It appears my system has been hijacked. I've tried a few old tricks from years ago to clean things up, and of course they don't work now. Windows defender has been disabled and I can't enable it, Malwarebytes can't find anything after running Rkill, Avast cannot load or update and I have drive by pop ups all over the place. :facepalm:
Here are the . DDS logs
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.101.2
Run by Owner at 7:28:10 on 2017-04-15
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.2005.1127 [GMT -6:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - c:\program files\intel security\true key\msie\truekey_ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_101\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_101\bin\jp2ssv.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - c:\program files\intel security\true key\msie\truekey_ie.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Dropbox Update] "c:\users\owner\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [OneDrive] "c:\users\owner\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [iCloudServices] "c:\program files\common files\apple\internet services\iCloudServices.exe"
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvLaunch.exe" /gui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.11.523\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{30e2b29c-cd72-4dea-8c4e-a51cf9117d04} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli c:\program files\truekey\McAfeeTrueKeyPasswordFilter
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\57.0.2987.133\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\hi7x2ycl.default\
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1228198.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_22_0_0_209.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_25_0_0_127.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2016-7-16 42520]
R0 iorate;iorate;c:\windows\system32\drivers\iorate.sys [2016-11-8 42336]
R0 volume;Volume driver;c:\windows\system32\drivers\volume.sys [2016-7-16 14176]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;c:\windows\system32\drivers\WindowsTrustedRT.sys [2016-7-16 86040]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;c:\windows\system32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 15384]
R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2016-9-25 173408]
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-10-28 188928]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-29 31064]
R1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2016-3-17 388488]
R2 CoreMessagingRegistrar;CoreMessaging;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 38792]
R2 tiledatamodelsvc;Tile Data model server;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R2 UserManager;User Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
R3 iaStorAV;Intel(R) SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2016-7-16 524640]
R3 LSI_SAS2i;LSI_SAS2i;c:\windows\system32\drivers\lsi_sas2i.sys [2016-7-16 89952]
R3 LSI_SAS3i;LSI_SAS3i;c:\windows\system32\drivers\lsi_sas3i.sys [2016-7-16 85856]
R3 megasas2i;megasas2i;c:\windows\system32\drivers\MegaSas2i.sys [2016-10-11 56672]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2016-7-16 15872]
R3 percsas2i;percsas2i;c:\windows\system32\drivers\percsas2i.sys [2016-7-16 51552]
R3 percsas3i;percsas3i;c:\windows\system32\drivers\percsas3i.sys [2016-7-16 54624]
R3 rt640x86;Realtek RT640 NT Driver;c:\windows\system32\drivers\rt640x86.sys [2016-7-16 494080]
R3 StateRepository;State Repository Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2016-7-16 66912]
R3 storufs;Microsoft Universal Flash Storage (UFS) Driver;c:\windows\system32\drivers\storufs.sys [2016-7-16 26976]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-3-15 255184]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-3 764064]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-3 472760]
S1 FileCrypt;FileCrypt;c:\windows\system32\drivers\filecrypt.sys [2016-7-16 77312]
S1 GpuEnergyDrv;GPU Energy Driver;c:\windows\system32\drivers\gpuenergydrv.sys [2016-7-16 7680]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-3 106904]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-2-20 118800]
S2 avast! Antivirus;Avast Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2017-4-5 261712]
S2 avast! Firewall;Avast Firewall Service;c:\program files\alwil software\avast5\afwServ.exe [2017-4-5 310496]
S2 CDPSvc;Connected Devices Platform Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S2 CDPUserSvc_18d5c;CDPUserSvc_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S2 clreg;Virtual Registry for Containers;c:\windows\system32\drivers\registry.sys [2016-7-16 58368]
S2 DiagTrack;Connected User Experiences and Telemetry;c:\windows\system32\svchost.exe -k utcsvc [2016-7-16 38792]
S2 DoSvc;Delivery Optimization;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-5-19 1436192]
S2 InstallerService;Service Installer TrueKey;c:\program files\truekey\mcafee.truekey.installerservice.exe -originalversion 4.4.127.0 --> c:\program files\truekey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S2 MapsBroker;Downloaded Maps Manager;c:\windows\system32\svchost.exe -k NetworkService [2016-7-16 38792]
