Sponsored By

Sign in to follow this  
Followers 0
flashh4

POP-up

8 posts in this topic

This is from my own computer that i use to remove Malware here at BT ! Somewhere i picked up a pop-up. Now to see what we find !

I am posting this to show that anyone can become infected even Malware Removal Specialist !!

 

This is the AdwCleaner log !!

# AdwCleaner v5.030 - Logfile created 19/01/2016 at 18:49:57
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : charles - BETTY
# Running from : C:\Users\charles\Downloads\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : VOTPrx

***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\VOTPrxOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\VOTPrxOff.ini

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VOTPrx.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0B7CB21B-2D13-4315-9E35-69742BF77530}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4087 bytes] ##########

Share this post


Link to post
Share on other sites

Hey ........ this is the Junkware Removal Tool log !!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by charles (Administrator) on Tue 01/19/2016 at 18:56:48.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 3

Failed to delete: C:\WINDOWS\system32\drivers\votw864.sys (File)
Successfully deleted: C:\WINDOWS\system32\VOTPrxOff.ini (File)
Successfully deleted: C:\WINDOWS\SysWOW64\VOTPrxOff.ini (File)

 

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\VOTw8 (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/19/2016 at 18:58:48.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Share this post


Link to post
Share on other sites

This is my Malwarebytes log !!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2016
Scan Time: 7:03 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.19.06
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: charles

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346089
Time Elapsed: 11 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 53
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.LSPLogic, Quarantined, [136f57e45d3c90a613194743d42ed030],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.LSPLogic, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.LSPLogic, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableHolder, Quarantined, [325063d84e4b48ee4ce1e6a457ab6f91],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableHolder, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableHolder, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableFields, Quarantined, [1c668caf7623c076170efa90649e8b75],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableFields, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableFields, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.ReadOnlyManager, Quarantined, [daa82813267352e4ff28aae032d07f81],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.ReadOnlyManager, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.ReadOnlyManager, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.WFPController, Quarantined, [a0e2d962623788aee2467713bf43ff01],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.WFPController, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.WFPController, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataController, Quarantined, [f38fad8e6a2f58dec8610882c83a4db3],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataController, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataController, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTable, Quarantined, [562cfc3f90099a9c80aa87035fa3e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTable, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTable, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataContainer, Quarantined, [641ea497dbbefe3850dbc9c1986a33cd],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataContainer, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataContainer, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8DCC92D3-78FC-EA7DB7F7-C0F58A4BBCCA}, Quarantined, [3a48b9823d5cb482138fbd1fe81c0ef2],
PUP.Optional.ArcadeCandy.WnskRST, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\VOTPrx, Quarantined, [730fe457c8d1c4721cd227fd0301639d],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\NowUSeeItPlayer, Quarantined, [88fa3902eeab5bdb3f8bed2cd52f7e82],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\nowuseeitplayer.com, Quarantined, [c3bf70cb702984b28da6909054b03bc5],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ui.nowuseeitplayer.com, Quarantined, [c0c2fd3e6336d66086ad75ab21e35da3],

Registry Values: 5
PUP.Optional.NowUSeeItPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NowUSeeItPlayer.exe, 11000, Quarantined, [3250fc3f02972610451176bb010306fa]
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb]
Adware.NowUSeeIt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb]
PUP.Optional.NowUSeeItPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [3a48a5967920de589d156666639f8d73]
PUP.Optional.NowUSeeItPlayer, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [3a48a5967920de589d156666639f8d73]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\locales, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\plugin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx, Quarantined, [3f430932c2d72c0a2ae8e7e4fc064ab6],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer, Quarantined, [3a48a5967920de589d156666639f8d73],

