[Help Removing Malware]

Seems to be running great now, thanks for all your help.

 

Feel free to go ahead and lock the topic.

[Help Removing Malware]

I updated Java 32bit now, and I ran DelFix, however i did not copy the notepad it generated.

 

You said before you were not a big fan of Chrome. In your opinion what is the safest/best browser to use?

 

Thanks for everything Chuck..... 

[Help Removing Malware]

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation unsupported OS
Validation Code: 6
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-DKB77-7M9GH-8HVX7
Windows Product Key Hash: LVfmE2BrV36Gw1iwVgO5ouTh5Gk=
Windows Product ID: 00326-10000-00000-AA954
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: N/A, hr=0x8007007a
ID: {6177DF18-D158-4C84-9733-49CC7889C4EA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 10 Home
Architecture: 0x00000009
Build lab: 10240.th1_st1.151104-1714
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

 

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

 

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics:

 

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\licdll.dll[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80070002]

 

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6177DF18-D158-4C84-9733-49CC7889C4EA}</UGUID><Version>1.9.0027.0</Version><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-8HVX7</PKey><PID>00326-10000-00000-AA954</PID><PIDType>0</PIDType><SID>S-1-5-21-125191153-927833046-2172898461</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>FB</Version><SMBIOSVersion major="2" minor="7"/><Date>20131029000000.000000+000</Date></BIOS><HWID>4CE93207018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="01" Version="10" Result="32"/><App Id="02" Version="10" Result="13251092"/><App Id="03" Version="10" Result="33554431"/><App Id="04" Version="10" Result="4590968"/><App Id="05" Version="10" Result="13251064"/><App Id="06" Version="10" Result="4587520"/><App Id="07" Version="10" Result="3"/><App Id="08" Version="10" Result="5364180"/><App Id="09" Version="10" Result="2004933080"/><App Id="0A" Version="10" Result="72"/><App Id="0C" Version="10" Result="5364936"/><App Id="0E" Version="10" Result="34078782"/><App Id="0F" Version="10" Result="5364296"/><App Id="10" Version="10" Result="80"/><App Id="12" Version="10" Result="2"/><App Id="14" Version="10" Result="10"/><App Id="16" Version="10" Result="13251424"/><App Id="17" Version="10" Result="5364196"/><App Id="18" Version="10" Result="2004932840"/><App Id="19" Version="10" Result="5364936"/><App Id="1A" Version="10" Result="62"/><App Id="1B" Version="10" Result="5364824"/><App Id="1C" Version="10" Result="2004921052"/><App Id="1D" Version="10" Result="13251432"/><App Id="1E" Version="10" Result="5364296"/><App Id="1F" Version="10" Result="62"/><App Id="20" Version="10" Result="5365720"/><App Id="21" Version="10" Result="13265120"/><App Id="22" Version="10" Result="2004921187"/><App Id="24" Version="10" Result="5364296"/><App Id="25" Version="10" Result="2004696148"/><App Id="26" Version="10" Result="65536"/><App Id="28" Version="10" Result="34078782"/><App Id="29" Version="10" Result="5364296"/><App Id="2A" Version="10" Result="5308478"/><App Id="2B" Version="10" Result="8"/><App Id="2D" Version="10" Result="13251432"/><App Id="30" Version="10" Result="5364316"/><App Id="31" Version="10" Result="2005131045"/><App Id="32" Version="10" Result="5364404"/><App Id="33" Version="10" Result="5442400"/><App Id="34" Version="10" Result="5364528"/><App Id="35" Version="10" Result="5442376"/><App Id="36" Version="10" Result="5442332"/><App Id="37" Version="10" Result="5442376"/><App Id="39" Version="10" Result="5364432"/><App Id="3A" Version="10" Result="5364356"/><App Id="3B" Version="10" Result="2005130990"/><App Id="3C" Version="10" Result="5364420"/><App Id="3D" Version="10" Result="5374204"/><App Id="3E" Version="10" Result="9"/><App Id="3F" Version="10" Result="5373952"/><App Id="40" Version="10" Result="5379996"/><App Id="42" Version="10" Result="2004918626"/><App Id="43" Version="10" Result="5364444"/><App Id="44" Version="10" Result="5364592"/><App Id="45" Version="10" Result="1952"/><App Id="46" Version="10" Result="5373953"/><App Id="47" Version="10" Result="9"/><App Id="48" Version="10" Result="16"/><App Id="49" Version="10" Result="5381788"/><App Id="4A" Version="10" Result="5381876"/><App Id="4B" Version="10" Result="5364676"/><App Id="4D" Version="10" Result="5364528"/><App