Sponsored By

Sign in to follow this  
barcuss

Help Removing Malware

Recommended Posts

Have you tried any other browser besides Chrome ?? I have never been a fan of Google Chrome, it seems to be the easiest browser to hack & become infected !!

We can try deleting the OTL and it's log & download a new OTL & run it for me, and posting a new OTL log ! Or using a different browser like FireFox or Internet Explorer and try the fix i have posted !!

Chuck

I have this feeling it's Chrome causing the problem, i would go with FireFox & using it for my main browser. Then you can remove it later if that doesn't work !! Your call !!

Share this post


Link to post
Share on other sites
OTL logfile created on: 12/13/2015 9:44:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 72.99% Memory free
14.45 Gb Paging File | 12.60 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.07 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2015/12/13 09:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL (2).com
PRC - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
PRC - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe"
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 13:12:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/13 09:33:43 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/13 09:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/13 09:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/13 09:07:00 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/13 08:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/13 08:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/13 03:30:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 21:29:23 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 21:29:23 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 21:29:23 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 21:24:48 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 21:23:39 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 21:22:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 21:22:42 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 21:22:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/13 09:33:43 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG
[2015/11/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\BitTorrent
[2014/05/17 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/06/15 07:56:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2015/06/18 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\MetaQuotes
[2014/07/16 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oracle
[2015/08/19 02:25:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\PCDrafter2015
[2015/11/26 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/12 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/06/25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 12/13/2015 9:44:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 72.99% Memory free
14.45 Gb Paging File | 12.60 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.07 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system |
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system |
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 |
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | [email protected]{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 |
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection |
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote |
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | [email protected]{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | [email protected]{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | [email protected]{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox |
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | [email protected]{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | [email protected]{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | [email protected]{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | [email protected]{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote |
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter |
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection |
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | [email protected]{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe |
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 |
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe |
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | [email protected]{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | [email protected]{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | [email protected]{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 |
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 |
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | [email protected]{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox |
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | [email protected]{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer |
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | [email protected]{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | [email protected]{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | [email protected]{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | [email protected]{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | [email protected]{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | [email protected]{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | [email protected]{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | [email protected]{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | [email protected]{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | [email protected]{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | [email protected]{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | [email protected]{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | [email protected]{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | [email protected]{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/12/2015 5:00:13 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: aac
 
Start
 Time: 01d1351fc0bbe514    Termination Time: 11    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 5364b3c7-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:01:20 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 518
 
Start
 Time: 01d135201cea54f7    Termination Time: 4    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 7b53c974-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:02:09 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 8b8
 
Start
 Time: 01d135204297ad22    Termination Time: 3    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 987a61d2-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:04:49 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 980
 
Start
 Time: 01d13520900282e4    Termination Time: 16    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: f75b6f2c-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:05:47 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1d70
 
Start
 Time: 01d13520bf851c47    Termination Time: 10    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 19e96da0-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:07:26 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1d04
 
Start
 Time: 01d13520fe5d4492    Termination Time: 6    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 550ad47e-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:08:26 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 11c8
 
Start
 Time: 01d135212a5e8e4e    Termination Time: 12    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 78dd1e75-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:30:30 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1750
 
Start
 Time: 01d1354d733bc484    Termination Time: 13    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: 76d54e55-a141-11e5-9beb-f48800de098d    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:41:07 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 19a0
 
Start
 Time: 01d1354e3fa7d595    Termination Time: 12    Application Path: C:\Users\Family\Desktop\OTL.com
 
Report
 Id: f28ad09b-a142-11e5-9beb-f48800de098d    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:54:50 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL (1).com version 3.2.69.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 928    Start Time: 01d135509dc6135e    Termination Time: 7    Application Path: C:\Users\Family\Downloads\OTL
 (1).com    Report Id: d221d3bb-a144-11e5-9beb-f48800de098d    Faulting package full name:
     Faulting package-relative application ID:  
 
[ System Events ]
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error:
  %%1275
 
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description =
 
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 10:22:58 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 10:26:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {8DF6A1A0-61BB-4011-9FD0-D82247A46831},
 had event 76
 
Error - 12/12/2015 10:27:49 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
 It has done this 1 time(s).
 