Files: 64
PUP.Optional.ArcadeTwist, C:\Windows\System32\drivers\VOTw864.sys, Delete-on-Reboot, [ea9875c60b8e71c5dcc6b02c0103b34d],
Trojan.Crypt, C:\Users\charles\AppData\Local\Temp\j8mdxE\2bdfm91.dll, Quarantined, [87fb93a83d5cc86e5129fba35fa2946c],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\Temp\j8mdxE\141\atw_stub_tightrope_4.exe, Quarantined, [e49e1b20b5e4de58554da636ee16fc04],
PUP.Optional.OneSystemCare, C:\Users\charles\AppData\Local\Temp\j8mdxE\143\OneSystemCare.exe, Quarantined, [057da794f3a69f97c64cd3f9ca373fc1],
PUP.Optional.OpenCandy, C:\Users\charles\Downloads\DoNotSpy10-1.0.0.2-Setup(1).exe, Quarantined, [dba7ed4ef6a3be785b28f63245bd956b],
PUP.Optional.OpenCandy, C:\Users\charles\Downloads\DoNotSpy10-1.0.0.2-Setup.exe, Quarantined, [86fc9ba01a7f5adcb3d09494ad55e719],
PUP.Optional.InstallCore, C:\Users\charles\Downloads\safari-for-mac-and-windows.exe, Quarantined, [384a78c38415e353f1e872de0ef3619f],
PUP.Optional.InstallCore, C:\Users\charles\Downloads\Mozilla_Firefox_setup.exe, Quarantined, [037f8ead7029e84ecb76726c45bfb44c],
PUP.Optional.DownloadGuide, C:\Users\charles\Downloads\multiplyroi_free-photo-viewer-16679631.exe, Quarantined, [e49e8caf1089e4528fe0933d659c45bb],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\freebl3.dll, Quarantined, [562c86b508919c9aced4cc10b54f8d73],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libnspr4.dll, Quarantined, [89f9e457c4d56ccaa9f9b62631d3d52b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libplc4.dll, Quarantined, [e1a193a81b7e80b6f0b238a4ab59c53b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libplds4.dll, Quarantined, [226092a9980148eeb4ee3aa2b94b956b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nss3.dll, Quarantined, [3b4756e5a1f894a20e94cc107d87827e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssckbi.dll, Quarantined, [2c563efdc4d53df9a5fd0ece5da731cf],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssdbm3.dll, Quarantined, [6f13e05badec48eebfe305d746bef808],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssutil3.dll, Quarantined, [96ece8536d2c9d994260a438a95b748c],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\smime3.dll, Quarantined, [1d651229a1f891a5990934a8b94bae52],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\softokn3.dll, Quarantined, [abd7d5664c4ddb5b930f7d5f7193857b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\sqlite3.dll, Quarantined, [176ba299cccdcf67faa8c21ac04433cd],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\ssl3.dll, Quarantined, [9be7f34839602313445ee9f3ce3640c0],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTCerInst.dll, Quarantined, [5e242b10fe9b3ef83b673aa2e0241be5],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstW8.exe, Quarantined, [f88a8daec0d90d297131efedc143e21e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP.exe, Quarantined, [532f07342772d561dcc65983c93b51af],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP64.exe, Quarantined, [b7cbd16a3d5c082e356d53892ada10f0],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.dll, Quarantined, [fc860b308c0d5cda8919588450b45aa6],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.exe, Quarantined, [344eea51c8d1c86e336febf1e024c53b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx64.dll, Quarantined, [552d13283069f73f19895884bb498d73],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTw8.sys, Quarantined, [5f23b883dfba89ad732f835955afbc44],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTw864.sys, Quarantined, [235f9f9c8316280ef9a9d705b94b23dd],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exabolish.exe, Quarantined, [3a48b9823d5cb482138fbd1fe81c0ef2],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Excopy.exe, Quarantined, [354df645bedb22148c168f4d45bf38c8],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exexplore.exe, Quarantined, [384a83b8a8f1ef475949ffddc63ec23e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exverify.dll, Quarantined, [760c4deea0f9bb7b069ca339ad576799],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.tlb, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\PCProxy.tlb, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP.ini, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Windows\Temp\VOTPrx.log, Quarantined, [285ad16a7722d660074834df71938977],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\Temp\VOTPrxr.log, Quarantined, [a4deee4df7a2fb3bbd9355befd078f71],
PUP.Optional.Winsock.WnskRST, C:\Windows\Temp\VOTPrxr.log, Quarantined, [3e447bc02a6ff343430d997a778d52ae],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\NowUSeeItPlayer.dat, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_100_percent.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_200_percent.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_extensions.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\component_extension_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\content_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\d3dcompiler_47.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\icudtl.dat, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libcef.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libEGL.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libGLESv2.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\natives_blob.bin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\NowUSeeItPlayerBrowser.exe, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\snapshot_blob.bin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\widevinecdm.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\widevinecdmadapter.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\locales\en-US.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\plugin\pepflashplayer32_19_0_0_226.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx\VOTPrx.ini, Quarantined, [3f430932c2d72c0a2ae8e7e4fc064ab6],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.dll, Quarantined, [3a48a5967920de589d156666639f8d73],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe, Quarantined, [3a48a5967920de589d156666639f8d73],

Physical Sectors: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Now the OTL scan log !!