Id="4E" Version="10" Result="16898828"/><App Id="4F" Version="10" Result="-194488364"/><App Id="50" Version="10" Result="380"/><App Id="52" Version="10" Result="236"/><App Id="53" Version="10" Result="2"/><App Id="55" Version="10" Result="375166011"/><App Id="56" Version="10" Result="5364548"/><App Id="57" Version="10" Result="2004917116"/><App Id="58" Version="10" Result="5364676"/><App Id="59" Version="10" Result="5364592"/><App Id="5A" Version="10" Result="5364536"/><App Id="5B" Version="10" Result="5364528"/><App Id="5C" Version="10" Result="2004917506"/><App Id="5E" Version="10" Result="5364892"/><App Id="5F" Version="10" Result="5364776"/><App Id="60" Version="10" Result="2004917242"/><App Id="65" Version="10" Result="1952"/><App Id="66" Version="10" Result="5379996"/><App Id="67" Version="10" Result="2120802304"/><App Id="68" Version="10" Result="24"/><App Id="69" Version="10" Result="3"/><App Id="6B" Version="10" Result="2"/><App Id="6C" Version="10" Result="3"/><App Id="6D" Version="10" Result="2"/><App Id="6E" Version="10" Result="-194488364"/><App Id="6F" Version="10" Result="2120757248"/><App Id="70" Version="10" Result="1"/><App Id="71" Version="10" Result="375165975"/><App Id="73" Version="10" Result="5364740"/><App Id="74" Version="10" Result="2004915903"/><App Id="75" Version="10" Result="3"/><App Id="77" Version="10" Result="2"/><App Id="78" Version="10" Result="5364676"/><App Id="79" Version="10" Result="5364592"/><App Id="7A" Version="10" Result="5365232"/><App Id="7C" Version="10" Result="2004916000"/><App Id="7E" Version="10" Result="64"/><App Id="8E" Version="10" Result="5364828"/><App Id="90" Version="10" Result="5364824"/><App Id="93" Version="10" Result="1310738"/><App Id="94" Version="10" Result="13511848"/><App Id="97" Version="10" Result="2"/><App Id="9A" Version="10" Result="131072"/><App Id="9B" Version="10" Result="5364728"/><App Id="9C" Version="10" Result="5364728"/><App Id="9D" Version="10" Result="5364728"/><App Id="9E" Version="10" Result="2"/><App Id="9F" Version="10" Result="2"/><App Id="A1" Version="10" Result="375165679"/><App Id="A2" Version="10" Result="5365108"/><App Id="A3" Version="10" Result="5365232"/><App Id="A4" Version="10" Result="2004919741"/><App Id="A5" Version="10" Result="5364892"/><App Id="A7" Version="10" Result="44"/><App Id="A8" Version="10" Result="5366288"/><App Id="A9" Version="10" Result="13511848"/><App Id="AA" Version="10" Result="2004919855"/><App Id="AB" Version="10" Result="12792"/><App Id="AC" Version="10" Result="1310738"/><App Id="AD" Version="10" Result="13511848"/><App Id="B0" Version="10" Result="12910592"/><App Id="B5" Version="10" Result="5"/><App Id="B9" Version="10" Result="10"/><App Id="BA" Version="10" Result="8388608"/><App Id="BB" Version="10" Result="5364968"/><App Id="BC" Version="10" Result="2005189418"/><App Id="BD" Version="10" Result="12910592"/><App Id="BE" Version="10" Result="5365720"/><App Id="BF" Version="10" Result="-1073741809"/><App Id="C0" Version="10" Result="375165519"/><App Id="C1" Version="10" Result="5365720"/><App Id="C2" Version="10" Result="2097152"/><App Id="C3" Version="10" Result="5364936"/><App Id="C4" Version="10" Result="5364936"/><App Id="C5" Version="10" Result="5364936"/><App Id="C6" Version="10" Result="32"/><App Id="C7" Version="10" Result="32"/><App Id="C8" Version="10" Result="2005142096"/><App Id="D4" Version="10" Result="3145728"/><App Id="D5" Version="10" Result="13251424"/><App Id="D6" Version="10" Result="664"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="13251472"/><App Id="D9" Version="10" Result="13251424"/><App Id="DB" Version="10" Result="4194366"/><App Id="DC" Version="10" Result="13265120"/><App Id="DD" Version="10" Result="5365720"/><App Id="E3" Version="10" Result="1"/><App Id="E4" Version="10" Result="24"/><App Id="E6" Version="10" Result="5364936"/><App Id="E7" Version="10" Result="64"/><App Id="EE" Version="10" Result="2004917242"/><App Id="F0" Version="10" Result="1"/><App Id="F3" Version="10" Result="5366660"/><App Id="F4" Version="10" Result="5366288"/><App Id="F5" Version="10" Result="5366516"/><App Id="F6" Version="10" Result="5366244"/><App Id="FA" Version="10" Result="375165819"/><App Id="FB" Version="10" Result="5365832"/><App Id="FC" Version="10" Result="5365856"/><App Id="00" Version="11" Result="5365088"/><App Id="01" Version="11" Result="1"/><App Id="02" Version="11

 

Spsys.log Content: 0x80070002

 

Licensing Data-->
N/A, hr = 0x80070424

 

Windows Activation Technologies-->
N/A

 

