I was doing a normal monthly online scan and found malware.
Windows defender won't turn on now also.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by 93 at 11:52:24 on 2017-10-21
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.7105.4007 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Sandboxie\SbieSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\svchost.exe -k networkservice -s TapiSrv
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\WINDOWS\system32\fxssvc.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.pugetsystems.com/welcome.php?oid=117561
uLocal Page = %11%\blank.htm
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall 17.3.6966.0824\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64"
uRunOnce: [Uninstall 17.3.6966.0824] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{dbb5ab4c-4765-46c1-8ced-39aa33d4c16e} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{ef0754b1-f733-49e6-aaff-90432a3d9c36} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\it167470.default\
FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\WINDOWS\System32\Macromed\Flash\NPSWF64_27_0_0_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-7-23 77440]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R1 MpKsl013e1eba;MpKsl013e1eba;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys [2017-10-13 58120]
R1 MpKsl0becec6c;MpKsl0becec6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys [2017-10-13 58120]
R1 MpKsl0dde1adb;MpKsl0dde1adb;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys [2017-10-11 58120]
R1 MpKsl2114210e;MpKsl2114210e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys [2017-10-14 58120]
R1 MpKsl2f680faf;MpKsl2f680faf;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys [2017-10-16 58120]
R1 MpKsl4a019c94;MpKsl4a019c94;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys [2017-10-16 58120]
R1 MpKsl5577933f;MpKsl5577933f;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys [2017-10-19 58120]
R1 MpKsl5b8f605b;MpKsl5b8f605b;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys [2017-10-13 58120]
R1 MpKsl5f721d8e;MpKsl5f721d8e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys [2017-10-18 58120]
R1 MpKsl719291b1;MpKsl719291b1;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys [2017-10-18 58120]
R1 MpKsl8c42b6b0;MpKsl8c42b6b0;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys [2017-10-14 58120]
R1 MpKsl9ed82714;MpKsl9ed82714;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys [2017-10-14 58120]
R1 MpKslaa5c3cda;MpKslaa5c3cda;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys [2017-10-20 58120]
R1 MpKslac23430e;MpKslac23430e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys [2017-10-20 58120]
R1 MpKslc46a7c3a;MpKslc46a7c3a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys [2017-10-19 58120]
R1 MpKslc523f3f5;MpKslc523f3f5;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys [2017-10-14 58120]
R1 MpKsld8bd337a;MpKsld8bd337a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys [2017-10-20 58120]
R1 MpKsldeacfa6c;MpKsldeacfa6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys [2017-10-19 58120]
R1 MpKslfc82725d;MpKslfc82725d;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys [2017-10-18 58120]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-9-7 83768]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2017-9-14 936728]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_1bcc4d4;Connected Devices Platform User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-11-1 373744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2017-10-14 192952]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-7-23 6058960]
R2 OneSyncSvc_1bcc4d4;Sync Host_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-10 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_1bcc4d4;Windows Push Notifications User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d62x64.sys [2017-4-25 534512]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-10-14 110016]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-10-14 45504]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2017-10-14 252232]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-10-14 94144]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 PimIndexMaintenanceSvc_1bcc4d4;Contact Data_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2017-6-5 207496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UnistoreSvc_1bcc4d4;User Data Storage_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_1bcc4d4;User Data Access_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-14 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_1bcc4d4;DevicesFlow_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_1bcc4d4;MessagingService_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-10 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu.sys [2017-3-18 5707264]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-14 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-9-14 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-10 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-10 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-10-21 14:45:47 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FD3F768-0149-4600-A98D-2FEED3FE3895}\mpengine.dll