 

OTL logfile created on: 1/19/2016 7:37:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\charles\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.69 Gb Total Physical Memory | 14.03 Gb Available Physical Memory | 89.45% Memory free
18.06 Gb Paging File | 16.34 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.73 Gb Total Space | 869.04 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive D: | 15.87 Gb Total Space | 1.99 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
 
Computer Name: BETTY | User Name: charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2016/01/19 19:37:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\charles\Downloads\OTL.scr
PRC - [2016/01/06 15:01:51 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/12/17 07:15:04 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2015/11/30 03:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/06/23 09:39:28 | 000,060,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/17 07:15:04 | 021,845,504 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2015/12/17 07:15:04 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2015/12/17 07:15:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/01/04 18:49:33 | 000,749,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/01/04 18:43:47 | 000,912,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/12/06 21:15:40 | 001,035,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/12/06 21:04:20 | 000,066,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/12/06 21:00:52 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/12/06 20:56:18 | 000,607,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/12/03 17:05:18 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/12/03 17:05:08 | 001,223,168 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/12/03 17:05:08 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/12/03 17:05:08 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/12/03 17:05:07 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/12/03 17:05:07 | 000,087,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2015/10/30 00:19:28 | 001,073,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/10/30 00:19:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/10/30 00:19:26 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/10/30 00:19:26 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/10/30 00:18:46 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/10/30 00:18:43 | 001,872,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/10/30 00:18:41 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/30 00:18:19 | 001,297,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/10/30 00:18:18 | 000,729,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/10/30 00:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/10/30 00:18:03 | 001,613,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/10/30 00:18:01 | 001,491,456 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 001,130,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/10/30 00:18:01 | 000,649,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,587,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/10/30 00:18:01 | 000,490,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/10/30 00:18:01 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/10/30 00:18:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/10/30 00:18:01 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/10/30 00:17:59 | 002,745,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/10/30 00:17:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/10/30 00:17:59 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/10/30 00:17:58 | 000,764,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/10/30 00:17:58 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/10/30 00:17:54 | 003,449,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/10/30 00:17:54 | 001,090,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/10/30 00:17:54 | 000,360,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/10/30 00:17:53 | 002,058,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/10/30 00:17:53 | 000,846,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/10/30 00:17:53 | 000,625,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/10/30 00:17:53 | 000,361,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/10/30 00:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/10/30 00:17:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/10/30 00:17:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/10/30 00:17:52 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/10/30 00:17:51 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/10/30 00:17:50 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/10/30 00:17:50 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2b9756d)
SRV:64bit: - [2015/10/30 00:17:48 | 000,444,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/10/30 00:17:48 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/10/30 00:17:47 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/10/30 00:17:46 | 000,290,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2015/10/30 00:17:46 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/10/30 00:17:46 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/10/30 00:17:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/10/30 00:17:45 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 002,156,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 000,278,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/10/30 00:17:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2015/10/30 00:17:40 | 000,590,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/10/30 00:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/10/30 00:17:37 | 000,380,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/10/30 00:17:37 | 000,364,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/10/30 00:17:37 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/10/30 00:17:37 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/10/30 00:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/10/30 00:17:18 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015/07/13 19:24:52 | 000,263,232 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/06/24 21:57:00 | 000,303,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2016/01/19 18:27:28 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/06 15:01:50 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/12/03 17:05:08 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/11/30 03:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/10/30 00:18:31 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:18:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:18:29 | 000,461,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:18:23 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/10/30 00:18:21 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/23 09:39:28 | 000,060,432 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/03 17:05:07 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/12/03 17:05:07 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/12/03 07:35:58 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (lvrs64)
DRV:64bit: - [2015/12/03 07:35:34 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2015/10/30 02:07:05 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/10/30 02:06:56 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/10/30 00:19:39 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/10/30 00:18:42 | 000,052,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/10/30 00:18:09 | 000,930,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/10/30 00:18:09 | 000,385,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/10/30 00:18:08 | 000,218,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/10/30 00:18:03 | 000,200,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/10/30 00:18:03 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/10/30 00:18:03 | 000,078,848 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/10/30 00:18:03 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/10/30 00:18:03 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/10/30 00:18:03 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/10/30 00:18:03 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/10/30 00:18:01 | 000,154,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/10/30 00:17:57 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/10/30 00:17:52 | 000,254,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/10/30 00:17:52 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/10/30 00:17:52 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/10/30 00:17:52 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/10/30 00:17:51 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/10/30 00:17:51 