My chrome has this as default page the IP 0.0.0.0.1 and it keeps changing to random things! Also I had some chinese softwares installed on my PC out of nowhere thirdly there is this Russian site which became the default homepage prior to all that, in essence my pc has something wrong with it. >.<
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by user at 2:37:42 on 2016-10-24
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.8053.4527 [GMT 5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWoW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uSearch Page = Google
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OneDrive] "C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Discord] C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sound Blaster X-Fi MB 3] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe" --autorun
mRunOnce: [ldsuninst] C:\Users\user\AppData\Local\Temp\removelds.bat
mRunOnce: [ldsliteuninst] C:\Users\user\AppData\Local\Temp\removeldslite.bat
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{0b71ffb1-09ee-42c7-a87f-af18630ea418} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{220d4d6b-810d-47d8-bbe4-18f09aa0be8f} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{40a5d303-4697-4719-b1d5-81ff172a9a37} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{48018cb8-4c0b-441a-8676-2d29b969f120} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{7c7eb5f2-7ddf-410e-9f89-c6a09441d950} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{838f256a-620d-441b-9aae-106efa713b7d} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{945af93b-3815-4a6f-9d76-854e76dca377} : DHCPNameServer = 192.168.8.1 192.168.8.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {65122CB0-EA0F-47DF-A953-017170ED12F9} - "C:\Program Files (x86)\UCBrowser\Application\5.6.14087.902\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MBCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ts3yun6k.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-23 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 UCGuard;UCGuard;C:\WINDOWS\System32\drivers\ucguard.sys [2016-10-23 81792]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_45a5f;CDPUserSvc_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-4-24 1165368]
R2 HpSvc;HpSvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-28 374360]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-10-24 1136608]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2016-5-27 242264]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-4-24 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-4-24 2522680]
R2 OneSyncSvc_45a5f;Sync Host_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RzWizardService;Razer Wizard Service;C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [2016-3-23 376272]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-18 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2016-9-9 45056]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2016-9-9 22520]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-4-16 450520]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e22w8x64.sys [2016-4-16 174448]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-10-24 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-10-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-10-24 65408]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2016-4-16 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-4-24 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-4-24 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-5-16 56384]
R3 PimIndexMaintenanceSvc_45a5f;Contact Data_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_45a5f;User Data Storage_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_45a5f;User Data Access_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-10-24 1514464]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-4-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-4-16 79360]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-10-22 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-10-22 47672]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-3-26 42288]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_45a5f;MessagingService_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-9-30 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-23 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-7-22 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudserd.sys [2016-4-25 221824]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 usbrndis6;USB RNDIS6 Adapter;C:\WINDOWS\System32\drivers\usb80236.sys [2016-7-16 23040]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinDivert1.1;WinDivert1.1;C:\Program Files\KMSpico\WinDivert.sys [2016-4-16 35376]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_45a5f;Windows Push Notifications User Service_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-23 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-9-30 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== Created Last 30 ================
.
2016-10-23 21:25:23 -------- d-----w- C:\Users\user\AppData\Roaming\Ludashi
2016-10-23 19:38:45 -------- d-----w- C:\Users\user\AppData\Roaming\lockhomepage
2016-10-23 19:15:46 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-10-23 19:15:08 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-10-23 19:15:08 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-10-23 19:15:08 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-10-23 19:15:08 -------- d-----w- C:\ProgramData\Malwarebytes
2016-10-23 19:15:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Softlink
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\KuaiZip
2016-10-23 18:58:40 81792 ----a-w- C:\WINDOWS\System32\drivers\ucguard.sys
2016-10-23 18:58:40 -------- d-----w- C:\Users\user\AppData\Local\UCBrowser
2016-10-23 18:58:31 -------- d-----w- C:\Program Files (x86)\UCBrowser
2016-10-23 18:56:52 -------- d-----w- C:\Users\user\AppData\Roaming\NVIDIA
2016-10-23 18:50:37 -------- d-----w- C:\Users\user\AppData\Roaming\SimpleNotepad4
2016-10-23 16:20:54 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B03C2D0-C409-415A-AA6E-C08EEED3BFC7}\mpengine.dll
2016-10-22 19:35:56 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-10-22 10:04:55 -------- d-----w- C:\Users\user\AppData\Roaming\FiraxisLive
2016-10-22 10:04:50 -------- d-----w- C:\Users\user\AppData\Roaming\Steam
2016-10-22 09:40:35 -------- d-----w- C:\Users\user\AppData\Local\Disc_Soft_Ltd
2016-10-22 09:35:27 47672 ----a-w- C:\WINDOWS\System32\drivers\dtliteusbbus.sys
2016-10-22 09:35:10 30264 ----a-w- C:\WINDOWS\System32\drivers\dtlitescsibus.sys
2016-10-22 09:35:10 -------- d-----w- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2016-10-22 09:34:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Roaming\Corsair
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Local\Corsair
2016-10-20 14:55:57 -------- d-----w- C:\Program Files (x86)\Corsair
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Roaming\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Local\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.QtWebEngineProcess
2016-10-12 07:50:59 -------- d-----w- C:\Users\user\AppData\Local\Programs
2016-10-05 08:40:06 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{572543C3-A164-4501-8D12-7AEC3600D9A1}\gapaengine.dll
2016-09-30 14:52:59 971264 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
.