2017-10-21 13:13:54 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-10-20 20:59:23 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys
2017-10-20 12:22:19 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys
2017-10-20 10:05:05 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys
2017-10-19 20:31:57 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys
2017-10-19 13:33:05 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys
2017-10-19 12:10:52 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys
2017-10-18 20:20:31 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys
2017-10-18 14:27:38 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys
2017-10-18 12:24:12 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys
2017-10-17 05:43:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys
2017-10-17 00:40:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys
2017-10-14 23:59:54 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys
2017-10-14 23:50:59 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys
2017-10-14 21:27:17 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys
2017-10-14 13:40:57 192952 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2017-10-14 13:40:56 94144 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-10-14 13:40:56 110016 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-10-14 13:40:53 45504 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-10-14 13:40:50 252232 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2017-10-14 12:55:09 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys
2017-10-14 02:47:56 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys
2017-10-13 19:49:01 18896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\qipcap64.dll
2017-10-13 13:52:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys
2017-10-13 07:49:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys
2017-10-11 21:04:36 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys
2017-10-11 12:30:59 126925120 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-10-11 12:05:26 5304496 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2017-10-11 12:04:59 8333312 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2017-09-29 03:19:52 1057976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9124BC07-F8E7-414E-95EF-0E0CE6E41FEE}\gapaengine.dll
2017-09-25 17:34:36 -------- d-----w- C:\Program Files\iPod
2017-09-25 17:34:05 -------- d---a-w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2017-10-21 17:12:16 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-13 00:21:46 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-10-13 00:21:46 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-10-11 13:46:23 230400 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-10-11 13:46:23 207872 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-10-04 20:15:42 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-09-30 05:52:01 1595152 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-09-30 05:51:44 1458320 ----a-w- C:\WINDOWS\System32\msctf.dll
2017-09-30 05:51:12 1147288 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-09-30 05:50:48 1068208 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2017-09-30 05:50:46 1024920 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-09-30 05:50:44 1346112 ----a-w- C:\WINDOWS\System32\user32.dll
2017-09-30 05:49:44 777400 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-09-30 05:49:27 135576 ----a-w- C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-30 05:49:25 1004136 ----a-w- C:\WINDOWS\System32\ucrtbase.dll
2017-09-30 05:48:27 644696 ----a-w- C:\WINDOWS\System32\advapi32.dll
2017-09-30 05:48:26 2399728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-09-30 05:48:12 8319384 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-09-30 05:48:04 2327448 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-09-30 05:47:28 1194792 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2017-09-30 05:47:05 2969880 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-30 05:45:54 511896 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2017-09-30 05:44:52 181912 ----a-w- C:\WINDOWS\System32\sspicli.dll
2017-09-30 05:44:03 712600 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-09-30 05:43:49 2442136 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-30 05:43:47 7318888 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-09-30 05:42:43 4848952 ----a-w- C:\WINDOWS\explorer.exe