S2 OneSyncSvc_18d5c;Sync Host_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2017-2-27 317400]
S2 storqosflt;Storage QoS Filter Driver;c:\windows\system32\drivers\storqosflt.sys [2016-7-16 62976]
S2 TrueKey;Intel Security True Key;c:\program files\truekey\McAfee.TrueKey.Service.exe [2017-4-14 997360]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\truekey\McTkSchedulerService.exe [2017-1-20 17304]
S2 wcifs;Windows Container Isolation;c:\windows\system32\drivers\wcifs.sys [2016-9-29 95072]
S2 wcnfs;Windows Container Name Virtualization;c:\windows\system32\drivers\wcnfs.sys [2016-7-16 52736]
S2 WpnService;Windows Push Notifications System Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 AcpiDev;ACPI Devices driver;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
S3 AJRouter;AllJoyn Router Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 applockerfltr;Smartlocker Filter Driver;c:\windows\system32\drivers\applockerfltr.sys [2016-7-16 12288]
S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2016-7-16 38792]
S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\alwil software\avast5\aswidsagent.exe [2017-4-5 5758120]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2014-4-29 34136]
S3 bcmfn;bcmfn Service;c:\windows\system32\drivers\bcmfn.sys [2016-7-16 8192]
S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2016-7-16 8192]
S3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 38792]
S3 buttonconverter;Service for Portable Device Control devices;c:\windows\system32\drivers\buttonconverter.sys [2016-7-16 27648]
S3 CapImg;HID driver for CapImg touch screen;c:\windows\system32\drivers\capimg.sys [2016-10-28 97792]
S3 ClipSVC;Client License Service (ClipSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 DcpSvc;DataCollectionPublishingService;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DevQueryBroker;DevQuery Background Discovery Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;c:\windows\system32\diagsvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 69632]
S3 DmEnrollmentSvc;Device Management Enrollment Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 dmwappushservice;dmwappushsvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DsSvc;Data Sharing Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 embeddedmode;Embedded Mode;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 EntAppSvc;Enterprise App Management Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 FrameServer;Windows Camera Frame Server;c:\windows\system32\svchost.exe -k Camera [2016-7-16 38792]
S3 genericusbfn;Generic USB Function Class;c:\windows\system32\drivers\genericusbfn.sys [2016-7-16 17920]
S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2016-7-16 22016]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;c:\windows\system32\drivers\hidinterrupt.sys [2016-7-16 38240]
S3 iagpio;Intel Serial IO GPIO Controller Driver;c:\windows\system32\drivers\iagpio.sys [2016-7-16 25600]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;c:\windows\system32\drivers\iai2c.sys [2016-7-16 66560]
S3 iaioi2c;Intel(R) Atom(TM) Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2016-7-16 61936]
S3 icssvc;Windows Mobile Hotspot Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;c:\windows\system32\drivers\IndirectKmd.sys [2016-7-16 30208]
S3 lfsvc;Geolocation Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 LicenseManager;Windows License Manager Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.11.523\McCHSvc.exe [2017-3-20 321768]
S3 MessagingService_18d5c;MessagingService_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;c:\windows\system32\drivers\NetAdapterCx.sys [2016-7-16 62976]
S3 NetSetupSvc;Network Setup Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 NgcCtnrSvc;Microsoft Passport Container;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 NgcSvc;Microsoft Passport;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 PhoneSvc;Phone Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 PimIndexMaintenanceSvc_18d5c;Contact Data_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 RetailDemo;Retail Demo Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 SensorDataService;Sensor Data Service;c:\windows\system32\SensorDataService.exe [2017-3-15 894976]
S3 SensorService;Sensor Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2016-7-16 117600]
S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2016-7-16 38792]
S3 SmsRouter;Microsoft Windows SMS Router Service.;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 TieringEngineService;Storage Tiers Management;c:\windows\system32\TieringEngineService.exe [2016-7-16 253440]
S3 TimeBrokerSvc;Time Broker;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 TrueKeyServiceHelper;Intel Security True Key Helper Service;c:\program files\truekey\McAfee.TrueKey.ServiceHelper.exe [2017-4-14 73968]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;c:\windows\system32\drivers\UcmCx.sys [2016-7-16 68608]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;c:\windows\system32\drivers\UcmTcpciCx.sys [2016-7-16 76800]