HWID Data-->
HWID Hash Current: TgAAAAEABAABAAEAAQACAAAADgABAAEAln00kwQJdl7u+27WuDMYqKIGEAL0AYqbVAJcT4aAhPhU2GSynk9kI6wUVGlOU+SKfiC+MxTu

 

OEM Activation 1.0 Data-->
N/A

 

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name OEMID Value OEMTableID Value
  MCFG   ALASKA  A M I
  FACP   ALASKA  A M I
  APIC   ALASKA  A M I
  IVRS   AMD  ANNAPURN
  HPET   ALASKA  A M I
  FPDT   ALASKA  A M I
  IFEU   ALASKA  A M I
  SSDT   AMD  ANNAPURN
  SSDT   AMD  ANNAPURN
  CRAT   AMD  ANNAPURN
  BGRT   ALASKA  A M I

 

 

[Help Removing Malware]

 Results of screen317's Security Check version 1.009 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp  
 Java 8 Update 65 
 Java version 32-bit out of Date!
 Adobe Flash Player  20.0.0.235 
 Mozilla Firefox (42.0)
 Google Chrome (47.0.2526.73)
 Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe  
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

[Help Removing Malware]

Still have the same result. Starts working for a few seconds and then Not Responding pops up.

[Help Removing Malware]

Ok, so sorry to hear about your friend....

 

Do I need to wait for you to create a  new script for me to copy and past since we are using IE now?

[Help Removing Malware]

ok, I have reinstalled OTl and re-run the scan using IE.

 

Question, after I run the scan am I supposed to click the Cleanup? I did not click Cleanup last time.

Or when you give me the script do I just paste it and Run Fix?

[Help Removing Malware]

OTL Extras logfile created on: 12/13/2015 9:44:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 72.99% Memory free
14.45 Gb Paging File | 12.60 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.07 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system |
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system |
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 |
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | name=@{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 |
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection |
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote |
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | name=@{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | name=@{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox |
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote |
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter |
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection |
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe |
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 |
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe |
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 |
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 |
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | name=@{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox |
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer |
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | name=@{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | name=@{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | name=@{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/12/2015 5:00:13 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: aac

 

Start
 Time: 01d1351fc0bbe514    Termination Time: 11    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 5364b3c7-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:01:20 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 518

 

Start
 Time: 01d135201cea54f7    Termination Time: 4    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 7b53c974-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:02:09 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 8b8

 

Start
 Time: 01d135204297ad22    Termination Time: 3    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 987a61d2-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:04:49 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 980

 

Start
 Time: 01d13520900282e4    Termination Time: 16    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: f75b6f2c-a113-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:05:47 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1d70

 

Start
 Time: 01d13520bf851c47    Termination Time: 10    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 19e96da0-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:07:26 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1d04

 

Start
 Time: 01d13520fe5d4492    Termination Time: 6    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 550ad47e-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 5:08:26 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 11c8

 

Start
 Time: 01d135212a5e8e4e    Termination Time: 12    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 78dd1e75-a114-11e5-9bea-e214133a98e9    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:30:30 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 1750

 

Start
 Time: 01d1354d733bc484    Termination Time: 13    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: 76d54e55-a141-11e5-9beb-f48800de098d    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:41:07 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Security and Maintenance control panel.    Process ID: 19a0

 

Start
 Time: 01d1354e3fa7d595    Termination Time: 12    Application Path: C:\Users\Family\Desktop\OTL.com

 

Report
 Id: f28ad09b-a142-11e5-9beb-f48800de098d    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 12/12/2015 10:54:50 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program OTL (1).com version 3.2.69.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 928    Start Time: 01d135509dc6135e    Termination Time: 7    Application Path: C:\Users\Family\Downloads\OTL
 (1).com    Report Id: d221d3bb-a144-11e5-9beb-f48800de098d    Faulting package full name:
     Faulting package-relative application ID:  
 
[ System Events ]
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error:
  %%1275
 
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description =
 
Error - 12/12/2015 10:22:54 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 10:22:58 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 10:26:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {8DF6A1A0-61BB-4011-9FD0-D82247A46831},
 had event 76
 
Error - 12/12/2015 10:27:49 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
 It has done this 1 time(s).
 
Error - 12/12/2015 10:37:53 PM | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12/12/2015 10:38:50 PM | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12/12/2015 10:40:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The HASP License Manager service terminated unexpectedly.  It has
done this 1 time(s).
 
Error - 12/12/2015 10:47:41 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >

[Help Removing Malware]

OTL logfile created on: 12/13/2015 9:44:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 72.99% Memory free
14.45 Gb Paging File | 12.60 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.07 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2015/12/13 09:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL (2).com
PRC - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
PRC - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe"
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 13:12:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/13 09:33:43 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/13 09:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/13 09:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/13 09:07:00 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/13 08:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/13 08:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/13 03:30:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 21:29:23 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 21:29:23 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 21:29:23 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 21:24:48 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 21:23:39 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 21:22:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 21:22:42 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 21:22:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/13 09:33:43 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG
[2015/11/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\BitTorrent
[2014/05/17 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/06/15 07:56:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2015/06/18 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\MetaQuotes
[2014/07/16 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oracle
[2015/08/19 02:25:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\PCDrafter2015
[2015/11/26 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/12 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/06/25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

 

< End of report >

[Help Removing Malware]

Yes exactly how im doing it.

