Sponsored By

Sign in to follow this  
barcuss

Help Removing Malware

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Family (administrator) on FAMILY-PC (05-12-2015 08:56:20)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: Family & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [BitTorrent] => C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe [1977192 2015-11-08] (BitTorrent Inc.)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\MountPoints2: {6e82fd09-1856-11e5-8e12-74d43550f80c} - "F:\autorun.exe" 
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\et6sc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\idriver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MCM_WCP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: Google.com
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2015-07-19] (GeoComply Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2015-07-19] (GeoComply Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2015-07-19] (GeoComply)
FF Plugin HKU\S-1-5-21-125191153-927833046-2172898461-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-26] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.aol.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (My Photo Tab) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb [2015-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-11-23]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]
CHR Extension: (Space Planet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2015-08-01]
CHR HKLM-x32\...\Chrome\Extension: [kmofbadmgolpibnjflbihlaecnhhaanb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S2 GeoComplyUpdate; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [166360 2015-07-19] (GeoComply Inc.)
S3 GeoComplyUpdateM; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [166360 2015-07-19] (GeoComply Inc.)
S4 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Player Location Check; C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe [3431824 2015-07-19] (GeoComply)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2015-11-23] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2015-11-23] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-15] (Disc Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2015-06-16] (Arainia Solutions LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-08-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 08:56 - 2015-12-05 08:56 - 00019093 _____ C:\Users\Family\Downloads\FRST.txt
2015-12-05 08:56 - 2015-12-05 08:56 - 00000000 ____D C:\FRST
2015-12-05 08:55 - 2015-12-05 08:56 - 02369024 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2015-12-05 08:33 - 2015-12-05 08:33 - 00016148 _____ C:\WINDOWS\system32\FAMILY-PC_Family_HistoryPrediction.bin
2015-11-27 22:04 - 2015-11-27 22:04 - 00012959 _____ C:\Users\Family\Desktop\malware.txt
2015-11-27 21:51 - 2015-11-27 21:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 21:50 - 2015-11-27 21:50 - 22908888 _____ (Malwarebytes ) C:\Users\Family\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-27 21:50 - 2015-11-27 21:50 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 21:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-27 21:50 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-27 21:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-24 07:08 - 2015-11-24 07:08 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-11-24 07:03 - 2015-11-23 16:37 - 00048552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
2015-11-24 07:03 - 2015-11-23 16:37 - 00042408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\uxtuneup.dll
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2015-11-23 17:32 - 2015-11-23 17:34 - 00000000 ____D C:\Program Files\WhoCrashed
2015-11-23 17:32 - 2015-11-23 17:32 - 02256552 _____ (Resplendence Software Projects Sp. ) C:\Users\Family\Downloads\whocrashedSetup.exe
2015-11-23 17:32 - 2015-11-23 17:32 - 00000887 _____ C:\Users\Family\Desktop\WhoCrashed.lnk
2015-11-23 17:32 - 2015-11-23 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-11-23 11:56 - 2015-11-23 11:56 - 00509440 _____ (Tech Support Guy System) C:\Users\Family\Downloads\SysInfo.exe
2015-11-23 11:44 - 2015-11-26 10:09 - 00000000 ____D C:\Users\Family\AppData\Roaming\QuickScan
2015-11-23 11:44 - 2015-11-23 11:44 - 00039480 _____ C:\Users\Family\Downloads\qsinstaller.exe
2015-11-23 10:51 - 2015-11-23 10:51 - 00000000 ____D C:\$SysReset
2015-11-13 07:28 - 2015-11-13 07:28 - 00002922 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-11-12 22:31 - 2015-11-12 22:31 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2015-11-12 22:19 - 2015-11-24 07:03 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-11-12 22:19 - 2015-11-24 07:03 - 00002124 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2015-11-12 22:19 - 2015-11-23 16:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-11-12 22:19 - 2015-11-23 16:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-11-12 22:19 - 2015-11-23 16:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-11-12 22:16 - 2015-11-12 22:16 - 117509878 ____R C:\Users\Family\Downloads\AVG PC TuneUp 2016 16.3.1.24857 (x64) Multilingual + Keys [4realtorrentz].zip
2015-11-12 22:11 - 2015-11-12 22:12 - 00000000 ____D C:\Users\Family\Downloads\AVG PC TuneUp 2015 15.0.1001.238 Final Incl. Crack & Key [ATOM]
2015-11-12 15:24 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Roaming\AVG
2015-11-12 15:23 - 2015-11-12 15:23 - 00000000 ____D C:\Users\Family\AppData\Roaming\TuneUp Software
2015-11-12 15:21 - 2015-11-25 06:43 - 00000000 ____D C:\ProgramData\Avg
2015-11-12 15:21 - 2015-11-25 06:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-12 15:20 - 2015-11-25 06:43 - 00000000 ____D C:\ProgramData\MFAData
2015-11-12 15:20 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Local\AvgSetupLog
2015-11-12 15:20 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Local\Avg
2015-11-12 15:20 - 2015-11-12 15:20 - 00000000 ____D C:\Users\Family\AppData\Local\MFAData
2015-11-12 15:20 - 2015-11-12 15:20 - 00000000 ____D C:\Users\Family\AppData\Local\Avg2015
2015-11-12 15:16 - 2015-11-12 15:18 - 377196995 ____R C:\Users\Family\Downloads\AVG Antivirus Pro 2015 15.0 Build 6081 (x86x64) Multilingual + Keys [4realtorrentz].rar