==================== Find3M ====================
.
2016-10-23 19:37:44 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-11 19:00:13 177664 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
2016-10-11 19:00:10 783360 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2016-10-05 10:35:31 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-10-05 10:34:30 894088 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-10-05 10:34:29 1051104 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-10-05 10:33:05 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2016-10-05 10:31:27 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-10-05 10:31:04 1353768 ----a-w- C:\WINDOWS\System32\winload.efi
2016-10-05 10:31:04 1172472 ----a-w- C:\WINDOWS\System32\winload.exe
2016-10-05 10:30:04 7812448 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-10-05 10:22:30 1181536 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2016-10-05 10:17:31 1322848 ----a-w- C:\WINDOWS\System32\wpx.dll
2016-10-05 10:16:12 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-10-05 10:13:51 1859264 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2016-10-05 10:13:34 146784 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2016-10-05 10:12:49 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-10-05 10:12:25 2446696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-10-05 10:12:12 1112928 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2016-10-05 10:09:21 4129928 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-10-05 10:09:12 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-05 10:09:12 1071728 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-10-05 10:09:07 64352 ----a-w- C:\WINDOWS\System32\drivers\MegaSas2i.sys
2016-10-05 10:08:36 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-10-05 10:04:52 628032 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-10-05 10:04:02 2537824 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-10-05 10:03:25 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-10-05 09:51:04 1430720 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2016-10-05 09:50:41 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2016-10-05 09:49:21 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-10-05 09:48:51 1022304 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2016-10-05 09:46:27 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-10-05 09:46:20 1360456 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-10-05 09:46:15 980824 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-10-05 09:44:01 22568960 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-10-05 09:41:58 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-10-05 09:38:50 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2016-10-05 09:38:10 237568 ----a-w- C:\WINDOWS\System32\Windows.Web.Diagnostics.dll
2016-10-05 09:36:37 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-10-05 09:36:20 113664 ----a-w- C:\WINDOWS\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:35:56 101888 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.Ngc.dll
2016-10-05 09:35:55 196096 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.dll
2016-10-05 09:35:28 327680 ----a-w- C:\WINDOWS\System32\wc_storage.dll
2016-10-05 09:35:26 352768 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2016-10-05 09:35:25 122880 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-10-05 09:34:11 144896 ----a-w- C:\WINDOWS\System32\drivers\dfsc.sys
2016-10-05 09:34:07 463360 ----a-w- C:\WINDOWS\System32\daxexec.dll
2016-10-05 09:33:53 296960 ----a-w- C:\WINDOWS\System32\mfsensorgroup.dll
2016-10-05 09:33:50 157696 ----a-w- C:\WINDOWS\System32\credprovs.dll
2016-10-05 09:33:18 651264 ----a-w- C:\WINDOWS\System32\Windows.Devices.AllJoyn.dll
2016-10-05 09:33:11 268800 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-10-05 09:32:52 223744 ----a-w- C:\WINDOWS\System32\Windows.Networking.HostName.dll
2016-10-05 09:32:27 379904 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2016-10-05 09:32:19 590336 ----a-w- C:\WINDOWS\System32\efswrt.dll
2016-10-05 09:32:09 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-10-05 09:31:59 837632 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-10-05 09:31:53 425472 ----a-w- C:\WINDOWS\System32\bcdedit.exe
2016-10-05 09:31:50 561664 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:31:41 176128 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2016-10-05 09:31:29 58880 ----a-w- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
2016-10-05 09:31:26 480768 ----a-w- C:\WINDOWS\System32\dsreg.dll
2016-10-05 09:31:11 748544 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2016-10-05 09:30:16 396800 ----a-w- C:\WINDOWS\System32\ncsi.dll
2016-10-05 09:29:58 956416 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2016-10-05 09:29:27 1145856 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-10-05 09:29:19 368640 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2016-10-05 09:29:14 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-05 09:29:12 9129984 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-10-05 09:28:44 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2016-10-05 09:28:35 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2016-10-05 09:28:30 406016 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-10-05 09:28:24 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2016-10-05 09:28:20 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-10-05 09:28:06 123904 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
2016-10-05 09:27:14 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-10-05 09:27:13 87040 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:27:05 945664 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2016-10-05 09:26:58 327680 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2016-10-05 09:26:48 137216 ----a-w- C:\WINDOWS\SysWow64\credprovs.dll
2016-10-05 09:26:46 620544 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2016-10-05 09:26:34 88576 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