2017-09-30 05:42:08 1506712 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-09-30 05:42:03 820120 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-09-30 05:41:48 259400 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2017-09-30 05:41:48 228248 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-30 05:41:47 961944 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-09-30 05:41:45 651672 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2017-09-30 05:41:44 5477600 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-30 05:41:35 257432 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-30 05:41:11 654976 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-30 05:41:00 2086808 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2017-09-30 05:40:49 642680 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-09-30 05:40:45 184728 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2017-09-30 05:40:44 724704 ----a-w- C:\WINDOWS\System32\wer.dll
2017-09-30 05:40:38 336320 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2017-09-30 05:40:33 408984 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-09-30 05:40:29 72944 ----a-w- C:\WINDOWS\System32\easinvoker.exe
2017-09-30 05:40:13 558912 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.dll
2017-09-30 05:40:03 173976 ----a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
2017-09-30 05:39:45 203672 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-09-30 05:38:42 2239136 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-09-30 05:38:33 7910072 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-30 05:36:38 2672024 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-30 05:36:28 57976 ----a-w- C:\WINDOWS\System32\lsass.exe
2017-09-30 02:29:54 1408536 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-09-30 02:29:46 804784 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2017-09-30 02:26:30 1292872 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2017-09-30 02:26:24 1333136 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2017-09-30 02:10:34 480920 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2017-09-30 02:10:20 606072 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-09-30 02:10:14 1839872 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-30 02:10:08 1150776 ----a-w- C:\WINDOWS\SysWow64\ucrtbase.dll
2017-09-30 02:09:16 2259760 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-30 02:09:02 787712 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2017-09-30 02:06:28 4471368 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-09-30 02:05:47 750488 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-30 02:05:45 5827744 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-30 02:05:39 559000 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-09-30 02:05:36 1266544 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-09-30 02:05:34 2603744 ----a-w- C:\WINDOWS\SysWow64\OneCoreUAPCommonProxyStub.dll
2017-09-30 02:04:52 612120 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-09-30 02:04:50 4215184 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2017-09-30 02:04:45 347544 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-09-30 02:04:39 438096 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
2017-09-30 02:04:17 519680 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-30 02:04:13 182680 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-30 02:03:27 6768288 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-30 02:03:17 1439032 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-09-30 02:02:53 175512 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-09-30 02:01:54 124544 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2017-09-29 07:46:30 23678976 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-09-29 07:45:00 2953216 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-09-29 07:44:19 133120 ----a-w- C:\WINDOWS\SysWow64\t2embed.dll
2017-09-29 07:43:14 2199552 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-09-29 07:43:07 142336 ----a-w- C:\WINDOWS\SysWow64\smartscreenps.dll
2017-09-29 07:43:05 60928 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-09-29 07:42:56 18944 ----a-w- C:\WINDOWS\SysWow64\mgmtapi.dll
2017-09-29 07:41:56 13844992 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-09-29 07:41:50 50176 ----a-w- C:\WINDOWS\SysWow64\wbem\Win32_Tpm.dll
2017-09-29 07:41:09 110080 ----a-w- C:\WINDOWS\SysWow64\BitLockerCsp.dll
2017-09-29 07:40:57 6728192 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2017-09-29 07:40:50 371200 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-09-29 07:40:25 86528 ----a-w- C:\WINDOWS\SysWow64\updatepolicy.dll
2017-09-29 07:39:51 364032 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2017-09-29 07:39:01 20511232 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-09-29 07:38:55 471040 ----a-w- C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
2017-09-29 07:38:51 229376 ----a-w- C:\WINDOWS\SysWow64\scksp.dll
2017-09-29 07:38:35 1135616 ----a-r- C:\WINDOWS\SysWow64\icuuc.dll
2017-09-29 07:38:18 2671616 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-09-29 07:38:15 370688 ----a-w- C:\WINDOWS\SysWow64\FirewallAPI.dll
2017-09-29 07:38:11 463360 ----a-w- C:\WINDOWS\SysWow64\webio.dll
2017-09-29 07:38:03 5721600 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2017-09-29 07:38:03 308224 ----a-w- C:\WINDOWS\SysWow64\cryptngc.dll
2017-09-29 07:37:45 306688 ----a-w- C:\WINDOWS\SysWow64\Windows.Graphics.dll
.