S3 UcmUcsi;USB Connector Manager UCSI Client;c:\windows\system32\drivers\UcmUcsi.sys [2016-7-16 35840]
S3 UdeCx;USB Device Emulation Support Library;c:\windows\system32\drivers\Udecx.sys [2016-7-16 33280]
S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2016-7-16 23392]
S3 Ufx01000;USB Function Class Extension;c:\windows\system32\drivers\ufx01000.sys [2016-7-16 205152]
S3 UfxChipidea;USB Chipidea Controller;c:\windows\system32\drivers\UfxChipidea.sys [2016-7-16 75616]
S3 ufxsynopsys;USB Synopsys Controller;c:\windows\system32\drivers\ufxsynopsys.sys [2016-7-16 107360]
S3 UnistoreSvc_18d5c;User Data Storage_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;c:\windows\system32\drivers\urschipidea.sys [2016-7-16 22880]
S3 UrsCx01000;USB Role-Switch Support Library;c:\windows\system32\drivers\urscx01000.sys [2016-7-16 42336]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;c:\windows\system32\drivers\urssynopsys.sys [2016-7-16 21856]
S3 UserDataSvc_18d5c;User Data Access_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 UsoSvc;Update Orchestrator Service for Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 vhf;Virtual HID Framework (VHF) Driver;c:\windows\system32\drivers\vhf.sys [2016-7-16 24064]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;c:\windows\system32\drivers\vmgid.sys [2016-7-16 8704]
S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 w3logsvc;W3C Logging Service;c:\windows\system32\svchost.exe -k apphost [2016-7-16 38792]
S3 WalletService;WalletService;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 wdiwifi;WDI Driver Framework;c:\windows\system32\drivers\WdiWiFi.sys [2017-3-15 518656]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2016-7-16 100192]
S3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2017-4-11 271496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2016-7-16 38792]
S3 wisvc;Windows Insider Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 WpnUserService_18d5c;Windows Push Notifications User Service_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2016-7-16 161280]
S3 XblAuthManager;Xbox Live Auth Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 XblGameSave;Xbox Live Game Save;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\drivers\xboxgip.sys [2017-3-15 216576]
S3 XboxNetApiSvc;XboxNetApiSvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xinputhid;XINPUT HID Filter Driver;c:\windows\system32\drivers\xinputhid.sys [2016-9-25 34304]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
S4 shpamsvc;Shared PC Account Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S4 tzautoupdate;Auto Time Zone Updater;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-04-15 04:44:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2017-04-11 22:52:55 3774464 ----a-w- c:\windows\system32\SettingsHandlers_nt.dll
2017-04-05 00:38:18 232016 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2017-04-05 00:38:18 232016 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2017-03-18 16:56:59 -------- d-----w- c:\users\owner\appdata\local\Quicken_Inc
2017-03-18 16:33:54 7280072 ----a-w- c:\windows\system32\cdintf500.dll
2017-03-17 00:05:49 527816 ----a-w- c:\program files\mozilla firefox\minidump-analyzer.exe
.
==================== Find3M ====================
.
2017-04-15 12:46:16 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-01 18:52:38 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- c:\windows\system32\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- c:\windows\system32\atmfd.dll
2017-03-28 06:59:06 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:21:41 890984 ----a-w- c:\windows\system32\winresume.efi
2017-03-28 06:21:27 167848 ----a-w- c:\windows\system32\wscapi.dll
2017-03-28 06:20:03 1725136 ----a-w- c:\windows\system32\KernelBase.dll
2017-03-28 06:19:36 5999968 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-03-28 06:19:26 601712 ----a-w- c:\windows\system32\oleaut32.dll
2017-03-28 06:15:53 2048496 ----a-w- c:\windows\system32\CoreUIComponents.dll
2017-03-28 06:14:35 583136 ----a-w- c:\windows\system32\CoreMessaging.dll
2017-03-28 06:13:10 950624 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-03-28 06:07:35 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
2017-03-28 06:05:23 1896800 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-03-28 06:05:16 342880 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-03-28 06:05:07 1504056 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-03-28 06:04:58 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:53 136032 ----a-w- c:\windows\system32\CloudExperienceHostUser.dll
2017-03-28 06:04:38 5721808 ----a-w- c:\windows\system32\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- c:\windows\system32\LicenseManager.dll
2017-03-28 06:02:55 576408 ----a-w- c:\windows\system32\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- c:\windows\system32\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- c:\windows\system32\WinTypes.dll
2017-03-28 05:59:49 80224 ----a-w- c:\windows\system32\rdpudd.dll
2017-03-28 05:59:11 6667520 ----a-w- c:\windows\system32\Windows.Media.Protection.PlayReady.dll