2016-10-05 09:26:33 590848 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-10-05 09:26:09 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-10-05 09:26:06 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-10-05 09:25:56 1589248 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-10-05 09:25:36 299520 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2016-10-05 09:25:14 117760 ----a-w- C:\WINDOWS\SysWow64\AuthBroker.dll
2016-10-05 09:25:08 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-10-05 09:25:04 404992 ----a-w- C:\WINDOWS\SysWow64\dsreg.dll
2016-10-05 09:24:41 99328 ----a-w- C:\WINDOWS\System32\adsmsext.dll
2016-10-05 09:24:09 483840 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
2016-10-05 09:23:45 426496 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:23:38 187904 ----a-w- C:\WINDOWS\System32\dialclient.dll
2016-10-05 09:23:27 284672 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2016-10-05 09:23:27 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-10-05 09:23:14 125952 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2016-10-05 09:23:05 431616 ----a-w- C:\WINDOWS\SysWow64\efswrt.dll
2016-10-05 09:22:55 7654912 ----a-w- C:\WINDOWS\System32\mos.dll
2016-10-05 09:22:16 73216 ----a-w- C:\WINDOWS\System32\offreg.dll
2016-10-05 09:22:08 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
.
============= FINISH: 2:37:56.95 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by user at 2:37:42 on 2016-10-24
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.8053.4527 [GMT 5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWoW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uSearch Page = Google
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OneDrive] "C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Discord] C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sound Blaster X-Fi MB 3] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe" --autorun
mRunOnce: [ldsuninst] C:\Users\user\AppData\Local\Temp\removelds.bat
mRunOnce: [ldsliteuninst] C:\Users\user\AppData\Local\Temp\removeldslite.bat
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{0b71ffb1-09ee-42c7-a87f-af18630ea418} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{220d4d6b-810d-47d8-bbe4-18f09aa0be8f} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{40a5d303-4697-4719-b1d5-81ff172a9a37} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{48018cb8-4c0b-441a-8676-2d29b969f120} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{7c7eb5f2-7ddf-410e-9f89-c6a09441d950} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{838f256a-620d-441b-9aae-106efa713b7d} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{945af93b-3815-4a6f-9d76-854e76dca377} : DHCPNameServer = 192.168.8.1 192.168.8.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {65122CB0-EA0F-47DF-A953-017170ED12F9} - "C:\Program Files (x86)\UCBrowser\Application\5.6.14087.902\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MBCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ts3yun6k.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-23 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 UCGuard;UCGuard;C:\WINDOWS\System32\drivers\ucguard.sys [2016-10-23 81792]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_45a5f;CDPUserSvc_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-4-24 1165368]
R2 HpSvc;HpSvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-28 374360]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-10-24 1136608]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2016-5-27 242264]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-4-24 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-4-24 2522680]
R2 OneSyncSvc_45a5f;Sync Host_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RzWizardService;Razer Wizard Service;C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [2016-3-23 376272]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-18 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2016-9-9 45056]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2016-9-9 22520]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-4-16 450520]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e22w8x64.sys [2016-4-16 174448]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-10-24 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-10-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-10-24 65408]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2016-4-16 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-4-24 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-4-24 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-5-16 56384]
R3 PimIndexMaintenanceSvc_45a5f;Contact Data_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_45a5f;User Data Storage_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_45a5f;User Data Access_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-10-24 1514464]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-4-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-4-16 79360]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-10-22 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-10-22 47672]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-3-26 42288]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_45a5f;MessagingService_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-9-30 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-23 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-7-22 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudserd.sys [2016-4-25 221824]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 usbrndis6;USB RNDIS6 Adapter;C:\WINDOWS\System32\drivers\usb80236.sys [2016-7-16 23040]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinDivert1.1;WinDivert1.1;C:\Program Files\KMSpico\WinDivert.sys [2016-4-16 35376]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_45a5f;Windows Push Notifications User Service_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-23 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-9-30 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== Created Last 30 ================
.