Error - 12/12/2015 10:37:53 PM | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12/12/2015 10:38:50 PM | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12/12/2015 10:40:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The HASP License Manager service terminated unexpectedly.  It has
done this 1 time(s).
 
Error - 12/12/2015 10:47:41 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >

Share this post


Link to post
Share on other sites

ok, I have reinstalled OTl and re-run the scan using IE.

 

Question, after I run the scan am I supposed to click the Cleanup? I did not click Cleanup last time.

Or when you give me the script do I just paste it and Run Fix?

Share this post


Link to post
Share on other sites

baruss after the scan just paste it then click Run Fix !! No do not click clean-up !

 

I will be gone today because i had a friend pass away yesterday .... sorry !! I might be back on tonight !!

Chuck

Share this post


Link to post
Share on other sites

Ok, so sorry to hear about your friend....

 

Do I need to wait for you to create a  new script for me to copy and past since we are using IE now?

Share this post


Link to post
Share on other sites

Barcuss, also i need the Security check log & the MGA Diagnoistic tool log !! All programs can be run with any browser, use IE !!

Chuck

 

 

Share this post


Link to post
Share on other sites

 Results of screen317's Security Check version 1.009 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp  
 Java 8 Update 65 
 Java version 32-bit out of Date!
 Adobe Flash Player  20.0.0.235 
 Mozilla Firefox (42.0)
 Google Chrome (47.0.2526.73)
 Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe  
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation unsupported OS
Validation Code: 6
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-DKB77-7M9GH-8HVX7
Windows Product Key Hash: LVfmE2BrV36Gw1iwVgO5ouTh5Gk=
Windows Product ID: 00326-10000-00000-AA954
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: N/A, hr=0x8007007a
ID: {6177DF18-D158-4C84-9733-49CC7889C4EA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 10 Home
Architecture: 0x00000009
Build lab: 10240.th1_st1.151104-1714
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics:
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\WINDOWS\system32\licdll.dll[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80070002]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6177DF18-D158-4C84-9733-49CC7889C4EA}</UGUID><Version>1.9.0027.0</Version><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-8HVX7</PKey><PID>00326-10000-00000-AA954</PID><PIDType>0</PIDType><SID>S-1-5-21-125191153-927833046-2172898461</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>FB</Version><SMBIOSVersion major="2" minor="7"/><Date>20131029000000.000000+000</Date></BIOS><HWID>4CE93207018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="01" Version="10" Result="32"/><App Id="02" Version="10" Result="13251092"/><App Id="03" Version="10" Result="33554431"/><App Id="04" Version="10" Result="4590968"/><App Id="05" Version="10" Result="13251064"/><App Id="06" Version="10" Result="4587520"/><App Id="07" Version="10" Result="3"/><App Id="08" Version="10" Result="5364180"/><App Id="09" Version="10" Result="2004933080"/><App Id="0A" Version="10" Result="72"/><App Id="0C" Version="10" Result="5364936"/><App Id="0E" Version="10" Result="34078782"/><App Id="0F" Version="10" Result="5364296"/><App Id="10" Version="10" Result="80"/><App Id="12" Version="10" Result="2"/><App Id="14" Version="10" Result="10"/><App Id="16" Version="10" Result="13251424"/><App Id="17" Version="10" Result="5364196"/><App Id="18" Version="10" Result="2004932840"/><App Id="19" Version="10" Result="5364936"/><App Id="1A" Version="10" Result="62"/><App Id="1B" Version="10" Result="5364824"/><App Id="1C" Version="10" Result="2004921052"/><App Id="1D" Version="10" Result="13251432"/><App Id="1E" Version="10" Result="5364296"/><App Id="1F" Version="10" Result="62"/><App Id="20" Version="10" Result="5365720"/><App