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/10/30 00:17:51 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/10/30 00:17:51 | 000,074,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/10/30 00:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/10/30 00:17:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/10/30 00:17:46 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/10/30 00:17:46 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/10/30 00:17:42 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/10/30 00:17:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/10/30 00:17:40 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/10/30 00:17:39 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/10/30 00:17:37 | 000,293,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/10/30 00:17:37 | 000,209,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/10/30 00:17:37 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/10/30 00:17:37 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/10/30 00:17:37 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/10/30 00:17:37 | 000,099,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/10/30 00:17:37 | 000,087,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/10/30 00:17:37 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2015/10/30 00:17:37 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/10/30 00:17:37 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/10/30 00:17:37 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/10/30 00:17:26 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/10/30 00:17:25 | 000,046,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/10/30 00:17:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/10/30 00:17:25 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/10/30 00:17:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/10/30 00:17:25 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/10/30 00:17:23 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/10/30 00:17:23 | 000,534,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/30 00:17:23 | 000,532,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/10/30 00:17:23 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/10/30 00:17:23 | 000,378,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/10/30 00:17:23 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/10/30 00:17:23 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/10/30 00:17:23 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/10/30 00:17:23 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/10/30 00:17:23 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/10/30 00:17:23 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/10/30 00:17:23 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/10/30 00:17:23 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/10/30 00:17:23 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/10/30 00:17:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/10/30 00:17:23 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/10/30 00:17:23 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/10/30 00:17:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/10/30 00:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/10/30 00:17:23 | 000,034,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/10/30 00:17:23 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/10/30 00:17:23 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/10/30 00:17:22 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/10/30 00:17:22 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/10/30 00:17:22 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/10/30 00:17:22 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/10/30 00:17:22 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/10/30 00:17:22 | 000,238,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/10/30 00:17:22 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/10/30 00:17:22 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/10/30 00:17:22 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/10/30 00:17:22 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/10/30 00:17:22 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/10/30 00:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/10/30 00:17:22 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/10/30 00:17:22 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/10/30 00:17:22 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/10/30 00:17:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/10/30 00:17:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/10/30 00:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/10/30 00:17:22 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/10/30 00:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/10/30 00:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2015/10/30 00:17:18 | 000,277,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/10/30 00:17:18 | 000,165,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2015/10/30 00:17:18 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/10/30 00:17:18 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/10/30 00:17:18 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2015/10/30 00:17:18 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/10/30 00:17:18 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/10/30 00:17:18 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/10/30 00:17:18 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/10/30 00:17:18 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/10/30 00:17:18 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/10/30 00:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/10/30 00:17:18 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/10/30 00:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/10/30 00:17:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/10/30 00:17:18 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/10/30 00:17:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/10/29 21:51:28 | 004,629,744 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2015/10/29 21:50:56 | 000,896,752 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/10 13:24:04 | 000,095,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2015/07/13 19:24:54 | 021,637,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/07/13 19:24:52 | 000,682,056 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/06/23 09:39:28 | 000,277,240 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdpsp.sys -- (amdpsp)
DRV:64bit: - [2015/06/23 09:39:28 | 000,101,104 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdkmcsp.sys -- (amdkmcsp)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/06/16 20:53:26 | 000,036,608 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2013/07/18 16:00:04 | 000,083,224 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2015/10/30 00:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = C4 73 65 E6 06 32 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 13 00 00 00 78 2A D5 92 33 8B 22 16 88 E3 29 8A DE EE A9 1C D3 7D EA 02 00 00 00 0E 00 00 00 4E 4E 64 72 68 74 54 43 74 58 38 25 33 64  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.cohort: "search"
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=U143&ocid=U143DHP&osmkt=en-us"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\charles\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Users\charles\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/12/03 07:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Extensions
[2016/01/19 10:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions
[2016/01/19 10:41:28 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/01/06 15:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/06 15:01:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015/12/03 07:44:18 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BingSvc] C:\Users\charles\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [OneDrive] C:\Users\charles\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8245ee03-771d-4049-b3fd-e208d0a19285}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/01/19 19:02:38 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/19 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/19 19:02:12 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2016/01/19 19:02:12 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2016/01/19 19:02:12 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2016/01/19 19:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/01/19 19:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/19 18:48:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/19 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\CEF
[2016/01/19 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\f3d1e640-6a17-0