============= FINISH: 11:53:09.68 ===============
Windows defender won't turn on now also.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by 93 at 11:52:24 on 2017-10-21
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.7105.4007 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Sandboxie\SbieSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\svchost.exe -k networkservice -s TapiSrv
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\WINDOWS\system32\fxssvc.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.pugetsystems.com/welcome.php?oid=117561
uLocal Page = %11%\blank.htm
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\93\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall 17.3.6966.0824\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64"
uRunOnce: [Uninstall 17.3.6966.0824] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\93\AppData\Local\Microsoft\OneDrive\17.3.6966.0824"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{dbb5ab4c-4765-46c1-8ced-39aa33d4c16e} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{ef0754b1-f733-49e6-aaff-90432a3d9c36} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\it167470.default\
FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\WINDOWS\System32\Macromed\Flash\NPSWF64_27_0_0_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-7-23 77440]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R1 MpKsl013e1eba;MpKsl013e1eba;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys [2017-10-13 58120]
R1 MpKsl0becec6c;MpKsl0becec6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys [2017-10-13 58120]
R1 MpKsl0dde1adb;MpKsl0dde1adb;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys [2017-10-11 58120]
R1 MpKsl2114210e;MpKsl2114210e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys [2017-10-14 58120]
R1 MpKsl2f680faf;MpKsl2f680faf;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys [2017-10-16 58120]
R1 MpKsl4a019c94;MpKsl4a019c94;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys [2017-10-16 58120]
R1 MpKsl5577933f;MpKsl5577933f;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys [2017-10-19 58120]
R1 MpKsl5b8f605b;MpKsl5b8f605b;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys [2017-10-13 58120]
R1 MpKsl5f721d8e;MpKsl5f721d8e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys [2017-10-18 58120]
R1 MpKsl719291b1;MpKsl719291b1;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys [2017-10-18 58120]
R1 MpKsl8c42b6b0;MpKsl8c42b6b0;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys [2017-10-14 58120]
R1 MpKsl9ed82714;MpKsl9ed82714;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys [2017-10-14 58120]
R1 MpKslaa5c3cda;MpKslaa5c3cda;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys [2017-10-20 58120]
R1 MpKslac23430e;MpKslac23430e;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys [2017-10-20 58120]
R1 MpKslc46a7c3a;MpKslc46a7c3a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys [2017-10-19 58120]
R1 MpKslc523f3f5;MpKslc523f3f5;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys [2017-10-14 58120]
R1 MpKsld8bd337a;MpKsld8bd337a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys [2017-10-20 58120]
R1 MpKsldeacfa6c;MpKsldeacfa6c;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys [2017-10-19 58120]
R1 MpKslfc82725d;MpKslfc82725d;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys [2017-10-18 58120]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-9-7 83768]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2017-9-14 936728]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_1bcc4d4;Connected Devices Platform User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-11-1 373744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2017-10-14 192952]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-7-23 6058960]
R2 OneSyncSvc_1bcc4d4;Sync Host_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-10 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_1bcc4d4;Windows Push Notifications User Service_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d62x64.sys [2017-4-25 534512]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-10-14 110016]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-10-14 45504]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2017-10-14 252232]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-10-14 94144]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 PimIndexMaintenanceSvc_1bcc4d4;Contact Data_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2017-6-5 207496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UnistoreSvc_1bcc4d4;User Data Storage_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_1bcc4d4;User Data Access_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-14 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_1bcc4d4;DevicesFlow_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_1bcc4d4;MessagingService_1bcc4d4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-10 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu.sys [2017-3-18 5707264]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-14 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-9-14 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-10 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-10 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-10-21 14:45:47 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FD3F768-0149-4600-A98D-2FEED3FE3895}\mpengine.dll
