My son stated he downloaded a program (Clipgrab) and it installed other programs, change browse home page, tried to install chrome ex., installed Advanced-PC-Care, and Chromium. Got "Attention 1311 system issues found" warning box. I also believe there are other issues as he does not know/understand computer security threats.
Thx
______________________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.111.2
Run by Bobs at 9:01:28 on 2017-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12227.9544 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ByteFence\ByteFence.exe
C:\Program Files\ByteFence\ByteFenceService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Bobs\AppData\Local\Akamai\netsession_win.exe"
uRun: [ApowersoftScreenRecorder] C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleChromeAutoLaunch_79FDE7476D2035E204915C9A44029ADF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRun: [Chromium] c:\users\bobs\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Bobs\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEGAsync.lnk - C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30D7C005-E93B-47E2-A73A-1B1A7FF882B9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.86.5.247 apowersoft.com
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bobs\AppData\Roaming\Mozilla\Firefox\Profiles\fed5q4yd.default-1481328372243\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bobs\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Bobs\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-17 644968]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-17 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-9-17 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2015-9-1 56336]
R2 AdobeActiveFileMonitor13.0;Adobe Active File Monitor V13;C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [2014-8-31 231120]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-2-14 693440]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2218712]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-17 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-9-17 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-9-17 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-9-17 149120]
R2 ByteFenceService;ByteFence Anti-Malware Service;C:\Program Files\ByteFence\ByteFenceService.exe [2016-12-18 146400]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2013-7-9 195336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-8-3 169432]
R2 rtop;ByteFence Security Real-time Protection;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2017-1-14 254280]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-6-28 754784]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2016-8-16 98984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\windows\System32\drivers\e1d62x64.sys [2013-9-17 495376]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\windows\System32\drivers\ICCWDT.sys [2016-11-2 38680]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-9-17 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-9-17 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2013-9-17 218456]
S2 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2016-6-28 120416]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-12-27 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-9-17 449528]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2013-9-17 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2013-9-17 42192]
S3 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2013-9-1 293416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-17 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2016-6-28 213088]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2013-9-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2015-8-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-9-17 30208]
S3 wampapache64;wampapache64;C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [2016-12-27 29696]
S3 wampmysqld64;wampmysqld64;c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 --> c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-8-3 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
.
=============== Created Last 30 ================
.
2017-01-14 13:22:09 -------- d-----w- C:\ProgramData\ByteFence
2017-01-14 13:12:38 -------- d-----w- C:\Users\Bobs\AppData\Local\chromium
2017-01-14 13:11:48 -------- d-----w- C:\Users\Bobs\AppData\Local\{7D254B79-598D-27C1-3415-0229107DFEB1}
2017-01-14 13:11:38 -------- d-----w- C:\Users\Bobs\AppData\Roaming\Advancedpccare.net
2017-01-14 13:11:33 -------- d-----w- C:\Users\Bobs\AppData\Roaming\efo
2017-01-14 13:11:33 -------- d-----w- C:\ProgramData\advancedpccare.net
2017-01-14 13:11:32 -------- d-----w- C:\Program Files\Advanced-PC-Care
2017-01-14 13:11:31 -------- d-----w- C:\Program Files\ByteFence
2017-01-14 13:11:23 -------- d-----w- C:\Program Files (x86)\ClipGrab
2017-01-14 03:08:15 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDBABA1D-33A7-4616-8E6E-43BDD36B09D4}\mpengine.dll
2017-01-13 22:54:55 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-01-04 18:55:52 -------- d-----r- C:\Program Files (x86)\Skype
2017-01-02 17:44:31 -------- d-----w- C:\Program Files (x86)\SpinnerChief 4 Ultimate v9.0.2
2017-01-02 17:42:30 -------- d-----w- C:\Program Files (x86)\WhiteHatBox
2016-12-27 22:57:49 -------- d-----w- C:\wamp64
2016-12-21 11:07:26 -------- d-----w- C:\Users\Bobs\AppData\Local\Blurb
2016-12-21 11:07:17 -------- d-----w- C:\Program Files (x86)\BookWright
.
==================== Find3M ====================
.
