Hello, lately I've noticed odd files showing up on fresh installs and registry entries which are suspicious. I also see many connection resets and encrypted data over wire shark. Attached are my dds logs. (also, they would not show up on my desktop even though I could see them in file explorer.)
I run solely with user privileges and suspect dll/object injection.
%temp% now has some manifest.json files with: "CRLSet","Sequence":3533,"DeltaFrom":0,"NumParents":55,"BlockedSPKIs"
a windows app called codewriter was installed.
Thank you kindly.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by useless at 12:09:31 on 2017-02-05
Microsoft Windows 10 Enterprise Evaluation 10.0.14393.0.1252.1.1033.18.5943.3568 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\wlms\wlms.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\dwm.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\taskhostw.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\system32\AUDIODG.EXE
svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uRun: [OneDrive] "C:\Users\useless\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879}\542796B616 : DHCPNameServer = 192.168.29.10
TCP: Interfaces\{d214b33f-7338-47b7-86cf-a84c57dad899} : NameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\Windows\System32\drivers\iorate.sys [2017-2-4 48992]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2017-2-4 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2017-2-4 227328]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_3581c9;CDPUserSvc_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\Windows\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 OneSyncSvc_3581c9;Sync Host_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2017-2-4 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WLMS;Windows Licensing Monitoring Service;C:\Windows\System32\wlms\wlms.exe [2016-7-16 23552]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\BthLEEnum.sys [2017-2-4 249856]
R3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppVStrm.sys [2017-2-4 127328]
S3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2017-2-4 118272]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2017-2-4 64352]
S3 MessagingService_3581c9;MessagingService_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\Windows\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_3581c9;Contact Data_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-7-16 589824]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\Windows\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-2-4 2889896]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2017-2-4 1312768]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2017-2-4 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_3581c9;User Data Storage_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_3581c9;User Data Access_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2017-2-4 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_3581c9;Windows Push Notifications User Service_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2017-2-4 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2017-2-4 43520]
S4 AppVClient;Microsoft App-V Client;C:\Windows\System32\AppVClient.exe [2017-2-4 822624]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\Windows\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\Windows\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7356ABA7-12C7-4C95-9220-9AC917EECD68}\gapaengine.dll
2017-02-04 13:50:21 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16D0D9A3-482E-4265-B2B1-7AF4B69EAF80}\mpengine.dll
2017-02-04 13:50:17 485032 ------w- C:\Windows\System32\MpSigStub.exe
2017-02-04 13:49:10 -------- d-----w- C:\Windows\System32\MRT
2017-02-04 13:37:35 -------- d-----w- C:\Users\useless\AppData\Local\Comms
2017-02-04 13:23:33 -------- d-----w- C:\Windows\System32\wbem\Performance
2017-02-04 13:22:46 -------- d-----r- C:\Users\useless\OneDrive
2017-02-04 13:22:35 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-02-04 13:20:33 -------- d-----w- C:\ProgramData\USOShared
2017-02-04 13:11:13 142848 ----a-w- C:\Windows\System32\poqexec.exe
2017-02-04 13:11:13 120320 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-02-04 12:50:18 -------- d-----w- C:\Intel
2017-02-04 12:49:11 -------- d-----w- C:\Program Files\Common Files\Atheros
.
==================== Find3M ====================
.
2016-12-22 23:13:26 835576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\Windows\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\Windows\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\Windows\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\Windows\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\Windows\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\Windows\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\Windows\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\Windows\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\Windows\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\Windows\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\Windows\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\Windows\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\Windows\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\Windows\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\Windows\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\Windows\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\Windows\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\Windows\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\Windows\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\Windows\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\Windows\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\Windows\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\Windows\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\Windows\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\Windows\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\Windows\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\Windows\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\Windows\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\Windows\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\Windows\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\Windows\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\Windows\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\Windows\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\Windows\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\Windows\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\Windows\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\Windows\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\Windows\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\Windows\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\Windows\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\Windows\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\Windows\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\Windows\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\Windows\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\Windows\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\Windows\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\Windows\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\Windows\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\Windows\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\Windows\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\Windows\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\Windows\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\Windows\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\Windows\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\Windows\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\Windows\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\Windows\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\Windows\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\Windows\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\Windows\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\Windows\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\Windows\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\Windows\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\Windows\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\Windows\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\Windows\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\Windows\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\Windows\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\Windows\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\Windows\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\Windows\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\Windows\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\Windows\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\Windows\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\Windows\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\Windows\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2016-12-14 05:26:19 1469792 ----a-w- C:\Windows\SysWow64\AppVEntSubsystems32.dll
.