2015-11-11 01:23 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 01:23 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 01:23 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 01:23 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 01:23 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 01:23 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 01:23 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 01:23 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 01:23 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 01:23 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 01:23 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 01:23 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 01:23 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 01:23 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 01:23 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 01:23 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 01:23 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 01:23 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 01:23 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 01:23 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 01:23 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 01:23 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 01:23 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 01:23 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 01:23 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 01:23 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 01:23 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 01:23 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 01:23 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-11 01:22 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 01:22 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 01:22 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 01:22 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 01:22 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 01:22 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 01:22 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 01:22 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 01:22 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 01:22 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 01:22 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 01:22 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 01:22 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 01:22 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 01:22 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 01:22 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 01:22 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 01:22 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 01:22 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 01:22 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 01:22 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 00:54 - 2015-11-11 00:54 - 00000000 ____D C:\Users\Family\Downloads\Wide Open Housewife (Marc Dorcel) XXX DVDRip NEW 2015
2015-11-11 00:52 - 2015-11-11 00:52 - 00000000 ____D C:\Users\Family\Downloads\Rachel RoXXX (Doctor Daydream)
2015-11-11 00:43 - 2015-11-11 00:47 - 322726449 ____R C:\Users\Family\Downloads\ob_bg_anna_polina_dl081315_480p_1500.mp4
2015-11-11 00:34 - 2015-11-11 00:51 - 00000000 ____D C:\Users\Family\Downloads\My Asian Hotwife
2015-11-11 00:25 - 2015-11-11 00:29 - 1364236385 ____R C:\Users\Family\Downloads\Manon.Secretaire.Debutante.mp4
2015-11-08 15:35 - 2015-11-12 22:11 - 00000000 ____D C:\Users\Family\AppData\LocalLow\BitTorrent
2015-11-08 14:23 - 2015-11-08 14:37 - 1942466625 ____R C:\Users\Family\Downloads\Star Wars XXX A Porn Parody.mp4
2015-11-07 09:58 - 2015-11-07 09:58 - 00133054 _____ C:\Users\Family\Downloads\MSB_DaculaSprolesLease_2015-2016_rev1 (1).pdf
2015-11-07 09:53 - 2015-11-07 09:53 - 00133054 _____ C:\Users\Family\Downloads\MSB_DaculaSprolesLease_2015-2016_rev1.pdf
2015-11-06 15:09 - 2015-11-10 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 11:35 - 2015-11-06 11:35 - 00000000 ____D C:\Users\Family\AppData\Local\CEF
2015-11-06 11:34 - 2015-11-26 07:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 11:34 - 2015-11-06 11:34 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-06 11:16 - 2015-11-06 11:16 - 00000000 ____D C:\ProgramData\ATI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 08:56 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-05 08:49 - 2015-07-19 19:44 - 00000928 _____ C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job
2015-12-05 08:45 - 2015-06-04 20:08 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
2015-12-05 08:35 - 2015-05-26 12:55 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
2015-12-05 08:33 - 2014-05-15 04:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-05 08:30 - 2014-05-15 11:26 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 06:19 - 2015-10-05 20:35 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACE0B974-CBAD-4680-9DDC-3ADD882E5C97}
2015-12-05 03:30 - 2014-05-15 11:26 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 22:30 - 2015-08-18 17:28 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-04 20:49 - 2015-07-19 19:44 - 00000924 _____ C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job
2015-12-04 19:30 - 2015-08-21 05:54 - 00005214 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC
2015-12-04 10:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 06:48 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-03 20:03 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-03 14:32 - 2014-05-15 11:26 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 03:25 - 2014-05-15 11:26 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 03:25 - 2014-05-15 11:26 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 09:25 - 2014-05-15 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 22:15 - 2015-08-21 01:36 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 22:09 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 22:08 - 2015-08-21 01:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-27 22:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SchCache
2015-11-27 22:08 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-25 06:40 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-25 06:36 - 2015-08-21 04:30 - 00000000 ____D C:\Users\Family\AppData\Local\Packages
2015-11-25 06:36 - 2015-07-30 22:50 - 00000000 ____D C:\ProgramData\Apple
2015-11-22 21:51 - 2015-08-21 01:37 - 00000000 ____D C:\Users\Family
2015-11-22 10:26 - 2015-06-04 20:08 - 00003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000
2015-11-22 10:26 - 2015-05-26 12:55 - 00003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000
2015-11-19 20:23 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-13 01:09 - 2015-07-10 07:20 - 00341448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-12 22:41 - 2015-06-18 14:09 - 00000000 ____D C:\Users\Family\AppData\Roaming\BitTorrent
2015-11-12 22:30 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-12 22:30 - 2015-06-22 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
2015-11-11 10:28 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 01:59 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 01:57 - 2014-05-15 21:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 01:54 - 2014-05-15 21:42 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 22:38 - 2014-05-21 18:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-06 11:35 - 2014-12-24 17:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 11:35 - 2014-08-23 00:00 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe
2015-11-06 11:34 - 2014-05-17 20:40 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 11:34 - 2014-05-17 20:40 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-08-11 15:14 - 2015-08-11 15:14 - 0010155 _____ () C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-02 14:27