[2016/01/19 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\f3d1e640-0a51-1
[2016/01/19 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\ExprCanv5
[2016/01/13 10:42:25 | 016,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/01/13 10:42:24 | 013,018,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/01/13 10:42:19 | 003,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/01/13 10:42:19 | 002,544,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/01/13 10:42:19 | 002,180,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/01/13 10:42:18 | 022,393,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/01/13 10:42:16 | 002,796,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/01/13 10:42:15 | 018,677,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/01/13 10:42:12 | 001,299,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2016/01/13 10:42:12 | 001,118,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/01/13 10:42:11 | 007,477,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/01/13 10:42:10 | 007,826,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/01/13 10:42:10 | 000,569,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll
[2016/01/13 10:42:09 | 000,912,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2016/01/13 10:42:09 | 000,808,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2016/01/13 10:42:09 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll
[2016/01/13 10:42:08 | 005,660,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/01/13 10:42:08 | 000,703,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2016/01/13 10:42:08 | 000,245,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2016/01/13 10:42:08 | 000,116,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfps.dll
[2016/01/13 10:42:07 | 004,894,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/01/13 10:42:07 | 000,786,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMADMOD.DLL
[2016/01/13 10:42:06 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOD.DLL
[2016/01/13 10:42:06 | 000,858,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2016/01/13 10:42:06 | 000,796,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/01/13 10:42:06 | 000,701,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/01/13 10:42:06 | 000,695,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMADMOD.DLL
[2016/01/13 10:42:06 | 000,638,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/01/13 10:42:05 | 001,674,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2016/01/13 10:42:05 | 000,785,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\evr.dll
[2016/01/13 10:42:05 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2016/01/13 10:42:04 | 000,890,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
[2016/01/13 10:42:04 | 000,848,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/01/13 10:42:04 | 000,713,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/01/13 10:42:04 | 000,513,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/01/13 10:42:03 | 001,804,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMALFXGFXDSP.dll
[2016/01/13 10:42:03 | 001,594,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2016/01/13 10:42:03 | 000,709,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/01/13 10:42:03 | 000,671,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\advapi32.dll
[2016/01/13 10:42:03 | 000,652,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\evr.dll
[2016/01/13 10:42:03 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/01/13 10:42:02 | 001,542,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2016/01/13 10:42:02 | 001,309,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/01/13 10:42:02 | 000,644,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2016/01/13 10:42:02 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/01/13 10:42:02 | 000,584,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/01/13 10:42:01 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOE.DLL
[2016/01/13 10:42:01 | 001,173,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/01/13 10:42:01 | 000,749,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneService.dll
[2016/01/13 10:42:01 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/01/13 10:42:01 | 000,234,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mftranscode.dll
[2016/01/13 10:42:01 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/01/13 10:42:01 | 000,208,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mftranscode.dll
[2016/01/13 10:42:01 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP3DMOD.DLL
[2016/01/13 10:42:00 | 001,317,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/01/13 10:42:00 | 001,141,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/01/13 10:42:00 | 000,678,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2016/01/13 10:42:00 | 000,558,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2016/01/13 10:42:00 | 000,119,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP3DMOD.DLL
[2016/01/13 10:42:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgrcli.dll
[2016/01/13 10:41:59 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2016/01/13 10:41:59 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityCommon.dll
[2016/01/13 10:41:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshom.ocx
[2016/01/13 10:41:59 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmclient.exe
[2016/01/13 10:41:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll
[2016/01/13 10:41:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usermgrcli.dll
[2016/01/13 10:41:58 | 001,070,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
[2016/01/13 10:41:58 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DscCore.dll
[2016/01/13 10:41:58 | 000,305,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ksproxy.ax
[2016/01/13 10:41:58 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2016/01/13 10:41:58 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ksproxy.ax
[2016/01/13 10:41:58 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshom.ocx
[2016/01/13 10:41:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMSRoamingSecurity.dll
[2016/01/13 10:41:57 | 001,582,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2016/01/13 10:41:57 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/01/13 10:41:57 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2016/01/13 10:41:57 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/01/13 10:41:57 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/01/06 15:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/12/25 09:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/01/19 19:39:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ClutterSto833.job
[2016/01/19 19:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/01/19 19:22:57 | 000,879,220 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/01/19 19:22:57 | 000,743,336 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/01/19 19:22:57 | 000,138,962 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/01/19 19:20:37 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/01/19 19:19:31 | 000,496,879 | ---- | M] () -- C:\WINDOWS\SysWow64\rootpa.e2e
[2016/01/19 19:19:26 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/19 19:18:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/01/19 19:18:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\lvuvc.hs
[2016/01/19 19:18:28 | 2441,895,935 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/19 19:18:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2016/01/19 19:02:22 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/19 18:31:41 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\CellulPow956.job
[2016/01/18 16:34:33 | 000,000,824 | ---- | M] () -- C:\Users\charles\Desktop\Dave Ramsey.rtf
[2016/01/18 07:28:11 | 000,001,171 | ---- | M] () -- C:\Users\charles\Desktop\KeePass.lnk
[2016/01/04 19:51:20 | 007,477,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/01/04 19:51:19 | 001,317,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/01/04 19:51:19 | 001,141,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/01/04 19:50:53 | 000,713,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/01/04 19:50:44 | 001,173,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/01/04 19:50:11 | 000,671,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\advapi32.dll
[2016/01/04 19:49:06 | 000,513,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/01/04 19:37:53 | 002,544,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/01/04 19:37:52 | 001,299,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2016/01/04 19:37:52 | 000,858,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2016/01/04 19:37:52 | 000,848,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/01/04 19:37:51 | 000,785,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\evr.dll