 

I paste, click Run Fix, it closes Google Chrome and seems to run a few seconds, then the screen gets slightly blury and the top where the blue is and says OTL by oldTimer shows Not Responding

[Help Removing Malware]

I must be doing something wrong here Chuck.  I copy and pasted the new fix from your latest post and it still freezes up and OTL is not responding.

Here is how I copy and pasted it and clicked Run Fix and it stops responding

 

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

[Help Removing Malware]

Got an error saying Processing PRC- File not found and then OTL stopped responding

 

This is exactly what I copy and pasted

 

:OTL

PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.



:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

[Help Removing Malware]

Got an error saying Processing PRC- File not found and then OTL stopped responding

[Help Removing Malware]

After running the OTL scan do I need to click the cleanup button before I close it out, or am I waiting for you to review the scan results before I do anything else?

[Help Removing Malware]

OTL Extras logfile created on: 12/12/2015 11:28:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.82 Gb Available Physical Memory | 66.88% Memory free
14.45 Gb Paging File | 11.78 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.25 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 | 
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | name=@{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | 
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 | 
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection | 
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote | 
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | name=@{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | 
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | name=@{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox | 
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote | 
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter | 
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection | 
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 | 
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | 
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | 
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 | 
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 | 
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | name=@{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox | 
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer | 
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | name=@{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | 
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | name=@{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | 
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | 
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | 
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | name=@{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | 
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In 
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/3/2015 11:29:44 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1ba8  Faulting application start time: 0x01d12e43b2e85c71  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: bac35dcf-a763-4d1a-83bc-a8cf7114006b  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/5/2015 3:30:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1288  Faulting application start time: 0x01d1312042bf0cad  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 5c7402e6-1c7c-4dfa-b615-b5965b1dfd23  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1aec  Faulting application start time: 0x01d131e96f3bee14  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 8de05dd2-646a-4b06-a043-00140e71fa99  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/11/2015 3:58:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 3:59:31 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 9:35:36 PM | Computer Name = Family-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI
 was terminated because it took too long to suspend.
 
Error - 12/11/2015 9:35:38 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program SearchUI.exe version 10.0.10240.16515 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 1080    Start Time: 01d1347d07f7b364    Termination Time: 4294967295    Application Path:
 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe    Report
 Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d    Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting
 package-relative application ID: CortanaUI  
 
[ System Events ]
Error - 12/12/2015 12:04:59 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:06 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Sync Host_Session1 service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error: 
  %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksdf service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 12:09:28 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {B97BB92D-F09A-4E7E-8E4B-928AA03E7C40},
 had event 76
 
 
< End of report >
 

[Help Removing Malware]

OTL logfile created on: 12/12/2015 11:28:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.82 Gb Available Physical Memory | 66.88% Memory free
14.45 Gb Paging File | 11.78 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.25 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/12/12 11:10:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.com
PRC - [2015/12/04 16:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/12 16:57:42 | 001,136,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/04 16:32:56 | 016,573,256 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
MOD - [2015/12/04 16:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 16:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/12 15:20:54 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2015/09/30 15:47:00 | 000,225,976 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-125191153-927833046-2172898461-1000..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe" 
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
[2015/11/12 22:19:02 | 000,046,504 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/12 22:19:02 | 000,037,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/12 22:19:02 | 000,032,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
[2015/11/12 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/11/12 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AvgSetupLog
[2015/11/12 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg
[2015/11/12 15:20:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2015
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/12 11:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/12 11:12:05 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 11:12:05 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 11:12:05 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 11:07:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 11:07:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 11:07:05 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/12 11:06:44 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/12 11:06:44 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 11:05:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 11:05:35 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 11:05:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 10:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/12 10:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/12 10:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/12 11:06:44 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/12 22:19:01 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2015/11/12 22:19:01 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG
[2015/11/24 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG
[2015/11/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\BitTorrent
[2014/05/17 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/06/15 07:56:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2015/06/18 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\MetaQuotes
[2014/07/16 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oracle
[2015/08/19 02:25:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\PCDrafter2015
[2015/11/26 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/12 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/06/25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 

[Help Removing Malware]

both of those OTL scans are BEFORE I clicked "all users" and LOP and Purity Check" I will now re-run with those checked and post those results.