2016-10-23 21:25:23 -------- d-----w- C:\Users\user\AppData\Roaming\Ludashi
2016-10-23 19:38:45 -------- d-----w- C:\Users\user\AppData\Roaming\lockhomepage
2016-10-23 19:15:46 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-10-23 19:15:08 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-10-23 19:15:08 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-10-23 19:15:08 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-10-23 19:15:08 -------- d-----w- C:\ProgramData\Malwarebytes
2016-10-23 19:15:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Softlink
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\KuaiZip
2016-10-23 18:58:40 81792 ----a-w- C:\WINDOWS\System32\drivers\ucguard.sys
2016-10-23 18:58:40 -------- d-----w- C:\Users\user\AppData\Local\UCBrowser
2016-10-23 18:58:31 -------- d-----w- C:\Program Files (x86)\UCBrowser
2016-10-23 18:56:52 -------- d-----w- C:\Users\user\AppData\Roaming\NVIDIA
2016-10-23 18:50:37 -------- d-----w- C:\Users\user\AppData\Roaming\SimpleNotepad4
2016-10-23 16:20:54 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B03C2D0-C409-415A-AA6E-C08EEED3BFC7}\mpengine.dll
2016-10-22 19:35:56 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-10-22 10:04:55 -------- d-----w- C:\Users\user\AppData\Roaming\FiraxisLive
2016-10-22 10:04:50 -------- d-----w- C:\Users\user\AppData\Roaming\Steam
2016-10-22 09:40:35 -------- d-----w- C:\Users\user\AppData\Local\Disc_Soft_Ltd
2016-10-22 09:35:27 47672 ----a-w- C:\WINDOWS\System32\drivers\dtliteusbbus.sys
2016-10-22 09:35:10 30264 ----a-w- C:\WINDOWS\System32\drivers\dtlitescsibus.sys
2016-10-22 09:35:10 -------- d-----w- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2016-10-22 09:34:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Roaming\Corsair
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Local\Corsair
2016-10-20 14:55:57 -------- d-----w- C:\Program Files (x86)\Corsair
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Roaming\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Local\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.QtWebEngineProcess
2016-10-12 07:50:59 -------- d-----w- C:\Users\user\AppData\Local\Programs
2016-10-05 08:40:06 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{572543C3-A164-4501-8D12-7AEC3600D9A1}\gapaengine.dll
2016-09-30 14:52:59 971264 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
.
==================== Find3M ====================
.
2016-10-23 19:37:44 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-11 19:00:13 177664 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
2016-10-11 19:00:10 783360 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2016-10-05 10:35:31 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-10-05 10:34:30 894088 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-10-05 10:34:29 1051104 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-10-05 10:33:05 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2016-10-05 10:31:27 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-10-05 10:31:04 1353768 ----a-w- C:\WINDOWS\System32\winload.efi
2016-10-05 10:31:04 1172472 ----a-w- C:\WINDOWS\System32\winload.exe
2016-10-05 10:30:04 7812448 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-10-05 10:22:30 1181536 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2016-10-05 10:17:31 1322848 ----a-w- C:\WINDOWS\System32\wpx.dll
2016-10-05 10:16:12 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-10-05 10:13:51 1859264 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2016-10-05 10:13:34 146784 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2016-10-05 10:12:49 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-10-05 10:12:25 2446696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-10-05 10:12:12 1112928 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2016-10-05 10:09:21 4129928 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-10-05 10:09:12 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-05 10:09:12 1071728 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-10-05 10:09:07 64352 ----a-w- C:\WINDOWS\System32\drivers\MegaSas2i.sys
2016-10-05 10:08:36 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-10-05 10:04:52 628032 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-10-05 10:04:02 2537824 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-10-05 10:03:25 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-10-05 09:51:04 1430720 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2016-10-05 09:50:41 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2016-10-05 09:49:21 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-10-05 09:48:51 1022304 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2016-10-05 09:46:27 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-10-05 09:46:20 1360456 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-10-05 09:46:15 980824 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-10-05 09:44:01 22568960 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-10-05 09:41:58 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-10-05 09:38:50 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2016-10-05 09:38:10 237568 ----a-w- C:\WINDOWS\System32\Windows.Web.Diagnostics.dll