2017-03-28 05:59:01 4023008 ----a-w- c:\windows\system32\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- c:\windows\system32\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- c:\windows\system32\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- c:\windows\system32\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2017-03-28 05:58:34 240992 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2017-03-28 05:58:27 961192 ----a-w- c:\windows\system32\ole32.dll
2017-03-28 05:58:04 125792 ----a-w- c:\windows\system32\CloudExperienceHostBroker.dll
2017-03-28 05:58:03 198496 ----a-w- c:\windows\system32\CloudExperienceHost.dll
2017-03-28 05:53:54 545944 ----a-w- c:\windows\system32\fontdrvhost.exe
2017-03-28 05:53:53 1412128 ----a-w- c:\windows\system32\gdi32full.dll
2017-03-28 05:52:22 1966944 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-03-28 05:52:00 306800 ----a-w- c:\windows\system32\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
2017-03-28 05:45:46 281088 ----a-w- c:\windows\system32\RDXTaskFactory.dll
2017-03-28 05:42:28 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- c:\windows\system32\usoapi.dll
2017-03-28 05:41:51 26112 ----a-w- c:\windows\system32\odbcconf.dll
2017-03-28 05:41:48 31232 ----a-w- c:\windows\system32\drivers\BasicRender.sys
2017-03-28 05:40:53 37376 ----a-w- c:\windows\system32\atmlib.dll
2017-03-28 05:40:27 46080 ----a-w- c:\windows\system32\drivers\BasicDisplay.sys
2017-03-28 05:40:19 224256 ----a-w- c:\windows\system32\ExSMime.dll
2017-03-28 05:40:13 42496 ----a-w- c:\windows\system32\musdialoghandlers.dll
2017-03-28 05:39:48 141824 ----a-w- c:\windows\system32\Windows.Devices.Radios.dll
2017-03-28 05:39:46 186880 ----a-w- c:\windows\system32\RdpRelayTransport.dll
2017-03-28 05:39:43 123392 ----a-w- c:\windows\system32\dmcertinst.exe
2017-03-28 05:39:23 85504 ----a-w- c:\windows\system32\Family.Authentication.dll
2017-03-28 05:39:22 199168 ----a-w- c:\windows\system32\MusNotification.exe
2017-03-28 05:39:19 166400 ----a-w- c:\windows\system32\dafpos.dll
2017-03-28 05:39:17 40960 ----a-w- c:\windows\system32\TokenBrokerUI.dll
2017-03-28 05:38:17 584192 ----a-w- c:\windows\system32\UIRibbonRes.dll
2017-03-28 05:38:05 156672 ----a-w- c:\windows\system32\UserDeviceRegistration.dll
2017-03-28 05:38:03 79360 ----a-w- c:\windows\system32\MusNotificationUx.exe
2017-03-28 05:37:58 138240 ----a-w- c:\windows\system32\DisplayManager.dll
2017-03-28 05:37:47 177664 ----a-w- c:\windows\system32\Windows.Web.Diagnostics.dll
2017-03-28 05:37:46 123904 ----a-w- c:\windows\system32\Windows.Networking.HostName.dll
2017-03-28 05:37:29 215552 ----a-w- c:\windows\system32\apds.dll
2017-03-28 05:37:19 255488 ----a-w- c:\windows\system32\unimdm.tsp
2017-03-28 05:36:49 136192 ----a-w- c:\windows\system32\WinRtTracing.dll
2017-03-28 05:36:42 94208 ----a-w- c:\windows\system32\Windows.StateRepositoryClient.dll
2017-03-28 05:36:38 87040 ----a-w- c:\windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-28 05:36:34 129024 ----a-w- c:\windows\system32\Windows.Devices.SerialCommunication.dll
2017-03-28 05:36:33 59904 ----a-w- c:\windows\system32\Windows.System.UserDeviceAssociation.dll
2017-03-28 05:36:27 330752 ----a-w- c:\windows\system32\aadcloudap.dll
2017-03-28 05:34:43 299520 ----a-w- c:\windows\system32\UserDataAccountApis.dll
2017-03-28 05:34:38 271872 ----a-w- c:\windows\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-28 05:34:37 216576 ----a-w- c:\windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-28 05:34:32 237568 ----a-w- c:\windows\system32\SyncSettings.dll
2017-03-28 05:34:15 222720 ----a-w- c:\windows\system32\NetworkBindingEngineMigPlugin.dll
2017-03-28 05:34:08 417280 ----a-w- c:\windows\system32\MusUpdateHandlers.dll
2017-03-28 05:34:07 115712 ----a-w- c:\windows\system32\Windows.ApplicationModel.Core.dll
2017-03-28 05:34:01 117760 ----a-w- c:\windows\system32\AuthBroker.dll
2017-03-28 05:33:59 557568 ----a-w- c:\windows\system32\StoreAgent.dll
2017-03-28 05:33:06 483840 ----a-w- c:\windows\system32\Windows.Devices.AllJoyn.dll
2017-03-28 05:33:02 670208 ----a-w- c:\windows\system32\Windows.Devices.PointOfService.dll
2017-03-28 05:33:02 609280 ----a-w- c:\windows\system32\Windows.Media.Import.dll
2017-03-28 05:31:59 332800 ----a-w- c:\windows\system32\Windows.Cortana.Desktop.dll
2017-03-28 05:31:51 431616 ----a-w- c:\windows\system32\efswrt.dll
2017-03-28 05:31:51 390656 ----a-w- c:\windows\system32\CredProvDataModel.dll
2017-03-28 05:31:46 273920 ----a-w- c:\windows\system32\PrintDialogs3D.dll
2017-03-28 05:31:43 498688 ----a-w- c:\windows\system32\mbsmsapi.dll
2017-03-28 05:31:38 728064 ----a-w- c:\windows\system32\enterprisecsps.dll
2017-03-28 05:30:59 517632 ----a-w- c:\windows\system32\FlightSettings.dll
2017-03-28 05:30:59 262144 ----a-w- c:\windows\system32\Windows.Devices.Picker.dll
2017-03-28 05:30:24 787968 ----a-w- c:\windows\system32\sbe.dll
2017-03-28 05:30:10 816640 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2017-03-28 05:30:09 846336 ----a-w- c:\windows\system32\WebcamUi.dll
2017-03-28 05:30:02 75264 ----a-w- c:\windows\system32\updatepolicy.dll
2017-03-28 05:29:50 529920 ----a-w- c:\windows\system32\StructuredQuery.dll
2017-03-28 05:29:44 747520 ----a-w- c:\windows\system32\Windows.Media.Ocr.dll
.