[Help Removing Malware]

OTL logfile created on: 12/12/2015 11:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 68.22% Memory free
14.45 Gb Paging File | 11.80 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.26 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/12/12 11:10:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.com
PRC - [2015/12/04 16:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/12 16:57:42 | 001,136,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] (GeoComply) -- C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/04 16:32:56 | 016,573,256 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
MOD - [2015/12/04 16:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 16:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/12 15:20:54 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2015/11/04 23:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 23:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 22:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 22:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/27 21:08:13 | 000,255,472 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/09/24 22:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 21:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 21:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/17 01:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/17 01:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/17 01:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/17 00:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/17 00:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/17 00:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/17 00:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/17 00:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/17 00:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/17 00:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/21 05:19:16 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/08/21 05:19:13 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/08/21 05:19:13 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/08/21 05:19:12 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/08/21 05:13:58 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/08/21 05:13:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/15 20:38:50 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2015/12/09 05:33:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/23 16:40:54 | 004,378,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2015/11/12 16:57:48 | 001,046,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015/11/06 15:09:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/04 22:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/28 17:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/24 21:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/17 00:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/17 00:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/08/21 05:14:07 | 000,504,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/08/21 05:13:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/08/21 05:13:50 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/19 19:45:21 | 003,431,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe -- (Player Location Check)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdateM)
SRV - [2015/07/19 19:44:47 | 000,166,360 | ---- | M] (GeoComply Inc.) [Auto | Stopped] -- C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe -- (GeoComplyUpdate)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 05:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/03/12 02:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 17:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/27 21:08:14 | 021,648,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/10/27 21:08:14 | 000,674,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/17 01:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/17 01:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/17 00:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/21 05:19:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/08/21 05:19:13 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/08/21 05:19:12 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/08/21 05:19:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/08/21 05:14:06 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,587,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/16 04:34:36 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2015/06/15 07:53:33 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/02/11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/28 12:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2015/10/14 10:58:44 | 000,031,144 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2015/08/19 15:39:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015/08/19 15:39:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2015/08/19 15:39:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A2 6A 78 B9 71 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=U220
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=3: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\@ums.geocomply.com/GeoComply Update;version=9: C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll (GeoComply Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/player_location_check: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/06 15:09:36 | 000,000,000 | ---D | M]
 