============= FINISH: 12:09:47.46 ===============
I run solely with user privileges and suspect dll/object injection.
%temp% now has some manifest.json files with: "CRLSet","Sequence":3533,"DeltaFrom":0,"NumParents":55,"BlockedSPKIs"
a windows app called codewriter was installed.
Thank you kindly.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by useless at 12:09:31 on 2017-02-05
Microsoft Windows 10 Enterprise Evaluation 10.0.14393.0.1252.1.1033.18.5943.3568 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\wlms\wlms.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\dwm.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\taskhostw.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\system32\AUDIODG.EXE
svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uRun: [OneDrive] "C:\Users\useless\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{5f5381bd-3f32-4c29-b1c4-876f80c4c879}\542796B616 : DHCPNameServer = 192.168.29.10
TCP: Interfaces\{d214b33f-7338-47b7-86cf-a84c57dad899} : NameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\Windows\System32\drivers\iorate.sys [2017-2-4 48992]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2017-2-4 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2017-2-4 227328]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_3581c9;CDPUserSvc_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\Windows\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 OneSyncSvc_3581c9;Sync Host_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2017-2-4 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WLMS;Windows Licensing Monitoring Service;C:\Windows\System32\wlms\wlms.exe [2016-7-16 23552]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\BthLEEnum.sys [2017-2-4 249856]
R3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppVStrm.sys [2017-2-4 127328]
S3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2017-2-4 118272]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2017-2-4 64352]
S3 MessagingService_3581c9;MessagingService_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\Windows\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_3581c9;Contact Data_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-7-16 589824]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\Windows\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-2-4 2889896]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2017-2-4 1312768]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2017-2-4 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_3581c9;User Data Storage_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_3581c9;User Data Access_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2017-2-4 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_3581c9;Windows Push Notifications User Service_3581c9;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2017-2-4 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2017-2-4 43520]
S4 AppVClient;Microsoft App-V Client;C:\Windows\System32\AppVClient.exe [2017-2-4 822624]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\Windows\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\Windows\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-02-04 13:50:42 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7356ABA7-12C7-4C95-9220-9AC917EECD68}\gapaengine.dll
2017-02-04 13:50:21 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16D0D9A3-482E-4265-B2B1-7AF4B69EAF80}\mpengine.dll
2017-02-04 13:50:17 485032 ------w- C:\Windows\System32\MpSigStub.exe
2017-02-04 13:49:10 -------- d-----w- C:\Windows\System32\MRT
2017-02-04 13:37:35 -------- d-----w- C:\Users\useless\AppData\Local\Comms
2017-02-04 13:23:33 -------- d-----w- C:\Windows\System32\wbem\Performance
2017-02-04 13:22:46 -------- d-----r- C:\Users\useless\OneDrive
2017-02-04 13:22:35 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-02-04 13:20:33 -------- d-----w- C:\ProgramData\USOShared
2017-02-04 13:11:13 142848 ----a-w- C:\Windows\System32\poqexec.exe
2017-02-04 13:11:13 120320 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-02-04 12:50:18 -------- d-----w- C:\Intel
2017-02-04 12:49:11 -------- d-----w- C:\Program Files\Common Files\Atheros
.
==================== Find3M ====================
.