============= FINISH: 7:29:48.58 ===============
Here are the . DDS logs
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.101.2
Run by Owner at 7:28:10 on 2017-04-15
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.2005.1127 [GMT -6:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - c:\program files\intel security\true key\msie\truekey_ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_101\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_101\bin\jp2ssv.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - c:\program files\intel security\true key\msie\truekey_ie.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Dropbox Update] "c:\users\owner\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [OneDrive] "c:\users\owner\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [iCloudServices] "c:\program files\common files\apple\internet services\iCloudServices.exe"
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvLaunch.exe" /gui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.11.523\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{30e2b29c-cd72-4dea-8c4e-a51cf9117d04} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli c:\program files\truekey\McAfeeTrueKeyPasswordFilter
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\57.0.2987.133\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\hi7x2ycl.default\
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1228198.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_22_0_0_209.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_25_0_0_127.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2016-7-16 42520]
R0 iorate;iorate;c:\windows\system32\drivers\iorate.sys [2016-11-8 42336]
R0 volume;Volume driver;c:\windows\system32\drivers\volume.sys [2016-7-16 14176]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;c:\windows\system32\drivers\WindowsTrustedRT.sys [2016-7-16 86040]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;c:\windows\system32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 15384]
R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2016-9-25 173408]
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-10-28 188928]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-29 31064]
R1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2016-3-17 388488]
R2 CoreMessagingRegistrar;CoreMessaging;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 38792]
R2 tiledatamodelsvc;Tile Data model server;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R2 UserManager;User Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
R3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
R3 iaStorAV;Intel(R) SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2016-7-16 524640]
R3 LSI_SAS2i;LSI_SAS2i;c:\windows\system32\drivers\lsi_sas2i.sys [2016-7-16 89952]
R3 LSI_SAS3i;LSI_SAS3i;c:\windows\system32\drivers\lsi_sas3i.sys [2016-7-16 85856]
R3 megasas2i;megasas2i;c:\windows\system32\drivers\MegaSas2i.sys [2016-10-11 56672]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2016-7-16 15872]
R3 percsas2i;percsas2i;c:\windows\system32\drivers\percsas2i.sys [2016-7-16 51552]
R3 percsas3i;percsas3i;c:\windows\system32\drivers\percsas3i.sys [2016-7-16 54624]
R3 rt640x86;Realtek RT640 NT Driver;c:\windows\system32\drivers\rt640x86.sys [2016-7-16 494080]
R3 StateRepository;State Repository Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
R3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2016-7-16 66912]
R3 storufs;Microsoft Universal Flash Storage (UFS) Driver;c:\windows\system32\drivers\storufs.sys [2016-7-16 26976]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-3-15 255184]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-3 764064]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-3 472760]
S1 FileCrypt;FileCrypt;c:\windows\system32\drivers\filecrypt.sys [2016-7-16 77312]
S1 GpuEnergyDrv;GPU Energy Driver;c:\windows\system32\drivers\gpuenergydrv.sys [2016-7-16 7680]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-3 106904]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-2-20 118800]
S2 avast! Antivirus;Avast Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2017-4-5 261712]
S2 avast! Firewall;Avast Firewall Service;c:\program files\alwil software\avast5\afwServ.exe [2017-4-5 310496]
S2 CDPSvc;Connected Devices Platform Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S2 CDPUserSvc_18d5c;CDPUserSvc_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S2 clreg;Virtual Registry for Containers;c:\windows\system32\drivers\registry.sys [2016-7-16 58368]
S2 DiagTrack;Connected User Experiences and Telemetry;c:\windows\system32\svchost.exe -k utcsvc [2016-7-16 38792]
S2 DoSvc;Delivery Optimization;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-5-19 1436192]
S2 InstallerService;Service Installer TrueKey;c:\program files\truekey\mcafee.truekey.installerservice.exe -originalversion 4.4.127.0 --> c:\program files\truekey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S2 MapsBroker;Downloaded Maps Manager;c:\windows\system32\svchost.exe -k NetworkService [2016-7-16 38792]
S2 OneSyncSvc_18d5c;Sync Host_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2017-2-27 317400]
