dll
2016-05-28 04:22:43 79872 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2016-05-28 04:22:39 406528 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-05-28 04:22:37 278528 ----a-w- C:\WINDOWS\System32\drivers\netbt.sys
2016-05-28 04:22:17 269824 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2016-05-28 04:22:11 87040 ----a-w- C:\WINDOWS\SysWow64\MapsBtSvc.dll
2016-05-28 04:22:06 163328 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2016-05-28 04:21:52 42496 ----a-w- C:\WINDOWS\SysWow64\gpscript.dll
2016-05-28 04:21:48 239104 ----a-w- C:\WINDOWS\System32\BrokerLib.dll
2016-05-28 04:21:29 550912 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-05-28 04:21:27 190464 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2016-05-28 04:21:09 207360 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
.
============= FINISH: 23:14:12.21 ===============