2017-01-10 17:04:11 802904 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 17:04:11 144472 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-30 03:34:16 28352 ----a-w- C:\windows\SysWow64\aspnet_counters.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 03:27:48 30400 ----a-w- C:\windows\System32\aspnet_counters.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr110_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\windows\SysWow64\authui.dll
2016-11-09 16:07:26 1382240 ----a-w- C:\windows\System32\tosade.dll
2016-11-09 16:07:24 75544 ----a-w- C:\windows\System32\tepeqapo64.dll
2016-11-09 16:07:22 873464 ----a-w- C:\windows\System32\tadefxapo264.dll
2016-11-09 16:07:20 158704 ----a-w- C:\windows\System32\tadefxapo.dll
2016-11-09 16:07:18 166208 ----a-w- C:\windows\System32\SRSWOW64.dll
2016-11-09 16:07:14 532384 ----a-w- C:\windows\System32\SRSTSX64.dll
2016-11-09 16:07:12 221968 ----a-w- C:\windows\System32\SRSTSH64.dll
2016-11-09 16:07:10 209536 ----a-w- C:\windows\System32\SRSHP64.dll
2016-11-09 16:05:58 965032 ----a-w- C:\windows\System32\SFSS_APO.dll
2016-11-09 16:05:50 231920 ----a-w- C:\windows\System32\SFNHK64.dll
2016-11-09 16:05:42 90920 ----a-w- C:\windows\System32\SFCOM64.dll
2016-11-09 16:05:42 83632 ----a-w- C:\windows\SysWow64\SFCOM.dll
2016-11-09 16:05:40 88328 ----a-w- C:\windows\System32\SFAPO64.dll
2016-11-09 16:05:04 343712 ----a-w- C:\windows\System32\RtlCPAPI64.dll
2016-11-09 16:05:00 192984 ----a-w- C:\windows\System32\RtkCfg64.dll
2016-11-09 16:04:54 3283248 ----a-w- C:\windows\System32\RtkApi64.dll
2016-11-09 16:04:48 387320 ----a-w- C:\windows\System32\RTEEP64A.dll
2016-11-09 16:04:46 88352 ----a-w- C:\windows\System32\RTEEG64A.dll
2016-11-09 16:04:46 110984 ----a-w- C:\windows\System32\RTEEL64A.dll
.
============= FINISH: 9:02:12.94 ===============
Thx
______________________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.111.2
Run by Bobs at 9:01:28 on 2017-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12227.9544 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ByteFence\ByteFence.exe
C:\Program Files\ByteFence\ByteFenceService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Bobs\AppData\Local\Akamai\netsession_win.exe"
uRun: [ApowersoftScreenRecorder] C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleChromeAutoLaunch_79FDE7476D2035E204915C9A44029ADF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRun: [Chromium] c:\users\bobs\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Bobs\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEGAsync.lnk - C:\Users\Bobs\AppData\Local\MEGAsync\MEGAsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30D7C005-E93B-47E2-A73A-1B1A7FF882B9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCyD0BtCyDtC0FtBtAzz0FtN0D0Tzu0StCzzyEtDtN1L2XzutAtFtByDtFtCtFtCtDzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0DtA0BtD0CtGtD0CtCtBtGyE0C0CyCtGyByDyDtCtG0BtA0DzzyDyCtBtD0AzytA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0A0E0A0FyByC0AtGyD0DtDyDtGyEyB0ByDtGzytDyDtAtGyB0CzyyEyBtCzz0B0A0DyDyD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyEyB%26cr%3D1621362309%26a%3Dwbf_fs_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.86.5.247 apowersoft.com
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bobs\AppData\Roaming\Mozilla\Firefox\Profiles\fed5q4yd.default-1481328372243\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bobs\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Bobs\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-17 644968]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-17 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-9-17 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2015-9-1 56336]
R2 AdobeActiveFileMonitor13.0;Adobe Active File Monitor V13;C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [2014-8-31 231120]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-2-14 693440]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2218712]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-17 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-9-17 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-9-17 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-9-17 149120]
R2 ByteFenceService;ByteFence Anti-Malware Service;C:\Program Files\ByteFence\ByteFenceService.exe [2016-12-18 146400]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2013-7-9 195336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-8-3 169432]
R2 rtop;ByteFence Security Real-time Protection;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2017-1-14 254280]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-6-28 754784]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2016-8-16 98984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\windows\System32\drivers\e1d62x64.sys [2013-9-17 495376]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\windows\System32\drivers\ICCWDT.sys [2016-11-2 38680]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-9-17 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-9-17 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2013-9-17 218456]
S2 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2016-6-28 120416]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-12-27 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-9-17 449528]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2013-9-17 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2013-9-17 42192]
S3 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2013-9-1 293416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-17 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2016-6-28 213088]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2013-9-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2015-8-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-9-17 30208]
S3 wampapache64;wampapache64;C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [2016-12-27 29696]
S3 wampmysqld64;wampmysqld64;c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 --> c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld64 [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-8-3 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
.