2016-10-05 09:36:37 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-10-05 09:36:20 113664 ----a-w- C:\WINDOWS\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:35:56 101888 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.Ngc.dll
2016-10-05 09:35:55 196096 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.dll
2016-10-05 09:35:28 327680 ----a-w- C:\WINDOWS\System32\wc_storage.dll
2016-10-05 09:35:26 352768 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2016-10-05 09:35:25 122880 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-10-05 09:34:11 144896 ----a-w- C:\WINDOWS\System32\drivers\dfsc.sys
2016-10-05 09:34:07 463360 ----a-w- C:\WINDOWS\System32\daxexec.dll
2016-10-05 09:33:53 296960 ----a-w- C:\WINDOWS\System32\mfsensorgroup.dll
2016-10-05 09:33:50 157696 ----a-w- C:\WINDOWS\System32\credprovs.dll
2016-10-05 09:33:18 651264 ----a-w- C:\WINDOWS\System32\Windows.Devices.AllJoyn.dll
2016-10-05 09:33:11 268800 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-10-05 09:32:52 223744 ----a-w- C:\WINDOWS\System32\Windows.Networking.HostName.dll
2016-10-05 09:32:27 379904 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2016-10-05 09:32:19 590336 ----a-w- C:\WINDOWS\System32\efswrt.dll
2016-10-05 09:32:09 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-10-05 09:31:59 837632 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-10-05 09:31:53 425472 ----a-w- C:\WINDOWS\System32\bcdedit.exe
2016-10-05 09:31:50 561664 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:31:41 176128 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2016-10-05 09:31:29 58880 ----a-w- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
2016-10-05 09:31:26 480768 ----a-w- C:\WINDOWS\System32\dsreg.dll
2016-10-05 09:31:11 748544 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2016-10-05 09:30:16 396800 ----a-w- C:\WINDOWS\System32\ncsi.dll
2016-10-05 09:29:58 956416 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2016-10-05 09:29:27 1145856 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-10-05 09:29:19 368640 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2016-10-05 09:29:14 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-05 09:29:12 9129984 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-10-05 09:28:44 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2016-10-05 09:28:35 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2016-10-05 09:28:30 406016 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-10-05 09:28:24 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2016-10-05 09:28:20 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-10-05 09:28:06 123904 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
2016-10-05 09:27:14 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-10-05 09:27:13 87040 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:27:05 945664 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2016-10-05 09:26:58 327680 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2016-10-05 09:26:48 137216 ----a-w- C:\WINDOWS\SysWow64\credprovs.dll
2016-10-05 09:26:46 620544 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2016-10-05 09:26:34 88576 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
2016-10-05 09:26:33 590848 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-10-05 09:26:09 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-10-05 09:26:06 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-10-05 09:25:56 1589248 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-10-05 09:25:36 299520 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2016-10-05 09:25:14 117760 ----a-w- C:\WINDOWS\SysWow64\AuthBroker.dll
2016-10-05 09:25:08 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-10-05 09:25:04 404992 ----a-w- C:\WINDOWS\SysWow64\dsreg.dll
2016-10-05 09:24:41 99328 ----a-w- C:\WINDOWS\System32\adsmsext.dll
2016-10-05 09:24:09 483840 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
2016-10-05 09:23:45 426496 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:23:38 187904 ----a-w- C:\WINDOWS\System32\dialclient.dll
2016-10-05 09:23:27 284672 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2016-10-05 09:23:27 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-10-05 09:23:14 125952 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2016-10-05 09:23:05 431616 ----a-w- C:\WINDOWS\SysWow64\efswrt.dll
2016-10-05 09:22:55 7654912 ----a-w- C:\WINDOWS\System32\mos.dll
2016-10-05 09:22:16 73216 ----a-w- C:\WINDOWS\System32\offreg.dll
2016-10-05 09:22:08 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
.
============= FINISH: 2:37:56.95 ===============