S2 storqosflt;Storage QoS Filter Driver;c:\windows\system32\drivers\storqosflt.sys [2016-7-16 62976]
S2 TrueKey;Intel Security True Key;c:\program files\truekey\McAfee.TrueKey.Service.exe [2017-4-14 997360]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\truekey\McTkSchedulerService.exe [2017-1-20 17304]
S2 wcifs;Windows Container Isolation;c:\windows\system32\drivers\wcifs.sys [2016-9-29 95072]
S2 wcnfs;Windows Container Name Virtualization;c:\windows\system32\drivers\wcnfs.sys [2016-7-16 52736]
S2 WpnService;Windows Push Notifications System Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 AcpiDev;ACPI Devices driver;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
S3 AJRouter;AllJoyn Router Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 applockerfltr;Smartlocker Filter Driver;c:\windows\system32\drivers\applockerfltr.sys [2016-7-16 12288]
S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2016-7-16 38792]
S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\alwil software\avast5\aswidsagent.exe [2017-4-5 5758120]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2014-4-29 34136]
S3 bcmfn;bcmfn Service;c:\windows\system32\drivers\bcmfn.sys [2016-7-16 8192]
S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2016-7-16 8192]
S3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 38792]
S3 buttonconverter;Service for Portable Device Control devices;c:\windows\system32\drivers\buttonconverter.sys [2016-7-16 27648]
S3 CapImg;HID driver for CapImg touch screen;c:\windows\system32\drivers\capimg.sys [2016-10-28 97792]
S3 ClipSVC;Client License Service (ClipSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
S3 DcpSvc;DataCollectionPublishingService;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DevQueryBroker;DevQuery Background Discovery Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;c:\windows\system32\diagsvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 69632]
S3 DmEnrollmentSvc;Device Management Enrollment Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 dmwappushservice;dmwappushsvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 DsSvc;Data Sharing Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 embeddedmode;Embedded Mode;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 EntAppSvc;Enterprise App Management Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 FrameServer;Windows Camera Frame Server;c:\windows\system32\svchost.exe -k Camera [2016-7-16 38792]
S3 genericusbfn;Generic USB Function Class;c:\windows\system32\drivers\genericusbfn.sys [2016-7-16 17920]
S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2016-7-16 22016]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;c:\windows\system32\drivers\hidinterrupt.sys [2016-7-16 38240]
S3 iagpio;Intel Serial IO GPIO Controller Driver;c:\windows\system32\drivers\iagpio.sys [2016-7-16 25600]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;c:\windows\system32\drivers\iai2c.sys [2016-7-16 66560]
S3 iaioi2c;Intel(R) Atom(TM) Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2016-7-16 61936]
S3 icssvc;Windows Mobile Hotspot Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;c:\windows\system32\drivers\IndirectKmd.sys [2016-7-16 30208]
S3 lfsvc;Geolocation Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 LicenseManager;Windows License Manager Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.11.523\McCHSvc.exe [2017-3-20 321768]
S3 MessagingService_18d5c;MessagingService_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;c:\windows\system32\drivers\NetAdapterCx.sys [2016-7-16 62976]
S3 NetSetupSvc;Network Setup Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 NgcCtnrSvc;Microsoft Passport Container;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 NgcSvc;Microsoft Passport;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 PhoneSvc;Phone Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 PimIndexMaintenanceSvc_18d5c;Contact Data_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 RetailDemo;Retail Demo Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 SensorDataService;Sensor Data Service;c:\windows\system32\SensorDataService.exe [2017-3-15 894976]
S3 SensorService;Sensor Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2016-7-16 117600]
S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2016-7-16 38792]
S3 SmsRouter;Microsoft Windows SMS Router Service.;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 TieringEngineService;Storage Tiers Management;c:\windows\system32\TieringEngineService.exe [2016-7-16 253440]
S3 TimeBrokerSvc;Time Broker;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
S3 TrueKeyServiceHelper;Intel Security True Key Helper Service;c:\program files\truekey\McAfee.TrueKey.ServiceHelper.exe [2017-4-14 73968]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;c:\windows\system32\drivers\UcmCx.sys [2016-7-16 68608]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;c:\windows\system32\drivers\UcmTcpciCx.sys [2016-7-16 76800]
S3 UcmUcsi;USB Connector Manager UCSI Client;c:\windows\system32\drivers\UcmUcsi.sys [2016-7-16 35840]