==================== End of FRST.txt ============================

Edited by barcuss

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Family (2015-12-05 08:56:55)
Running from C:\Users\Family\Downloads
Windows 10 Home (X64) (2015-08-21 09:30:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-125191153-927833046-2172898461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-125191153-927833046-2172898461-503 - Limited - Disabled)
Family (S-1-5-21-125191153-927833046-2172898461-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-125191153-927833046-2172898461-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.53.1000.101 - ALLDATA Corporation)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.12.1.43164 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.12.3 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Easy Tune 6 B13.1029.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1029.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.6.0.4007 (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\GoToMeeting) (Version: 7.6.0.4007 - CitrixOnline)
InsiderBaseball 2015 (HKLM-x32\...\{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}) (Version: 16.1.1 - Fantistics)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PCDrafter 2015 (HKLM-x32\...\{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}) (Version: 15.0.0000 - PCDrafter)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RotoLab 2015 (HKLM-x32\...\RotoLab 2015_is1) (Version:  - RotoLab)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SBR Poker 1.0.81 (HKLM-x32\...\sbrAppId_is1) (Version: 1.0.0 - SBR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Family\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

28-11-2015 08:50:14 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014949B1-4DFE-473D-879B-9F97B59688F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {080FF4AD-FB81-470B-BB1B-5218C1C3E8F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A26FA18-43EC-4CD9-AAFF-B10FF0C84425} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0BE43EEF-4232-4E56-8AB4-BE997FB5AB01} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1AB3DED8-838F-4D33-8073-BB92A863A393} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1EA7C1AA-DEF2-4B09-94E1-357A80AC4245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F4EA018-D0F7-4949-9EF9-C16762D01308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {214A316A-7DB8-45D3-A376-3F931DF582DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {22C81681-E369-4F13-9FC2-5F291DDB9FD1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {28AECC82-BE28-4E84-BD08-34CC77829326} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2C2F956A-729B-4946-ABB6-ED28563A5502} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe
Task: {32051A4C-89F2-4D01-B46D-A0606207C826} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-11-23] (AVG Technologies CZ, s.r.o.)
Task: {322989D2-0EBA-46AB-BACE-53E1CA2FB28A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {33579BBC-41CE-4BBD-91D7-4A383F30DE19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {367F41DC-6614-42D9-B328-8A44D571A827} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {381B4C47-6B9B-4438-B8B7-E6F5E8488737} - System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe [2015-11-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {42E92F8A-D911-4139-B951-DCF77474EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4541FEAF-613F-47F4-B470-F6D4383D0EFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4D7AA650-90F4-4252-A9BD-E6B1DBD11AE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4F95A94F-72E0-4BF6-9431-7FEA7D48CE79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {58869D45-E884-4F77-A6BE-543E9DE67AF2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5FA761FC-63C4-4CE9-A032-EE0E2AF71FC6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {63733201-D67E-4ADF-8377-356F35F5788B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {683BAAF9-1DB5-484E-9C19-6C72B4342BFD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {740252EF-6ADE-4742-98C6-15B58C78C0E9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7FC27308-026B-46F7-98CF-DE61DC635AEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {82BDE5F8-5712-44C8-8050-A369070E68EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {867481C3-B03D-44B6-9ECC-111377B0A0CF} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {94B27DDA-7F10-4DE4-8A41-B253179D8FC6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {964C687E-267C-41A9-B8FD-811862459ABC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9B0192E6-8839-47B7-B27B-5D11ABC0F0BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9B5FEC1D-D45C-45BE-AE5E-4435C0603B22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A39109FC-2B89-46B4-9E86-F25D8FADEDD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A59674FF-CC6F-4B4D-9892-B9B553EF0856} - System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe [2015-11-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A9523DC5-8E59-4795-8495-EB17B85D9A6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE9675E9-CDE0-4516-B297-46993CC51C49} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45A5EE0-7BF3-44E1-9DB6-2360E0F85113} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B54749D2-A79D-497F-81BB-17CE1F7BE696} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB94E50C-4999-4380-855D-A651450160D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7A781FF-6602-493E-BB08-203090C653E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {C8FF64F6-36F4-4DA9-A177-B6E9A36550BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC0DBB0A-F6CA-47B7-80D3-BA19CF194A88} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC2AECC0-FD65-4676-94BB-CB4537277B5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CE9D1D3B-0495-40A2-A74C-BF64B56EBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D03BAEFF-6CC9-4468-BD24-A3291225F62A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D56D7FE6-76FC-4F2E-9FFA-DCEF4631F810} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D7F73991-99C0-48AB-94ED-3AD31A35AE7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF23DEF6-47F8-4756-940F-8479B5DE0586} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {DFB55C65-E19E-4F00-BDDB-8D44A4F358F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EAEFCF09-0954-45B1-8A1D-CB796B3A0F4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED80E49E-093B-4E9E-AAA7-5894350269F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF915FFD-7569-463E-9672-2A60C598FD79} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F0BDC182-EE5E-4B19-9B13-674B14E3483B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F17B229E-88B0-473E-ADA2-51A5BC3D56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C579C6-3D95-4C1C-AA36-D57F7C5E4825} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FA591149-2347-4943-B958-6AF4ECA64634} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FDEFFB29-EEB1-444B-AF5D-E1C24DDAE805} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 05:19 - 2015-08-21 05:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 06:48 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-30 17:48 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-09-30 17:48 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 17:48 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-26 04:20 - 2015-11-26 04:20 - 03494400 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-12 15:21 - 2015-11-12 15:20 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-125191153-927833046-2172898461-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\Microsoft\Windows\Themes\img28.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{89FB4CFA-3DB6-4201-9A45-37E791F49117}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4937FC0D-641F-4238-A708-24DF31247827}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E762C6A2-A924-407B-BA13-131B2EBAB7C0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E0D1CAC9-D29D-4215-B992-19367610AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91D08958-C150-4F21-8E1B-255306F7E8F8}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{37018B24-A849-42CC-9615-24997B7357D7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2C29507E-61DA-4671-BA64-3EE8197913AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4570D6BC-7477-4329-9C4C-2717F729FDEC}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{ACA9564D-A022-40B7-AB71-05F22DCDDD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E76551E5-95B2-4C3E-8BF2-881037573426}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4BA5837-C834-44F5-9551-0564E52C072D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9573E191-DBF0-4620-A19D-88DCC62059A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2519C3E2-8820-44AF-9E8E-0625182ED43D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62276E21-A549-4BB4-AB0E-702AE16889EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2015 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1ba8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/03/2015 10:29:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (11/28/2015 08:50:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/26/2015 07:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x6a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/26/2015 07:23:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 42.0.0.5780, time stamp: 0x5632ba5c
Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3b08
Exception code: 0xc0000409
Fault offset: 0x0000fcec
Faulting process id: 0x1988
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5