[2016/01/04 19:37:50 | 000,245,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2016/01/04 19:37:47 | 000,234,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mftranscode.dll
[2016/01/04 19:36:37 | 000,808,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2016/01/04 19:33:24 | 002,180,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/01/04 19:33:19 | 001,118,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/01/04 19:33:18 | 000,701,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/01/04 19:33:18 | 000,652,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\evr.dll
[2016/01/04 19:33:17 | 000,709,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/01/04 19:33:17 | 000,208,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mftranscode.dll
[2016/01/04 19:33:16 | 000,116,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfps.dll
[2016/01/04 19:31:38 | 000,703,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2016/01/04 19:27:02 | 001,594,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2016/01/04 19:24:13 | 000,796,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/01/04 19:23:42 | 001,309,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/01/04 19:23:32 | 000,786,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMADMOD.DLL
[2016/01/04 19:23:12 | 001,804,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMALFXGFXDSP.dll
[2016/01/04 19:23:10 | 000,119,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP3DMOD.DLL
[2016/01/04 19:17:18 | 000,695,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMADMOD.DLL
[2016/01/04 19:16:58 | 000,100,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP3DMOD.DLL
[2016/01/04 18:59:10 | 022,393,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/01/04 18:57:09 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMSRoamingSecurity.dll
[2016/01/04 18:57:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgrcli.dll
[2016/01/04 18:57:00 | 016,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/01/04 18:56:09 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmclient.exe
[2016/01/04 18:54:30 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/01/04 18:53:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshom.ocx
[2016/01/04 18:52:39 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/01/04 18:51:51 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DscCore.dll
[2016/01/04 18:51:09 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2016/01/04 18:50:20 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/01/04 18:50:17 | 000,638,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/01/04 18:50:14 | 000,644,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2016/01/04 18:49:34 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOE.DLL
[2016/01/04 18:49:33 | 000,749,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneService.dll
[2016/01/04 18:49:30 | 000,764,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/01/04 18:49:25 | 001,582,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2016/01/04 18:49:16 | 013,018,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/01/04 18:49:15 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityCommon.dll
[2016/01/04 18:48:52 | 001,009,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOD.DLL
[2016/01/04 18:48:14 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usermgrcli.dll
[2016/01/04 18:48:02 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll
[2016/01/04 18:47:41 | 000,305,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ksproxy.ax
[2016/01/04 18:47:25 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/01/04 18:45:22 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2016/01/04 18:45:17 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2016/01/04 18:44:16 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshom.ocx
[2016/01/04 18:43:59 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2016/01/04 18:43:47 | 000,912,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2016/01/04 18:43:38 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/01/04 18:42:34 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/01/04 18:41:55 | 018,677,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/01/04 18:41:45 | 000,558,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2016/01/04 18:41:00 | 001,070,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
[2016/01/04 18:40:48 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll
[2016/01/04 18:40:28 | 000,890,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
[2016/01/04 18:39:45 | 000,569,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll
[2016/01/04 18:39:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ksproxy.ax
[2016/01/04 18:39:26 | 003,428,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/01/04 18:39:12 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/01/04 18:36:38 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2016/01/04 18:33:02 | 001,674,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2016/01/04 18:30:15 | 002,796,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/01/04 18:28:41 | 004,894,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/01/04 18:28:32 | 001,542,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2016/01/04 18:28:31 | 007,826,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/01/04 18:25:44 | 005,660,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/01/02 18:40:25 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/01/02 18:40:25 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/12/26 07:00:45 | 000,010,043 | ---- | M] () -- C:\Users\charles\Desktop\Windows 10 Info.rtf
[2015/12/25 19:05:39 | 000,004,931 | ---- | M] () -- C:\Users\charles\Desktop\Phone Numbers.rtf
[2015/12/25 09:40:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/01/19 19:02:22 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/19 15:07:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\CellulPow956.job
[2016/01/19 15:07:36 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ClutterSto833.job
[2016/01/18 09:08:15 | 000,000,824 | ---- | C] () -- C:\Users\charles\Desktop\Dave Ramsey.rtf
[2015/12/25 09:40:14 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/12/03 17:05:08 | 001,859,448 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/12/03 16:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/03 16:17:13 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/03 07:35:33 | 000,103,272 | ---- | C] () -- C:\WINDOWS\SysWow64\LogiDPPApp.exe
[2015/12/03 07:35:32 | 010,919,784 | ---- | C] () -- C:\WINDOWS\SysWow64\LogiDPP.dll
[2015/12/03 07:35:32 | 000,336,232 | ---- | C] () -- C:\WINDOWS\SysWow64\DevManagerCore.dll
[2015/10/30 00:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/10/30 00:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/10/30 00:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/10/30 00:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/10/30 00:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/10/30 00:18:34 | 000,157,696 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/10/30 00:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015/10/30 00:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 00:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/10/30 00:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/10/30 00:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/10/30 00:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 00:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 00:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 00:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/07/13 19:24:54 | 000,119,880 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/07/13 19:24:52 | 000,161,352 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/07/13 19:24:50 | 001,012,824 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/07/13 19:24:50 | 000,816,216 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/07/13 19:24:48 | 000,207,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/07/13 19:24:48 | 000,140,864 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/07/13 17:05:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/13 17:05:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/06/23 09:33:20 | 000,002,473 | ---- | C] () -- C:\WINDOWS\SysWow64\tbaseprovisioning.exe.config
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/10/30 00:17:59 | 006,601,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/10/30 00:18:31 | 005,237,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 00:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 00:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/12/03 08:23:33 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\KeePass
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\charles\OneDrive:ms-properties