2016-12-22 23:13:26 835576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-21 08:08:31 245600 ----a-w- C:\Windows\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\Windows\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\Windows\System32\Windows.Storage.ApplicationData.dll
2016-12-21 07:46:39 624048 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\Windows\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\Windows\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\Windows\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\Windows\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\Windows\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\Windows\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\Windows\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\Windows\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\Windows\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\Windows\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\Windows\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\Windows\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\Windows\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\Windows\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\Windows\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\Windows\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\Windows\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\Windows\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2016-12-21 07:08:14 418304 ----a-w- C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\Windows\System32\provengine.dll
2016-12-21 07:08:03 1292288 ----a-w- C:\Windows\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\Windows\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\Windows\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\Windows\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\Windows\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\Windows\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\Windows\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\Windows\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\Windows\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\Windows\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\Windows\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\Windows\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\Windows\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\Windows\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\Windows\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\Windows\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\Windows\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\Windows\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\Windows\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\Windows\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\Windows\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\Windows\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\Windows\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\Windows\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\Windows\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\Windows\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\Windows\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\Windows\SysWow64\Windows.Storage.ApplicationData.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\Windows\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\Windows\SysWow64\LaunchWinApp.exe
2016-12-21 04:43:09 285184 ----a-w- C:\Windows\SysWow64\Windows.UI.BlockedShutdown.dll
2016-12-21 04:41:59 253952 ----a-w- C:\Windows\SysWow64\Windows.UI.BioFeedback.dll
2016-12-21 04:41:15 231936 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-21 04:40:57 180224 ----a-w- C:\Windows\SysWow64\InstallAgent.exe
2016-12-21 04:40:43 237056 ----a-w- C:\Windows\SysWow64\SyncSettings.dll
2016-12-21 04:40:39 318976 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2016-12-21 04:40:07 557568 ----a-w- C:\Windows\SysWow64\StoreAgent.dll
2016-12-21 04:39:58 1300480 ----a-w- C:\Windows\SysWow64\MSVPXENC.dll
2016-12-21 04:39:04 223232 ----a-w- C:\Windows\SysWow64\InstallAgentUserBroker.exe
2016-12-21 04:38:54 866816 ----a-w- C:\Windows\SysWow64\Windows.UI.Cred.dll
2016-12-21 04:35:42 198656 ----a-w- C:\Windows\SysWow64\indexeddbserver.dll
2016-12-21 04:35:28 4612608 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2016-12-21 04:34:53 7626752 ----a-w- C:\Windows\SysWow64\twinui.dll
2016-12-21 04:33:09 19413504 ----a-w- C:\Windows\SysWow64\edgehtml.dll
2016-12-21 04:30:56 5398016 ----a-w- C:\Windows\SysWow64\aclui.dll
2016-12-21 04:30:06 1255936 ----a-w- C:\Windows\SysWow64\AzureSettingSyncProvider.dll
2016-12-21 04:27:12 640000 ----a-w- C:\Windows\SysWow64\MCRecvSrc.dll
2016-12-21 04:26:36 1155072 ----a-w- C:\Windows\SysWow64\MSVP9DEC.dll
2016-12-21 04:25:44 7469056 ----a-w- C:\Windows\SysWow64\mstscax.dll
2016-12-21 04:25:42 6474752 ----a-w- C:\Windows\SysWow64\mspaint.exe
2016-12-21 04:24:58 6044160 ----a-w- C:\Windows\SysWow64\Chakra.dll
2016-12-21 04:24:30 5061120 ----a-w- C:\Windows\SysWow64\d2d1.dll
2016-12-21 04:24:11 886272 ----a-w- C:\Windows\SysWow64\aadtb.dll
2016-12-21 04:24:09 3733504 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2016-12-21 04:22:44 1883648 ----a-w- C:\Windows\SysWow64\Windows.UI.Logon.dll
2016-12-21 04:22:32 860672 ----a-w- C:\Windows\SysWow64\SettingSyncCore.dll
2016-12-14 05:41:35 1235296 ----a-w- C:\Windows\System32\aeinv.dll
2016-12-14 05:41:32 590960 ----a-w- C:\Windows\System32\AudioSes.dll
2016-12-14 05:34:03 2482280 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2016-12-14 05:26:19 1469792 ----a-w- C:\Windows\SysWow64\AppVEntSubsystems32.dll
.
============= FINISH: 12:09:47.46 ===============