Error: (11/26/2015 07:44:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Family-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/25/2015 07:02:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1f8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (11/25/2015 07:02:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (11/25/2015 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0xa7c
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (11/25/2015 06:37:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0xd80
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5


System errors:
=============
Error: (12/04/2015 10:28:58 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #26, {CCD4BFF1-875F-4932-A349-0FAEA3213EC3}, had event 76

Error: (12/03/2015 10:29:33 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {1E9D6717-96F2-4912-8159-6E431CDEBCE3}, had event 76

Error: (12/02/2015 10:25:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {90AF029F-CF48-4E2B-92C4-A75281128418}, had event 76

Error: (12/01/2015 10:23:02 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {EB8B15E3-0A3B-43C2-BC96-919DD15CD7BD}, had event 76

Error: (11/30/2015 10:20:11 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {DBBE70D6-594A-4C68-AC3F-16B8222E3AB3}, had event 76

Error: (11/29/2015 10:17:19 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {32A3C5BC-3081-4115-A07D-64CE61168B25}, had event 76

Error: (11/28/2015 10:14:29 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {DA99CADA-992B-47E5-B852-D6EA0DF5E709}, had event 76

Error: (11/28/2015 12:48:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/27/2015 10:25:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/27/2015 10:11:17 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {952CFF0B-D777-4D0E-A9CD-53AED5435EA1}, had event 76


CodeIntegrity:
===================================
  Date: 2015-12-05 08:56:17.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 08:56:17.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-28 09:19:11.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:57:44.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:38:37.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:38:37.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:32:10.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:32:10.632
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 03:49:02.896
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 03:49:02.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 48%
Total physical RAM: 7373.8 MB
Available physical RAM: 3775.33 MB
Total Virtual: 14797.8 MB
Available Virtual: 10330.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:257.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C834FA10)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

# AdwCleaner v5.023 - Logfile created 05/12/2015 at 09:18:45
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Downloads\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\TowerTilt
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\Program Files (x86)\TowerTilt
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\Users\Family\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Family\AppData\Roaming\YourFileDownloader

***** [ Files ] *****

File Found : C:\END
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.indianask.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.indianask.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1827 bytes] ##########
 

Share this post


Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Family (Administrator) on Sat 12/05/2015 at 14:30:26.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 1 

Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/05/2015 at 14:32:07.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Share this post


Link to post
Share on other sites

Howdy barcuss, My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


=======================

Now with the intro out of the way i must warn you of P2P programs !!