S3 UdeCx;USB Device Emulation Support Library;c:\windows\system32\drivers\Udecx.sys [2016-7-16 33280]
S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2016-7-16 23392]
S3 Ufx01000;USB Function Class Extension;c:\windows\system32\drivers\ufx01000.sys [2016-7-16 205152]
S3 UfxChipidea;USB Chipidea Controller;c:\windows\system32\drivers\UfxChipidea.sys [2016-7-16 75616]
S3 ufxsynopsys;USB Synopsys Controller;c:\windows\system32\drivers\ufxsynopsys.sys [2016-7-16 107360]
S3 UnistoreSvc_18d5c;User Data Storage_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;c:\windows\system32\drivers\urschipidea.sys [2016-7-16 22880]
S3 UrsCx01000;USB Role-Switch Support Library;c:\windows\system32\drivers\urscx01000.sys [2016-7-16 42336]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;c:\windows\system32\drivers\urssynopsys.sys [2016-7-16 21856]
S3 UserDataSvc_18d5c;User Data Access_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 UsoSvc;Update Orchestrator Service for Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 vhf;Virtual HID Framework (VHF) Driver;c:\windows\system32\drivers\vhf.sys [2016-7-16 24064]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;c:\windows\system32\drivers\vmgid.sys [2016-7-16 8704]
S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
S3 w3logsvc;W3C Logging Service;c:\windows\system32\svchost.exe -k apphost [2016-7-16 38792]
S3 WalletService;WalletService;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
S3 wdiwifi;WDI Driver Framework;c:\windows\system32\drivers\WdiWiFi.sys [2017-3-15 518656]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2016-7-16 100192]
S3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2017-4-11 271496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2016-7-16 38792]
S3 wisvc;Windows Insider Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
S3 WpnUserService_18d5c;Windows Push Notifications User Service_18d5c;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2016-7-16 161280]
S3 XblAuthManager;Xbox Live Auth Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 XblGameSave;Xbox Live Game Save;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\drivers\xboxgip.sys [2017-3-15 216576]
S3 XboxNetApiSvc;XboxNetApiSvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S3 xinputhid;XINPUT HID Filter Driver;c:\windows\system32\drivers\xinputhid.sys [2016-9-25 34304]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
S4 shpamsvc;Shared PC Account Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
S4 tzautoupdate;Auto Time Zone Updater;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-04-15 04:44:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2017-04-11 22:52:55 3774464 ----a-w- c:\windows\system32\SettingsHandlers_nt.dll
2017-04-05 00:38:18 232016 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2017-04-05 00:38:18 232016 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2017-03-18 16:56:59 -------- d-----w- c:\users\owner\appdata\local\Quicken_Inc
2017-03-18 16:33:54 7280072 ----a-w- c:\windows\system32\cdintf500.dll
2017-03-17 00:05:49 527816 ----a-w- c:\program files\mozilla firefox\minidump-analyzer.exe
.
==================== Find3M ====================
.
2017-04-15 12:46:16 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-01 18:52:38 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- c:\windows\system32\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- c:\windows\system32\atmfd.dll
2017-03-28 06:59:06 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:21:41 890984 ----a-w- c:\windows\system32\winresume.efi
2017-03-28 06:21:27 167848 ----a-w- c:\windows\system32\wscapi.dll
2017-03-28 06:20:03 1725136 ----a-w- c:\windows\system32\KernelBase.dll
2017-03-28 06:19:36 5999968 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-03-28 06:19:26 601712 ----a-w- c:\windows\system32\oleaut32.dll
2017-03-28 06:15:53 2048496 ----a-w- c:\windows\system32\CoreUIComponents.dll
2017-03-28 06:14:35 583136 ----a-w- c:\windows\system32\CoreMessaging.dll
2017-03-28 06:13:10 950624 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-03-28 06:07:35 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
2017-03-28 06:05:23 1896800 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-03-28 06:05:16 342880 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-03-28 06:05:07 1504056 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-03-28 06:04:58 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:53 136032 ----a-w- c:\windows\system32\CloudExperienceHostUser.dll
2017-03-28 06:04:38 5721808 ----a-w- c:\windows\system32\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- c:\windows\system32\LicenseManager.dll
2017-03-28 06:02:55 576408 ----a-w- c:\windows\system32\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- c:\windows\system32\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- c:\windows\system32\WinTypes.dll
2017-03-28 05:59:49 80224 ----a-w- c:\windows\system32\rdpudd.dll
2017-03-28 05:59:11 6667520 ----a-w- c:\windows\system32\Windows.Media.Protection.PlayReady.dll