2017-10-21 13:13:54 13890840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-10-20 20:59:23 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA27733-2719-4D22-AAB2-2FADF7808401}\MpKslac23430e.sys
2017-10-20 12:22:19 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E465A86C-8691-45FC-8B0D-CD1A6E309E21}\MpKsld8bd337a.sys
2017-10-20 10:05:05 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKslaa5c3cda.sys
2017-10-19 20:31:57 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F6E261C-60F8-4C8A-9A3D-C6F8F6BEEC97}\MpKsl5577933f.sys
2017-10-19 13:33:05 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7B602DD-D8AC-4858-86AD-31A8335525C2}\MpKslc46a7c3a.sys
2017-10-19 12:10:52 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKsldeacfa6c.sys
2017-10-18 20:20:31 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD12840-A6F9-457B-8AFF-1CFEEA259D3B}\MpKslfc82725d.sys
2017-10-18 14:27:38 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41DAFD85-B896-4F27-917A-C81751E920B4}\MpKsl5f721d8e.sys
2017-10-18 12:24:12 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E132DDAD-B0FF-413F-B8C6-2F4E79C57904}\MpKsl719291b1.sys
2017-10-17 05:43:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D8B5CC-EB7B-4B0C-8F9A-9F283AEF6655}\MpKsl4a019c94.sys
2017-10-17 00:40:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2632593E-2296-45FD-9992-6EF87533DEF6}\MpKsl2f680faf.sys
2017-10-14 23:59:54 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{095309E2-92E9-4370-B212-DD8018D2C755}\MpKsl2114210e.sys
2017-10-14 23:50:59 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKslc523f3f5.sys
2017-10-14 21:27:17 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E9637AC-9C01-4D5A-A744-46FA07681841}\MpKsl9ed82714.sys
2017-10-14 13:40:57 192952 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2017-10-14 13:40:56 94144 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-10-14 13:40:56 110016 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-10-14 13:40:53 45504 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-10-14 13:40:50 252232 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2017-10-14 12:55:09 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D38BBEB8-9A6C-4775-8612-FB6A0401E950}\MpKsl8c42b6b0.sys
2017-10-14 02:47:56 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24438AFE-BF2F-456E-B4F9-EC5A70711CDD}\MpKsl0becec6c.sys
2017-10-13 19:49:01 18896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\qipcap64.dll
2017-10-13 13:52:30 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C17B88B-5A7A-403C-AF17-C1AB4DD1878A}\MpKsl013e1eba.sys
2017-10-13 07:49:27 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7D57E0-B77E-4184-B89E-960E919ED6F4}\MpKsl5b8f605b.sys
2017-10-11 21:04:36 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A90663-6AAD-47C2-88C6-DF5146CEB343}\MpKsl0dde1adb.sys
2017-10-11 12:30:59 126925120 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2017-10-11 12:05:26 5304496 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2017-10-11 12:04:59 8333312 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2017-09-29 03:19:52 1057976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9124BC07-F8E7-414E-95EF-0E0CE6E41FEE}\gapaengine.dll
2017-09-25 17:34:36 -------- d-----w- C:\Program Files\iPod
2017-09-25 17:34:05 -------- d---a-w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2017-10-21 17:12:16 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-13 00:21:46 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-10-13 00:21:46 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-10-11 13:46:23 230400 ----a-w- C:\WINDOWS\System32\msclmd.dll
2017-10-11 13:46:23 207872 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2017-10-04 20:15:42 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-09-30 05:52:01 1595152 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-09-30 05:51:44 1458320 ----a-w- C:\WINDOWS\System32\msctf.dll
2017-09-30 05:51:12 1147288 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-09-30 05:50:48 1068208 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2017-09-30 05:50:46 1024920 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-09-30 05:50:44 1346112 ----a-w- C:\WINDOWS\System32\user32.dll
2017-09-30 05:49:44 777400 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-09-30 05:49:27 135576 ----a-w- C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-30 05:49:25 1004136 ----a-w- C:\WINDOWS\System32\ucrtbase.dll
2017-09-30 05:48:27 644696 ----a-w- C:\WINDOWS\System32\advapi32.dll
2017-09-30 05:48:26 2399728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-09-30 05:48:12 8319384 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-09-30 05:48:04 2327448 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-09-30 05:47:28 1194792 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2017-09-30 05:47:05 2969880 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-30 05:45:54 511896 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2017-09-30 05:44:52 181912 ----a-w- C:\WINDOWS\System32\sspicli.dll
2017-09-30 05:44:03 712600 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-09-30 05:43:49 2442136 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-30 05:43:47 7318888 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-09-30 05:42:43 4848952 ----a-w- C:\WINDOWS\explorer.exe