P2P/Piracy Warning:

    If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now !

=======================

 

Farbar fix:
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
FRSTfix.jpg

 

 

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {080FF4AD-FB81-470B-BB1B-5218C1C3E8F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1EA7C1AA-DEF2-4B09-94E1-357A80AC4245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {214A316A-7DB8-45D3-A376-3F931DF582DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {28AECC82-BE28-4E84-BD08-34CC77829326} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4541FEAF-613F-47F4-B470-F6D4383D0EFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A9523DC5-8E59-4795-8495-EB17B85D9A6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B45A5EE0-7BF3-44E1-9DB6-2360E0F85113} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B54749D2-A79D-497F-81BB-17CE1F7BE696} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D7F73991-99C0-48AB-94ED-3AD31A35AE7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EAEFCF09-0954-45B1-8A1D-CB796B3A0F4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED80E49E-093B-4E9E-AAA7-5894350269F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION


End

 

 

=============================

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply !

 

NEXT

 

I need you to re-run AdwCleaner and after the scan is completed you MUST click the Clean button !! This part you missed !!


NEXT

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 


What i need Next:

1. Fixlog.text

2. Adwcleaner log (after clicking Clean button)

3. OTL Log


Thanks

Chuck

 

 

Share this post


Link to post
Share on other sites

Barcuss i have seen you here reading my return post, do you want to follow up on this cleaning ?? This is the 5th day which our policy is to lock threads that have no response in 5 days. Please let me know if you want to continue ??

Thanks

Chuck

Share this post


Link to post
Share on other sites

This topic is now unlocked due to users request !!

Thanks

Chuck

 

 