[2014/05/21 18:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2015/09/07 11:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default\extensions
[2015/11/06 15:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/06 15:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb\1.10.50_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [OneDrive] C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27:64bit: - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\dtlauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\et6sc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O27 - HKLM IFEO\idriver.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\AutoRun\command - "" = "F:\autorun.exe" 
O33 - MountPoints2\{6e82fd09-1856-11e5-8e12-74d43550f80c}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\FRST-OlderVersion
[2015/12/12 10:36:03 | 002,369,536 | ---- | C] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/11 14:59:56 | 000,000,000 | ---D | C] -- C:\6a7dcb6ef22c135e9541ac
[2015/12/09 09:53:44 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/12/09 09:53:41 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/12/09 09:53:39 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/12/09 09:53:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/12/09 09:53:37 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/12/09 09:53:36 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/12/09 09:53:36 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/12/09 09:53:36 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/12/09 09:53:36 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/12/09 09:53:35 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/12/09 09:53:35 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/12/09 09:53:35 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/12/09 09:53:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/12/09 09:53:35 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/12/09 09:53:34 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/12/09 09:53:32 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/12/09 09:53:32 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/12/09 09:53:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/12/09 09:53:31 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/12/09 09:53:31 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/12/09 09:53:30 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/09 09:53:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/12/09 09:53:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/12/09 09:53:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/12/09 09:53:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/12/09 09:53:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/12/09 09:53:27 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/12/09 09:53:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/12/09 09:53:27 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/12/09 09:53:26 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/12/09 09:53:26 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/12/09 09:53:26 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/12/09 09:53:25 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/12/09 09:53:25 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/12/09 09:53:24 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/12/09 09:53:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/12/09 09:53:23 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/12/09 09:53:23 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/12/09 09:53:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/12/09 09:53:23 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/12/09 09:53:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/12/09 09:53:22 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/12/09 09:53:22 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/12/09 09:53:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/12/09 09:53:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/12/09 09:53:20 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/12/09 09:53:20 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/12/09 09:53:19 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/12/09 09:53:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/12/09 09:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/12/09 09:53:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/12/09 09:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/12/09 09:53:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/12/09 09:53:15 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/09 09:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/12/09 09:53:11 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/12/05 09:18:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/05 08:56:09 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/27 21:51:02 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/27 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/11/27 21:50:45 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/11/27 21:50:45 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/27 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/24 07:03:05 | 000,048,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/24 07:03:05 | 000,042,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2015/11/23 17:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2015/11/23 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\QuickScan
[2015/11/23 10:51:01 | 000,000,000 | ---D | C] -- C:\$SysReset
[2015/11/12 22:19:02 | 000,046,504 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/12 22:19:02 | 000,037,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/12 22:19:02 | 000,032,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
[2015/11/12 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG
[2015/11/12 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2015/11/12 15:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/11/12 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AvgSetupLog
[2015/11/12 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg
[2015/11/12 15:20:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/11/12 15:20:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2015
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/12 11:12:05 | 001,005,598 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/12 11:12:05 | 000,832,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/12 11:12:05 | 000,171,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/12 11:07:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/12 11:07:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/12 11:07:05 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/12 11:06:44 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/12/12 11:06:44 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineCore.job
[2015/12/12 11:05:44 | 000,341,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/12/12 11:05:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/12 11:05:35 | 1504,022,527 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/12 11:05:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2015/12/12 10:49:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GeoComplyUpdateTaskMachineUA.job
[2015/12/12 10:36:06 | 002,369,536 | ---- | M] (Farbar) -- C:\Users\Family\Desktop\FRST64.exe
[2015/12/12 10:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/12 10:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/12 10:21:00 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
[2015/12/08 21:31:39 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/05 14:48:05 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/01 01:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2015/12/01 00:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2015/12/01 00:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/12/01 00:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/30 23:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/11/30 19:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/11/30 19:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/11/27 21:50:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/25 00:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/11/25 00:42:07 | 000,168,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkUXBroker.exe
[2015/11/25 00:41:58 | 001,822,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/11/25 00:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/11/25 00:32:20 | 000,113,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2015/11/25 00:27:50 | 001,366,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015/11/25 00:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/11/24 23:49:57 | 001,569,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/11/24 23:49:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/11/24 23:49:03 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MBMediaManager.dll
[2015/11/24 23:49:00 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RasMediaManager.dll
[2015/11/24 23:48:54 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EthernetMediaManager.dll
[2015/11/24 23:48:52 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMediaManager.dll
[2015/11/24 23:44:49 | 021,872,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/11/24 23:37:12 | 002,350,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/11/24 23:36:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/11/24 23:36:09 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2015/11/24 23:35:45 | 000,929,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/11/24 23:35:00 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2015/11/24 23:31:10 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAMM.dll
[2015/11/24 23:30:59 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015/11/24 23:30:54 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3mm.dll
[2015/11/24 23:29:40 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2015/11/24 23:29:22 | 001,649,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015/11/24 23:28:41 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/24 23:28:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015/11/24 23:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/11/24 23:26:30 | 000,849,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2015/11/24 23:26:23 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2015/11/24 23:25:19 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2015/11/24 23:23:06 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/11/24 23:23:00 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/11/24 23:22:51 | 001,717,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015/11/24 23:22:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2015/11/24 23:22:51 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015/11/24 23:22:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015/11/24 23:22:40 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015/11/24 23:22:39 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015/11/24 23:22:23 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/11/24 23:19:58 | 001,795,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/11/24 23:19:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2015/11/24 23:18:28 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/11/24 23:17:23 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/11/24 23:16:55 | 001,442,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll
[2015/11/24 23:16:25 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2015/11/24 23:13:23 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/11/24 23:11:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2015/11/24 23:10:48 | 018,801,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/11/24 23:10:36 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015/11/24 23:10:23 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015/11/24 23:07:05 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2015/11/24 23:04:42 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/11/24 23:04:33 | 001,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015/11/24 23:04:27 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015/11/24 23:04:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015/11/24 23:04:21 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015/11/24 07:03:05 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | M] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/23 16:41:12 | 000,046,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2015/11/23 16:37:00 | 000,048,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\uxtuneup.dll
[2015/11/23 16:37:00 | 000,042,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\uxtuneup.dll
[2015/11/23 16:37:00 | 000,037,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\authuitu.dll
[2015/11/23 16:37:00 | 000,032,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2015/12/12 11:06:44 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\FAMILY-PC_Family_HistoryPrediction.bin
[2015/11/27 21:50:51 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/23 17:32:46 | 000,000,887 | ---- | C] () -- C:\Users\Family\Desktop\WhoCrashed.lnk
[2015/11/12 22:19:01 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2015/11/12 22:19:01 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2015/10/27 21:08:17 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/10/27 21:08:13 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/10/27 21:08:04 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/10/27 21:08:04 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/10/27 21:08:03 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/10/27 21:08:03 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/09/30 17:48:28 | 001,766,952 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/21 06:49:04 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/21 06:48:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/21 01:36:11 | 000,961,296 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/08/21 01:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2015/08/21 01:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/08/11 15:14:36 | 000,010,155 | ---- | C] () -- C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag
[2015/07/16 00:22:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/16 00:22:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2014/05/15 11:44:56 | 000,030,528 | ---- | C] () -- C:\WINDOWS\GVTDrv64.sys
[2014/05/15 11:25:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 01:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 01:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

[Help Removing Malware]