2017-03-28 05:59:01 4023008 ----a-w- c:\windows\system32\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- c:\windows\system32\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- c:\windows\system32\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- c:\windows\system32\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2017-03-28 05:58:34 240992 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2017-03-28 05:58:27 961192 ----a-w- c:\windows\system32\ole32.dll
2017-03-28 05:58:04 125792 ----a-w- c:\windows\system32\CloudExperienceHostBroker.dll
2017-03-28 05:58:03 198496 ----a-w- c:\windows\system32\CloudExperienceHost.dll
2017-03-28 05:53:54 545944 ----a-w- c:\windows\system32\fontdrvhost.exe
2017-03-28 05:53:53 1412128 ----a-w- c:\windows\system32\gdi32full.dll
2017-03-28 05:52:22 1966944 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-03-28 05:52:00 306800 ----a-w- c:\windows\system32\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
2017-03-28 05:45:46 281088 ----a-w- c:\windows\system32\RDXTaskFactory.dll
2017-03-28 05:42:28 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- c:\windows\system32\usoapi.dll
2017-03-28 05:41:51 26112 ----a-w- c:\windows\system32\odbcconf.dll
2017-03-28 05:41:48 31232 ----a-w- c:\windows\system32\drivers\BasicRender.sys
2017-03-28 05:40:53 37376 ----a-w- c:\windows\system32\atmlib.dll
2017-03-28 05:40:27 46080 ----a-w- c:\windows\system32\drivers\BasicDisplay.sys
2017-03-28 05:40:19 224256 ----a-w- c:\windows\system32\ExSMime.dll
2017-03-28 05:40:13 42496 ----a-w- c:\windows\system32\musdialoghandlers.dll
2017-03-28 05:39:48 141824 ----a-w- c:\windows\system32\Windows.Devices.Radios.dll
2017-03-28 05:39:46 186880 ----a-w- c:\windows\system32\RdpRelayTransport.dll
2017-03-28 05:39:43 123392 ----a-w- c:\windows\system32\dmcertinst.exe
2017-03-28 05:39:23 85504 ----a-w- c:\windows\system32\Family.Authentication.dll
2017-03-28 05:39:22 199168 ----a-w- c:\windows\system32\MusNotification.exe
2017-03-28 05:39:19 166400 ----a-w- c:\windows\system32\dafpos.dll
2017-03-28 05:39:17 40960 ----a-w- c:\windows\system32\TokenBrokerUI.dll
2017-03-28 05:38:17 584192 ----a-w- c:\windows\system32\UIRibbonRes.dll
2017-03-28 05:38:05 156672 ----a-w- c:\windows\system32\UserDeviceRegistration.dll
2017-03-28 05:38:03 79360 ----a-w- c:\windows\system32\MusNotificationUx.exe
2017-03-28 05:37:58 138240 ----a-w- c:\windows\system32\DisplayManager.dll
2017-03-28 05:37:47 177664 ----a-w- c:\windows\system32\Windows.Web.Diagnostics.dll
2017-03-28 05:37:46 123904 ----a-w- c:\windows\system32\Windows.Networking.HostName.dll
2017-03-28 05:37:29 215552 ----a-w- c:\windows\system32\apds.dll
2017-03-28 05:37:19 255488 ----a-w- c:\windows\system32\unimdm.tsp
2017-03-28 05:36:49 136192 ----a-w- c:\windows\system32\WinRtTracing.dll
2017-03-28 05:36:42 94208 ----a-w- c:\windows\system32\Windows.StateRepositoryClient.dll
2017-03-28 05:36:38 87040 ----a-w- c:\windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-28 05:36:34 129024 ----a-w- c:\windows\system32\Windows.Devices.SerialCommunication.dll
2017-03-28 05:36:33 59904 ----a-w- c:\windows\system32\Windows.System.UserDeviceAssociation.dll
2017-03-28 05:36:27 330752 ----a-w- c:\windows\system32\aadcloudap.dll
2017-03-28 05:34:43 299520 ----a-w- c:\windows\system32\UserDataAccountApis.dll
2017-03-28 05:34:38 271872 ----a-w- c:\windows\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-28 05:34:37 216576 ----a-w- c:\windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-28 05:34:32 237568 ----a-w- c:\windows\system32\SyncSettings.dll
2017-03-28 05:34:15 222720 ----a-w- c:\windows\system32\NetworkBindingEngineMigPlugin.dll
2017-03-28 05:34:08 417280 ----a-w- c:\windows\system32\MusUpdateHandlers.dll
2017-03-28 05:34:07 115712 ----a-w- c:\windows\system32\Windows.ApplicationModel.Core.dll
2017-03-28 05:34:01 117760 ----a-w- c:\windows\system32\AuthBroker.dll
2017-03-28 05:33:59 557568 ----a-w- c:\windows\system32\StoreAgent.dll
2017-03-28 05:33:06 483840 ----a-w- c:\windows\system32\Windows.Devices.AllJoyn.dll
2017-03-28 05:33:02 670208 ----a-w- c:\windows\system32\Windows.Devices.PointOfService.dll
2017-03-28 05:33:02 609280 ----a-w- c:\windows\system32\Windows.Media.Import.dll
2017-03-28 05:31:59 332800 ----a-w- c:\windows\system32\Windows.Cortana.Desktop.dll
2017-03-28 05:31:51 431616 ----a-w- c:\windows\system32\efswrt.dll
2017-03-28 05:31:51 390656 ----a-w- c:\windows\system32\CredProvDataModel.dll
2017-03-28 05:31:46 273920 ----a-w- c:\windows\system32\PrintDialogs3D.dll
2017-03-28 05:31:43 498688 ----a-w- c:\windows\system32\mbsmsapi.dll
2017-03-28 05:31:38 728064 ----a-w- c:\windows\system32\enterprisecsps.dll
2017-03-28 05:30:59 517632 ----a-w- c:\windows\system32\FlightSettings.dll
2017-03-28 05:30:59 262144 ----a-w- c:\windows\system32\Windows.Devices.Picker.dll
2017-03-28 05:30:24 787968 ----a-w- c:\windows\system32\sbe.dll
2017-03-28 05:30:10 816640 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2017-03-28 05:30:09 846336 ----a-w- c:\windows\system32\WebcamUi.dll
2017-03-28 05:30:02 75264 ----a-w- c:\windows\system32\updatepolicy.dll
2017-03-28 05:29:50 529920 ----a-w- c:\windows\system32\StructuredQuery.dll
2017-03-28 05:29:44 747520 ----a-w- c:\windows\system32\Windows.Media.Ocr.dll
.
============= FINISH: 7:29:48.58 ===============