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015
Ran by Family (2015-12-12 10:37:05)
Running from C:\Users\Family\Desktop
Windows 10 Home (X64) (2015-08-21 09:30:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-125191153-927833046-2172898461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-125191153-927833046-2172898461-503 - Limited - Disabled)
Family (S-1-5-21-125191153-927833046-2172898461-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-125191153-927833046-2172898461-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.53.1000.101 - ALLDATA Corporation)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.12.1.43164 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.12.3 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Easy Tune 6 B13.1029.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1029.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.7.0.4062 (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\GoToMeeting) (Version: 7.7.0.4062 - CitrixOnline)
InsiderBaseball 2015 (HKLM-x32\...\{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}) (Version: 16.1.1 - Fantistics)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PCDrafter 2015 (HKLM-x32\...\{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}) (Version: 15.0.0000 - PCDrafter)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RotoLab 2015 (HKLM-x32\...\RotoLab 2015_is1) (Version:  - RotoLab)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SBR Poker 1.0.81 (HKLM-x32\...\sbrAppId_is1) (Version: 1.0.0 - SBR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Family\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014949B1-4DFE-473D-879B-9F97B59688F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {080FF4AD-FB81-470B-BB1B-5218C1C3E8F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A26FA18-43EC-4CD9-AAFF-B10FF0C84425} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0BE43EEF-4232-4E56-8AB4-BE997FB5AB01} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1AB3DED8-838F-4D33-8073-BB92A863A393} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1EA7C1AA-DEF2-4B09-94E1-357A80AC4245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F4EA018-D0F7-4949-9EF9-C16762D01308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {214A316A-7DB8-45D3-A376-3F931DF582DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {22C81681-E369-4F13-9FC2-5F291DDB9FD1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {28AECC82-BE28-4E84-BD08-34CC77829326} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2C2F956A-729B-4946-ABB6-ED28563A5502} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe
Task: {32051A4C-89F2-4D01-B46D-A0606207C826} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-11-23] (AVG Technologies CZ, s.r.o.)
Task: {322989D2-0EBA-46AB-BACE-53E1CA2FB28A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {33579BBC-41CE-4BBD-91D7-4A383F30DE19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {367F41DC-6614-42D9-B328-8A44D571A827} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {381B4C47-6B9B-4438-B8B7-E6F5E8488737} - System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {42E92F8A-D911-4139-B951-DCF77474EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4541FEAF-613F-47F4-B470-F6D4383D0EFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4D7AA650-90F4-4252-A9BD-E6B1DBD11AE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4F95A94F-72E0-4BF6-9431-7FEA7D48CE79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {58869D45-E884-4F77-A6BE-543E9DE67AF2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5FA761FC-63C4-4CE9-A032-EE0E2AF71FC6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {624ACF40-65E1-44FE-84B4-BE554AB815AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation)
Task: {63733201-D67E-4ADF-8377-356F35F5788B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {683BAAF9-1DB5-484E-9C19-6C72B4342BFD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {740252EF-6ADE-4742-98C6-15B58C78C0E9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7FC27308-026B-46F7-98CF-DE61DC635AEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {82BDE5F8-5712-44C8-8050-A369070E68EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {867481C3-B03D-44B6-9ECC-111377B0A0CF} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {964C687E-267C-41A9-B8FD-811862459ABC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9B0192E6-8839-47B7-B27B-5D11ABC0F0BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9B5FEC1D-D45C-45BE-AE5E-4435C0603B22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A39109FC-2B89-46B4-9E86-F25D8FADEDD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {A59674FF-CC6F-4B4D-9892-B9B553EF0856} - System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A9523DC5-8E59-4795-8495-EB17B85D9A6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE9675E9-CDE0-4516-B297-46993CC51C49} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45A5EE0-7BF3-44E1-9DB6-2360E0F85113} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4D20D19-662D-488B-AAB9-08034417328F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-21] ()
Task: {B54749D2-A79D-497F-81BB-17CE1F7BE696} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB94E50C-4999-4380-855D-A651450160D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C8FF64F6-36F4-4DA9-A177-B6E9A36550BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC0DBB0A-F6CA-47B7-80D3-BA19CF194A88} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC2AECC0-FD65-4676-94BB-CB4537277B5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CE9D1D3B-0495-40A2-A74C-BF64B56EBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D03BAEFF-6CC9-4468-BD24-A3291225F62A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D56D7FE6-76FC-4F2E-9FFA-DCEF4631F810} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D7F73991-99C0-48AB-94ED-3AD31A35AE7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF23DEF6-47F8-4756-940F-8479B5DE0586} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {DFB55C65-E19E-4F00-BDDB-8D44A4F358F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EAEFCF09-0954-45B1-8A1D-CB796B3A0F4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED80E49E-093B-4E9E-AAA7-5894350269F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF915FFD-7569-463E-9672-2A60C598FD79} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F0BDC182-EE5E-4B19-9B13-674B14E3483B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F17B229E-88B0-473E-ADA2-51A5BC3D56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C579C6-3D95-4C1C-AA36-D57F7C5E4825} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FA591149-2347-4943-B958-6AF4ECA64634} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 05:19 - 2015-08-21 05:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 06:48 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-30 17:48 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 17:48 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-30 17:48 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 21:55 - 2015-12-08 21:55 - 03492352 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-12 15:21 - 2015-11-12 15:20 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-125191153-927833046-2172898461-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\Microsoft\Windows\Themes\img28.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{89FB4CFA-3DB6-4201-9A45-37E791F49117}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4937FC0D-641F-4238-A708-24DF31247827}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E762C6A2-A924-407B-BA13-131B2EBAB7C0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E0D1CAC9-D29D-4215-B992-19367610AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91D08958-C150-4F21-8E1B-255306F7E8F8}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{37018B24-A849-42CC-9615-24997B7357D7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2C29507E-61DA-4671-BA64-3EE8197913AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4570D6BC-7477-4329-9C4C-2717F729FDEC}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{ACA9564D-A022-40B7-AB71-05F22DCDDD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E76551E5-95B2-4C3E-8BF2-881037573426}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4BA5837-C834-44F5-9551-0564E52C072D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9573E191-DBF0-4620-A19D-88DCC62059A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2519C3E2-8820-44AF-9E8E-0625182ED43D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1080

Start Time: 01d1347d07f7b364

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d

Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (12/11/2015 08:35:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Family-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (12/11/2015 02:59:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/11/2015 02:58:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/08/2015 01:53:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1aec
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/08/2015 01:53:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (12/07/2015 01:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1288
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/07/2015 01:52:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (12/05/2015 02:30:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/03/2015 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1ba8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5


System errors:
=============
Error: (12/12/2015 10:00:23 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/11/2015 08:46:32 PM) (Source: DCOM) (EventID: 10016) (User: Family-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Family-PCFamilyS-1-5-21-125191153-927833046-2172898461-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (12/11/2015 08:38:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/11/2015 08:37:08 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #28, {D9379884-049A-4B2F-8D07-5B517E37D3BB}, had event 76

Error: (12/11/2015 08:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error: 
%%1053

Error: (12/11/2015 08:32:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.