OTL Extras logfile created on: 12/12/2015 11:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.20 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 68.22% Memory free
14.45 Gb Paging File | 11.80 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 263.26 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B3 06 90 56 DE DB D0 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{256533BD-EA31-4D32-8B7B-44B5F21F840B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36F31B64-420F-44E0-B88E-F92651B0215A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{58E5175D-84F8-4A53-BA70-B835DEDBBF22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5E811911-415C-4982-9E89-B0FC4EC60288}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86F31DAF-5E11-4AFC-8110-19BDE901E9C8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E3FE6CD-41D8-4F15-8141-FDCBA163E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E79C0FA-2902-45A6-A048-4B819C52E09E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B035CC2-4867-43B8-88AE-4FA0E9D4C484}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB5B1E38-4DEB-42F3-997C-D01D65BACCD7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE9F60F8-AC08-4844-BB44-B0044568336B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B695ED1A-1412-48E0-9C5C-2CDB0077A2D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{CFDF41C4-46A0-4B4F-BD1E-EB765B49EEDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{DA9EFFCB-8808-47A7-8A63-88A9ED8F60EC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286D711-DFBD-466B-B2A9-35C6C03BCDC8}" = protocol=58 | dir=in | [email protected],-28545 | 
"{04B6F20E-EB62-4E8C-B23B-796D687EA38E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{052863D6-C44D-4E7D-A53E-B48139D30269}" = dir=out | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{0A4AB2E2-F732-4DAB-A128-DE8089B0F079}" = dir=out | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{0CED1B28-5A0E-4BFD-9096-4C5E6E61BB82}" = dir=in | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{0D5A3A7A-FDCF-4A54-999D-97810321AC0E}" = dir=out | name=@{microsoft.windowsmaps_4.1511.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | 
"{14AF3D88-1C6F-47B7-BE0E-64BA999568E9}" = protocol=58 | dir=out | [email protected],-28546 | 
"{16F92B88-BC0F-4B0D-9E80-542DD6AD1BC4}" = dir=in | name=microsoft solitaire collection | 
"{1BC387F1-7031-43A8-9352-E9EAD4E5B11A}" = dir=out | name=onenote | 
"{2519C3E2-8820-44AF-9E8E-0625182ED43D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2B4D091F-0258-4132-8F2C-C46B96E411F3}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{2C29507E-61DA-4671-BA64-3EE8197913AF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2DC67C64-889B-4E6D-A60D-020DA6EF474E}" = dir=out | name=@{microsoft.3dbuilder_10.9.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | 
"{2FC18260-C6AB-4AE8-979B-ACFD3136496B}" = dir=out | name=@{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{35DE7F21-0CD5-4533-B10C-E67708F8148E}" = dir=in | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{36016C6B-D082-4C2C-BB88-9B46AFB4ECC9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{37018B24-A849-42CC-9615-24997B7357D7}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{38AB6A7E-93F4-41E7-8BC5-7E563C9AB21B}" = dir=in | name=xbox | 
"{3AB2BA68-A528-4295-A82B-FB6097BC70E3}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{4570D6BC-7477-4329-9C4C-2717F729FDEC}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{45F74A78-1EEF-4633-9BBE-C8D8253BCF31}" = dir=out | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{4937FC0D-641F-4238-A708-24DF31247827}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"{503A7049-FA4F-4905-9BDF-A5FBAB476FB0}" = dir=in | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{5D7F748E-AA03-48BB-A269-FEE85A757FA0}" = dir=in | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{62B8A07C-742F-4E0E-B312-73164103A872}" = dir=out | name=@{microsoft.windows.photos_15.1208.10480.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{6C5B4A77-7204-4FD8-A1BA-658067AE8AE3}" = dir=out | name=@{microsoft.bingweather_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{7253C9DA-76CD-410E-A264-1D33D0837D40}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{7B014E9F-64B9-485E-97FA-4B9161C822FA}" = dir=in | name=@{microsoft.bingsports_4.7.130.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | 
"{7ECCB304-B854-4C56-8EC2-4DC1CF59473B}" = dir=in | name=onenote | 
"{8312CCA6-FDFB-4D01-888D-336854EF7E24}" = dir=out | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{89F4FE3D-7E19-4B74-9EA2-473BE5263FF4}" = dir=out | name=twitter | 
"{89FB4CFA-3DB6-4201-9A45-37E791F49117}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{8E7E3265-F94F-4D3A-BE32-827FCD7FC0AC}" = dir=out | name=microsoft solitaire collection | 
"{8F8D55E3-D6EE-4746-A875-3F273F8FA3E6}" = dir=out | name=@{microsoft.bingnews_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | 
"{91D08958-C150-4F21-8E1B-255306F7E8F8}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9279FBCE-CA82-478E-B8E9-787C8236CB5E}" = dir=out | name=windows_ie_ac_001 | 
"{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\bittorrent\bittorrent.exe | 
"{9573E191-DBF0-4620-A19D-88DCC62059A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{99B1E39D-EA29-4D42-A4B9-25BE3A285FFE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{9E463627-3D5C-4833-8814-FD13B9B89631}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | 