< End of report >

 

Share this post


Link to post
Share on other sites

Running this OTL fix !!

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll File not found
[2015/12/03 07:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Extensions
[2016/01/19 10:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions
[2016/01/19 10:41:28 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/01/06 15:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O4 - HKCU..\RunOnce: [Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

Share this post


Link to post
Share on other sites

Ran the OTL fix log !!

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\charles\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions folder moved successfully.
File C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: charles
->Java cache emptied: 3082665 bytes
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Public
 
Total Java Files Cleaned = 3.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: charles
->Flash cache emptied: 12788 bytes
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: charles
->Temp folder emptied: 262160016 bytes
->Temporary Internet Files folder emptied: 41633966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 370045684 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
%systemdrive% .tmp files removed: 146323 bytes
%systemroot% .tmp files removed: 375296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13666939 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 656.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01192016_200248

Files\Folders moved on Reboot...
File move failed. C:\Users\charles\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Share this post


Link to post
Share on other sites

Ran the Delfix to remove all tools/programs and their logs 111

 

NOW REMEMBER PEOPLE WHO READ THIS THERE IS MORE SCRIPT ADDED TO SOME SCANS TO REMOVE OTHER STUFF !! SO DO NOT USE THIS AS A GUIDE TO CLEAN YOUR COMPUTER> IF YOU FEEL YOU NEED CLEANING PLEASE CONTACT ME BEFORE RUNNING THESE SCANS !!

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0