Error: (12/11/2015 08:31:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (12/11/2015 08:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hardlock service failed to start due to the following error: 
%%1275

Error: (12/11/2015 08:31:36 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: hardlock.sys

Error: (12/11/2015 08:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aksfridge service failed to start due to the following error: 
%%1275


CodeIntegrity:
===================================
  Date: 2015-12-12 07:02:42.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-07 04:08:56.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-07 04:08:56.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 14:05:01.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 14:05:01.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 09:49:29.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 09:49:29.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:30:52.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:30:52.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:23:22.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 40%
Total physical RAM: 7373.8 MB
Available physical RAM: 4354.83 MB
Total Virtual: 14797.8 MB
Available Virtual: 11187.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:263.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C834FA10)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

# AdwCleaner v5.024 - Logfile created 12/12/2015 at 11:05:00
# Updated 07/12/2015 by Xplode
# Database : 2015-12-12.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Downloads\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [664 bytes] ##########
 

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/12/2015 11:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 68.22% Memory free
14.45 Gb Paging File | 11.80 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.26 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 | 
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | [email protected]{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | 
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 | 
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection | 
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote | 
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | [email protected]{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | 
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | [email protected]{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox | 
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | [email protected]{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote | 
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter | 
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection | 
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 | 
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | [email protected]{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | 
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | [email protected]{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | 
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 | 
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 | 
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | [email protected]{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox | 
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer | 
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | [email protected]{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | [email protected]{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | 
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | [email protected]{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | 
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | [email protected]{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | [email protected]{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | 
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | [email protected]{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | 
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | [email protected]{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | [email protected]{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | 
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In 
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/3/2015 11:29:44 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1ba8  Faulting application start time: 0x01d12e43b2e85c71  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: bac35dcf-a763-4d1a-83bc-a8cf7114006b  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/5/2015 3:30:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1288  Faulting application start time: 0x01d1312042bf0cad  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 5c7402e6-1c7c-4dfa-b615-b5965b1dfd23  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1aec  Faulting application start time: 0x01d131e96f3bee14  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 8de05dd2-646a-4b06-a043-00140e71fa99  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/11/2015 3:58:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 3:59:31 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 9:35:36 PM | Computer Name = Family-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI
 was terminated because it took too long to suspend.
 
Error - 12/11/2015 9:35:38 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program SearchUI.exe version 10.0.10240.16515 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 1080    Start Time: 01d1347d07f7b364    Termination Time: 4294967295    Application Path:
 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe    Report
 Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d    Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting
 package-relative application ID: CortanaUI  
 
[ System Events ]
Error - 12/12/2015 12:04:59 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:06 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Sync Host_Session1 service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error: 
  %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksdf service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 12:09:28 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {B97BB92D-F09A-4E7E-8E4B-928AA03E7C40},
 had event 76
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/12/2015 11:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 68.22% Memory free
14.45 Gb Paging File | 11.80 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.26 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/12/12 11:10:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.com
PRC - [2015/12/04 16:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/12 16:57:42 | 001,136,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/04 16:32:56 | 016,573,256 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
MOD - [2015/12/04 16:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 16:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/12 15:20:54 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe" 
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
[2015/11/12 22:19:02 | 000,046,504 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/12 22:19:02 | 000,037,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/12 22:19:02 | 000,032,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
[2015/11/12 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/11/12 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AvgSetupLog
[2015/11/12 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg
[2015/11/12 15:20:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2015
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/12 11:12:05 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 11:12:05 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 11:12:05 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 11:07:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 11:07:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 11:07:05 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/12 11:06:44 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/12 11:06:44 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 11:05:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 11:05:35 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 11:05:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 10:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/12 10:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/12 10:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/12 10:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/12 11:06:44 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/12 22:19:01 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2015/11/12 22:19:01 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/12/2015 11:28:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.82 Gb Available Physical Memory | 66.88% Memory free
14.45 Gb Paging File | 11.78 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.25 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/12/12 11:10:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.com
PRC - [2015/12/04 16:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/12 16:57:42 | 001,136,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/04 16:32:56 | 016,573,256 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
MOD - [2015/12/04 16:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 16:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/12 15:20:54 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2015/09/30 15:47:00 | 000,225,976 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe" 
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
[2015/11/12 22:19:02 | 000,046,504 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/12 22:19:02 | 000,037,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/12 22:19:02 | 000,032,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
[2015/11/12 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/11/12 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AvgSetupLog
[2015/11/12 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg
[2015/11/12 15:20:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2015
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/12 11:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/12 11:12:05 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 11:12:05 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 11:12:05 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 11:07:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 11:07:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 11:07:05 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/12 11:06:44 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/12 11:06:44 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 11:05:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 11:05:35 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 11:05:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 10:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/12 10:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/12 10:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/12 11:06:44 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/12 22:19:01 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2015/11/12 22:19:01 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG
[2015/11/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\BitTorrent
[2014/05/17 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/06/15 07:56:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2015/06/18 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\MetaQuotes
[2014/07/16 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oracle
[2015/08/19 02:25:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\PCDrafter2015
[2015/11/26 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/12 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/06/25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/12/2015 11:28:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.82 Gb Available Physical Memory | 66.88% Memory free
14.45 Gb Paging File | 11.78 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.25 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 | 
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | [email protected]{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | 
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 | 
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection | 
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote | 
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | [email protected]{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | 
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | [email protected]{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox | 
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | [email protected]{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote | 
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter | 
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection | 
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 | 
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | [email protected]{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | 
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | [email protected]{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | 
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 | 
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 | 
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | [email protected]{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox | 
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer | 
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | [email protected]{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | [email protected]{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | 
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | [email protected]{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | 
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | [email protected]{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | [email protected]{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | 
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | [email protected]{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | 
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | [email protected]{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | [email protected]{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | 
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In 
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/3/2015 11:29:44 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1ba8  Faulting application start time: 0x01d12e43b2e85c71  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: bac35dcf-a763-4d1a-83bc-a8cf7114006b  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/5/2015 3:30:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1288  Faulting application start time: 0x01d1312042bf0cad  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 5c7402e6-1c7c-4dfa-b615-b5965b1dfd23  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1aec  Faulting application start time: 0x01d131e96f3bee14  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 8de05dd2-646a-4b06-a043-00140e71fa99  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/11/2015 3:58:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 3:59:31 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 9:35:36 PM | Computer Name = Family-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI
 was terminated because it took too long to suspend.
 