=============== Created Last 30 ================
.
2017-01-14 13:22:09 -------- d-----w- C:\ProgramData\ByteFence
2017-01-14 13:12:38 -------- d-----w- C:\Users\Bobs\AppData\Local\chromium
2017-01-14 13:11:48 -------- d-----w- C:\Users\Bobs\AppData\Local\{7D254B79-598D-27C1-3415-0229107DFEB1}
2017-01-14 13:11:38 -------- d-----w- C:\Users\Bobs\AppData\Roaming\Advancedpccare.net
2017-01-14 13:11:33 -------- d-----w- C:\Users\Bobs\AppData\Roaming\efo
2017-01-14 13:11:33 -------- d-----w- C:\ProgramData\advancedpccare.net
2017-01-14 13:11:32 -------- d-----w- C:\Program Files\Advanced-PC-Care
2017-01-14 13:11:31 -------- d-----w- C:\Program Files\ByteFence
2017-01-14 13:11:23 -------- d-----w- C:\Program Files (x86)\ClipGrab
2017-01-14 03:08:15 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDBABA1D-33A7-4616-8E6E-43BDD36B09D4}\mpengine.dll
2017-01-13 22:54:55 12229912 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-01-04 18:55:52 -------- d-----r- C:\Program Files (x86)\Skype
2017-01-02 17:44:31 -------- d-----w- C:\Program Files (x86)\SpinnerChief 4 Ultimate v9.0.2
2017-01-02 17:42:30 -------- d-----w- C:\Program Files (x86)\WhiteHatBox
2016-12-27 22:57:49 -------- d-----w- C:\wamp64
2016-12-21 11:07:26 -------- d-----w- C:\Users\Bobs\AppData\Local\Blurb
2016-12-21 11:07:17 -------- d-----w- C:\Program Files (x86)\BookWright
.
==================== Find3M ====================
.
2017-01-10 17:04:11 802904 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 17:04:11 144472 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-30 03:34:16 28352 ----a-w- C:\windows\SysWow64\aspnet_counters.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 03:34:16 19112 ----a-w- C:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 03:27:48 30400 ----a-w- C:\windows\System32\aspnet_counters.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr110_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2016-11-30 03:27:48 19112 ----a-w- C:\windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\windows\SysWow64\authui.dll
2016-11-09 16:07:26 1382240 ----a-w- C:\windows\System32\tosade.dll
2016-11-09 16:07:24 75544 ----a-w- C:\windows\System32\tepeqapo64.dll
2016-11-09 16:07:22 873464 ----a-w- C:\windows\System32\tadefxapo264.dll
2016-11-09 16:07:20 158704 ----a-w- C:\windows\System32\tadefxapo.dll
2016-11-09 16:07:18 166208 ----a-w- C:\windows\System32\SRSWOW64.dll
2016-11-09 16:07:14 532384 ----a-w- C:\windows\System32\SRSTSX64.dll
2016-11-09 16:07:12 221968 ----a-w- C:\windows\System32\SRSTSH64.dll
2016-11-09 16:07:10 209536 ----a-w- C:\windows\System32\SRSHP64.dll
2016-11-09 16:05:58 965032 ----a-w- C:\windows\System32\SFSS_APO.dll
2016-11-09 16:05:50 231920 ----a-w- C:\windows\System32\SFNHK64.dll
2016-11-09 16:05:42 90920 ----a-w- C:\windows\System32\SFCOM64.dll
2016-11-09 16:05:42 83632 ----a-w- C:\windows\SysWow64\SFCOM.dll
2016-11-09 16:05:40 88328 ----a-w- C:\windows\System32\SFAPO64.dll
2016-11-09 16:05:04 343712 ----a-w- C:\windows\System32\RtlCPAPI64.dll
2016-11-09 16:05:00 192984 ----a-w- C:\windows\System32\RtkCfg64.dll
2016-11-09 16:04:54 3283248 ----a-w- C:\windows\System32\RtkApi64.dll
2016-11-09 16:04:48 387320 ----a-w- C:\windows\System32\RTEEP64A.dll
2016-11-09 16:04:46 88352 ----a-w- C:\windows\System32\RTEEG64A.dll
2016-11-09 16:04:46 110984 ----a-w- C:\windows\System32\RTEEL64A.dll
.
============= FINISH: 9:02:12.94 ===============