Id="21" Version="10" Result="13265120"/><App Id="22" Version="10" Result="2004921187"/><App Id="24" Version="10" Result="5364296"/><App Id="25" Version="10" Result="2004696148"/><App Id="26" Version="10" Result="65536"/><App Id="28" Version="10" Result="34078782"/><App Id="29" Version="10" Result="5364296"/><App Id="2A" Version="10" Result="5308478"/><App Id="2B" Version="10" Result="8"/><App Id="2D" Version="10" Result="13251432"/><App Id="30" Version="10" Result="5364316"/><App Id="31" Version="10" Result="2005131045"/><App Id="32" Version="10" Result="5364404"/><App Id="33" Version="10" Result="5442400"/><App Id="34" Version="10" Result="5364528"/><App Id="35" Version="10" Result="5442376"/><App Id="36" Version="10" Result="5442332"/><App Id="37" Version="10" Result="5442376"/><App Id="39" Version="10" Result="5364432"/><App Id="3A" Version="10" Result="5364356"/><App Id="3B" Version="10" Result="2005130990"/><App Id="3C" Version="10" Result="5364420"/><App Id="3D" Version="10" Result="5374204"/><App Id="3E" Version="10" Result="9"/><App Id="3F" Version="10" Result="5373952"/><App Id="40" Version="10" Result="5379996"/><App Id="42" Version="10" Result="2004918626"/><App Id="43" Version="10" Result="5364444"/><App Id="44" Version="10" Result="5364592"/><App Id="45" Version="10" Result="1952"/><App Id="46" Version="10" Result="5373953"/><App Id="47" Version="10" Result="9"/><App Id="48" Version="10" Result="16"/><App Id="49" Version="10" Result="5381788"/><App Id="4A" Version="10" Result="5381876"/><App Id="4B" Version="10" Result="5364676"/><App Id="4D" Version="10" Result="5364528"/><App Id="4E" Version="10" Result="16898828"/><App Id="4F" Version="10" Result="-194488364"/><App Id="50" Version="10" Result="380"/><App Id="52" Version="10" Result="236"/><App Id="53" Version="10" Result="2"/><App Id="55" Version="10" Result="375166011"/><App Id="56" Version="10" Result="5364548"/><App Id="57" Version="10" Result="2004917116"/><App Id="58" Version="10" Result="5364676"/><App Id="59" Version="10" Result="5364592"/><App Id="5A" Version="10" Result="5364536"/><App Id="5B" Version="10" Result="5364528"/><App Id="5C" Version="10" Result="2004917506"/><App Id="5E" Version="10" Result="5364892"/><App Id="5F" Version="10" Result="5364776"/><App Id="60" Version="10" Result="2004917242"/><App Id="65" Version="10" Result="1952"/><App Id="66" Version="10" Result="5379996"/><App Id="67" Version="10" Result="2120802304"/><App Id="68" Version="10" Result="24"/><App Id="69" Version="10" Result="3"/><App Id="6B" Version="10" Result="2"/><App Id="6C" Version="10" Result="3"/><App Id="6D" Version="10" Result="2"/><App Id="6E" Version="10" Result="-194488364"/><App Id="6F" Version="10" Result="2120757248"/><App Id="70" Version="10" Result="1"/><App Id="71" Version="10" Result="375165975"/><App Id="73" Version="10" Result="5364740"/><App Id="74" Version="10" Result="2004915903"/><App Id="75" Version="10" Result="3"/><App Id="77" Version="10" Result="2"/><App Id="78" Version="10" Result="5364676"/><App Id="79" Version="10" Result="5364592"/><App Id="7A" Version="10" Result="5365232"/><App Id="7C" Version="10" Result="2004916000"/><App Id="7E" Version="10" Result="64"/><App Id="8E" Version="10" Result="5364828"/><App Id="90" Version="10" Result="5364824"/><App Id="93" Version="10" Result="1310738"/><App Id="94" Version="10" Result="13511848"/><App Id="97" Version="10" Result="2"/><App Id="9A" Version="10" Result="131072"/><App Id="9B" Version="10" Result="5364728"/><App Id="9C" Version="10" Result="5364728"/><App Id="9D" Version="10" Result="5364728"/><App Id="9E" Version="10" Result="2"/><App Id="9F" Version="10" Result="2"/><App Id="A1" Version="10" Result="375165679"/><App Id="A2" Version="10" Result="5365108"/><App Id="A3" Version="10" Result="5365232"/><App Id="A4" Version="10" Result="2004919741"/><App Id="A5" Version="10" Result="5364892"/><App Id="A7" Version="10" Result="44"/><App Id="A8" Version="10" Result="5366288"/><App Id="A9" Version="10" Result="13511848"/><App Id="AA" Version="10" Result="2004919855"/><App