Error - 12/11/2015 9:35:38 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program SearchUI.exe version 10.0.10240.16515 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 1080    Start Time: 01d1347d07f7b364    Termination Time: 4294967295    Application Path:
 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe    Report
 Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d    Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting
 package-relative application ID: CortanaUI  
 
[ System Events ]
Error - 12/12/2015 12:04:59 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:06 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Sync Host_Session1 service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error: 
  %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksdf service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 12:09:28 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {B97BB92D-F09A-4E7E-8E4B-928AA03E7C40},
 had event 76
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

After running the OTL scan do I need to click the cleanup button before I close it out, or am I waiting for you to review the scan results before I do anything else?

Share this post


Link to post
Share on other sites

Barcuss i'm looking threw threw logs now, will have  a response soon !!

 

Thanks

Chuck

 

 

Share this post


Link to post
Share on other sites

Barcuss, ok let do some cleaning of the OTL Scan, i had to write a script for you to run !!

We need to Run an OTL fix !! So open (click it) OTL !!!!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTL

PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.



:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

 

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

Post the OTL Fix log when done !!

 

 

NEXT

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

NEXT

 

 

MGA Diagnostic Tool

Download MGA Diagnostic Tool to your Desktop. If you cannot access the internet, please download it on another computer, and copy to the desktop of the infected computer. It cannot be run from the USB!
>>>  http://api.viglink.com/api/click?format=go&jsonp=vglnk_144994287511012&key=9b4efad421c8b103b2c94b796db973b0&libId=ii3ee62701002u9u000DA3jaaoz66&subId=ada8cd58e448a82cf9bb2f2782266d43&loc=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewtopic.php%3Ff%3D11%26t%3D63976&v=1&out=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D52012&ref=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewforum.php%3Ff%3D11%26sid%3Df89594c8d5f3b2d22711bef2d1f768e9&title=GMER%20BlueScreening%20and%20other%20Network%20Issues%20%7C%20Free%20Malware%20Removal%20Forum&txt=MGA%20Diagnostic%20Tool&loAsUuid=ii3ee6ek-ed868aa5-9d3d-41f6-8a9b-7d5efacbfed2 <<<
  *  Double click MGADiag.exe to launch the program.
  * Click Continue and let the scan run.
  *  When finished it will have created a log.
  *  Click Copy.
    Next open Notepad.
       * Click Start > Run type Notepad click OK.
       * This will open an empty Notepad file.
       * Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
       * Save the file to your Desktop.
       * Close MGA Diagnostic Tool.
    Copy/Paste the log in your next reply please.

 

Summing things up i need these logs !!

1. OTL Fix Log

2. Security Check Log

3. MGA Diagnostic Log

 

Thanks

Chuck

Sorry it took so long but i have to read threw all logs to write a script for cleaning !!

 

 

 

 

Share this post


Link to post
Share on other sites

Got an error saying Processing PRC- File not found and then OTL stopped responding

 

This is exactly what I copy and pasted

 

:OTL

PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.



:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

Share this post


Link to post
Share on other sites

Ok Barcuss, looks like the fix did not get copied right from me to here at Besttechie !

Try this:


 

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

Share this post


Link to post
Share on other sites

There was a space between the :OTL and the first line of the fix. No space there !!

Chuck

Share this post


Link to post
Share on other sites

I must be doing something wrong here Chuck.  I copy and pasted the new fix from your latest post and it still freezes up and OTL is not responding.

Here is how I copy and pasted it and clicked Run Fix and it stops responding

 

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

Share this post


Link to post
Share on other sites

barcuss are you doing it like this ??

1. Just open OTL

2. place script here:

Paste%20OTL%20script%20here.png

 

 

3. click Run Fix Only:

Otl%20run%20fix.png


Is this how you are doing it ????

Chuck

 

Share this post


Link to post
Share on other sites

Yes exactly how im doing it.

 

I paste, click Run Fix, it closes Google Chrome and seems to run a few seconds, then the screen gets slightly blury and the top where the blue is and says OTL by oldTimer shows Not Responding

Edited by barcuss

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this