2017-09-30 05:42:08 1506712 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-09-30 05:42:03 820120 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-09-30 05:41:48 259400 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2017-09-30 05:41:48 228248 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-30 05:41:47 961944 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-09-30 05:41:45 651672 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2017-09-30 05:41:44 5477600 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-30 05:41:35 257432 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-30 05:41:11 654976 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-30 05:41:00 2086808 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2017-09-30 05:40:49 642680 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-09-30 05:40:45 184728 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2017-09-30 05:40:44 724704 ----a-w- C:\WINDOWS\System32\wer.dll
2017-09-30 05:40:38 336320 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2017-09-30 05:40:33 408984 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-09-30 05:40:29 72944 ----a-w- C:\WINDOWS\System32\easinvoker.exe
2017-09-30 05:40:13 558912 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.dll
2017-09-30 05:40:03 173976 ----a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
2017-09-30 05:39:45 203672 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-09-30 05:38:42 2239136 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-09-30 05:38:33 7910072 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-30 05:36:38 2672024 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-30 05:36:28 57976 ----a-w- C:\WINDOWS\System32\lsass.exe
2017-09-30 02:29:54 1408536 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-09-30 02:29:46 804784 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2017-09-30 02:26:30 1292872 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2017-09-30 02:26:24 1333136 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2017-09-30 02:10:34 480920 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2017-09-30 02:10:20 606072 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-09-30 02:10:14 1839872 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-30 02:10:08 1150776 ----a-w- C:\WINDOWS\SysWow64\ucrtbase.dll
2017-09-30 02:09:16 2259760 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-30 02:09:02 787712 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2017-09-30 02:06:28 4471368 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-09-30 02:05:47 750488 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-30 02:05:45 5827744 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-30 02:05:39 559000 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-09-30 02:05:36 1266544 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-09-30 02:05:34 2603744 ----a-w- C:\WINDOWS\SysWow64\OneCoreUAPCommonProxyStub.dll
2017-09-30 02:04:52 612120 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-09-30 02:04:50 4215184 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2017-09-30 02:04:45 347544 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-09-30 02:04:39 438096 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
2017-09-30 02:04:17 519680 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-30 02:04:13 182680 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-30 02:03:27 6768288 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-30 02:03:17 1439032 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-09-30 02:02:53 175512 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-09-30 02:01:54 124544 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2017-09-29 07:46:30 23678976 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-09-29 07:45:00 2953216 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-09-29 07:44:19 133120 ----a-w- C:\WINDOWS\SysWow64\t2embed.dll
2017-09-29 07:43:14 2199552 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-09-29 07:43:07 142336 ----a-w- C:\WINDOWS\SysWow64\smartscreenps.dll
2017-09-29 07:43:05 60928 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-09-29 07:42:56 18944 ----a-w- C:\WINDOWS\SysWow64\mgmtapi.dll
2017-09-29 07:41:56 13844992 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-09-29 07:41:50 50176 ----a-w- C:\WINDOWS\SysWow64\wbem\Win32_Tpm.dll
2017-09-29 07:41:09 110080 ----a-w- C:\WINDOWS\SysWow64\BitLockerCsp.dll
2017-09-29 07:40:57 6728192 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2017-09-29 07:40:50 371200 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-09-29 07:40:25 86528 ----a-w- C:\WINDOWS\SysWow64\updatepolicy.dll
2017-09-29 07:39:51 364032 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2017-09-29 07:39:01 20511232 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-09-29 07:38:55 471040 ----a-w- C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
2017-09-29 07:38:51 229376 ----a-w- C:\WINDOWS\SysWow64\scksp.dll
2017-09-29 07:38:35 1135616 ----a-r- C:\WINDOWS\SysWow64\icuuc.dll
2017-09-29 07:38:18 2671616 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-09-29 07:38:15 370688 ----a-w- C:\WINDOWS\SysWow64\FirewallAPI.dll
2017-09-29 07:38:11 463360 ----a-w- C:\WINDOWS\SysWow64\webio.dll
2017-09-29 07:38:03 5721600 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2017-09-29 07:38:03 308224 ----a-w- C:\WINDOWS\SysWow64\cryptngc.dll
2017-09-29 07:37:45 306688 ----a-w- C:\WINDOWS\SysWow64\Windows.Graphics.dll
.
============= FINISH: 11:53:09.68 ===============