Id="AB" Version="10" Result="12792"/><App Id="AC" Version="10" Result="1310738"/><App Id="AD" Version="10" Result="13511848"/><App Id="B0" Version="10" Result="12910592"/><App Id="B5" Version="10" Result="5"/><App Id="B9" Version="10" Result="10"/><App Id="BA" Version="10" Result="8388608"/><App Id="BB" Version="10" Result="5364968"/><App Id="BC" Version="10" Result="2005189418"/><App Id="BD" Version="10" Result="12910592"/><App Id="BE" Version="10" Result="5365720"/><App Id="BF" Version="10" Result="-1073741809"/><App Id="C0" Version="10" Result="375165519"/><App Id="C1" Version="10" Result="5365720"/><App Id="C2" Version="10" Result="2097152"/><App Id="C3" Version="10" Result="5364936"/><App Id="C4" Version="10" Result="5364936"/><App Id="C5" Version="10" Result="5364936"/><App Id="C6" Version="10" Result="32"/><App Id="C7" Version="10" Result="32"/><App Id="C8" Version="10" Result="2005142096"/><App Id="D4" Version="10" Result="3145728"/><App Id="D5" Version="10" Result="13251424"/><App Id="D6" Version="10" Result="664"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="13251472"/><App Id="D9" Version="10" Result="13251424"/><App Id="DB" Version="10" Result="4194366"/><App Id="DC" Version="10" Result="13265120"/><App Id="DD" Version="10" Result="5365720"/><App Id="E3" Version="10" Result="1"/><App Id="E4" Version="10" Result="24"/><App Id="E6" Version="10" Result="5364936"/><App Id="E7" Version="10" Result="64"/><App Id="EE" Version="10" Result="2004917242"/><App Id="F0" Version="10" Result="1"/><App Id="F3" Version="10" Result="5366660"/><App Id="F4" Version="10" Result="5366288"/><App Id="F5" Version="10" Result="5366516"/><App Id="F6" Version="10" Result="5366244"/><App Id="FA" Version="10" Result="375165819"/><App Id="FB" Version="10" Result="5365832"/><App Id="FC" Version="10" Result="5365856"/><App Id="00" Version="11" Result="5365088"/><App Id="01" Version="11" Result="1"/><App Id="02" Version="11
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
N/A, hr = 0x80070424
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: TgAAAAEABAABAAEAAQACAAAADgABAAEAln00kwQJdl7u+27WuDMYqKIGEAL0AYqbVAJcT4aAhPhU2GSynk9kI6wUVGlOU+SKfiC+MxTu
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name OEMID Value OEMTableID Value
  MCFG   ALASKA  A M I
  FACP   ALASKA  A M I
  APIC   ALASKA  A M I
  IVRS   AMD  ANNAPURN
  HPET   ALASKA  A M I
  FPDT   ALASKA  A M I
  IFEU   ALASKA  A M I
  SSDT   AMD  ANNAPURN
  SSDT   AMD  ANNAPURN
  CRAT   AMD  ANNAPURN
  BGRT   ALASKA  A M I
 
 

Share this post


Link to post
Share on other sites

baruss, ok lets forget the OTL Fix, it was just to tidy up some left overs !! 

Java version 32-bit out of Date! You need to update this !!!

====================

 

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

 

========================

 

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

[url= https://adblockplus.org/en/firefox] adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

Share this post


Link to post
Share on other sites

I updated Java 32bit now, and I ran DelFix, however i did not copy the notepad it generated.

 

You said before you were not a big fan of Chrome. In your opinion what is the safest/best browser to use?

 

Thanks for everything Chuck..... 

Share this post


Link to post
Share on other sites

I myself use Firefox !

Does it seem to run any better after some cleaning that we done ? At least there were no viruses !

I would stay away from the BitTorrent downloads before you catch something we can't clean, then your computer would be a door stop ! I have seen this happen more than once !

I will lock this topic after 5 days but if you need it reopened just PM me or any Mod !!

Glad i could help !!

Happy Surfing !

Chuck

Share this post


Link to post
Share on other sites

You are welcome barcuss, feel free to let your friends know about our site & the help you received !!

Thanks

Chuck

 

Seems the computer is resolved of all issues !! This Topic is now locked !!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this