"{9EF02AA0-F1E4-419A-86ED-E811330EE0BA}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | 
"{9FD1051A-B07A-46C5-BF60-20F496522AE6}" = dir=out | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{A4BA5837-C834-44F5-9551-0564E52C072D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A604E3B3-DFD4-40D8-BFC1-F348AD174041}" = protocol=1 | dir=in | [email protected],-28543 | 
"{ACA9564D-A022-40B7-AB71-05F22DCDDD54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B42A767F-E2FC-4406-9DBC-0DA371EBFE32}" = protocol=1 | dir=out | [email protected],-28544 | 
"{B91406CA-2064-47B9-B55D-D9C1829CD995}" = dir=out | name=@{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{B956638B-E050-478C-9850-E91302AD0B74}" = dir=out | name=xbox | 
"{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{C14089DF-4B49-419B-B6C4-A505DB50C4A6}" = dir=in | name=@{microsoft.bingfinance_4.7.118.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | 
"{C1B3B6E3-9E04-456B-AD12-C47BACF88A97}" = dir=out | name=windowsdvdplayer | 
"{C321F8C0-8C30-4F62-9DDB-564F238641D6}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{C4B97A32-C28C-49EC-8DD5-640F00D00156}" = dir=out | name=@{microsoft.windowsphone_10.1511.18010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | 
"{D6BE52FF-6BD5-421F-8BB5-B0F73934E9A9}" = dir=out | name=@{microsoft.getstarted_2.5.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | 
"{DA798C60-92AD-44BA-B94F-3607FF648332}" = dir=in | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{DE07BD98-7D53-4085-B956-8A8C4218B753}" = dir=in | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | 
"{E0D1CAC9-D29D-4215-B992-19367610AA17}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E6CE9E78-FB0C-4B6B-B35E-859F99917496}" = dir=out | name=@{microsoft.microsoftofficehub_17.6508.23761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | 
"{E6FFCA87-B2CF-47AD-9485-E54628F7149A}" = dir=out | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{E7439D0B-F123-42DE-B504-54B1B12043EF}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | 
"{E762C6A2-A924-407B-BA13-131B2EBAB7C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E76551E5-95B2-4C3E-8BF2-881037573426}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8E292BE-B197-4CC3-95EF-01A0A3939D4E}" = dir=in | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{E9009A26-9DCA-495D-96E9-846ACA86B359}" = dir=in | name=@{microsoft.windows.cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | 
"{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{EDA6EFCF-EC2B-44A0-B42F-EAEA07C377D4}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{EFEE005D-0A1A-401C-A8AD-11A005125AA7}" = dir=out | name=@{microsoft.zunevideo_3.6.15731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{F4E999C0-FE4E-4F9B-AC63-E81A165B47CB}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | 
"{FA8BD87F-F891-4F32-8C39-8638EC61F8F2}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | 
"{FB1C367A-98A9-4F02-B9BB-08A9B3F6A2E7}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{FD473E4F-8A3E-4ECD-A910-039D9364138B}" = dir=in | name=@{microsoft.windowsstore_2015.23.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | 
"{FED3C594-7321-4855-80FD-0922C7E6EA6F}" = dir=out | name=@{microsoft.people_10.0.3350.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | 
"TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In 
"{4989485C-EF16-161E-4F02-8A8BFB16CAC3}" = ccc-utility64
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B69FB0E0-0CAF-10DE-191C-538EC231C632}" = AMD Wireless Display v3.0
"{BCA7CC8C-745B-4340-B3A8-BC79A8498107}" = FMW 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD09826F-D794-DE92-952E-9D48D109AA4B}" = AMD Accelerated Video Transcoding
"{E80C395A-82DD-9C17-87FC-0C86D498079D}" = AMD Fuel
"{F8F948EA-5AEA-4158-8821-A2F788ECE936}" = 64 Bit HP CIO Components Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WhoCrashed_is1" = WhoCrashed 5.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{09EDE6DF-A9A9-DC54-24E4-AA2E506718BE}" = CCC Help Japanese
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0E52338D-4C09-BAF9-B2BC-A6633D78A594}" = AMD Catalyst Control Center
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19946C87-EB80-2BBF-D932-5BDB2799B6F5}" = CCC Help Chinese Standard
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}" = Player Location Check
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{2A5E854E-9967-A0E8-F246-FE3572F44F57}" = CCC Help Chinese Traditional
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3419ABF8-BBBA-E7A7-05E1-7B8A30268FDC}" = CCC Help Italian
"{38795B2F-8709-4A61-8DB8-2A9D4875F9B4}" = AVG PC TuneUp
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3E275667-C19E-1AC0-A9EC-6D37AE67469C}" = Catalyst Control Center InstallProxy
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{46D1DAAD-BA7B-18DF-5515-E158E54AF847}" = CCC Help Turkish
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6740FE60-43C1-4D15-8C4A-001624134B14}" = Citrix Online Launcher
"{6A3D3784-DBD8-DFB2-3FFA-528C1CAEAC72}" = CCC Help English
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{72A76D02-1907-C805-0B77-2374C6013D64}" = CCC Help Czech
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76D5F1FC-5A08-7F44-8E13-0249EAB8B031}" = CCC Help Korean
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79463523-00FE-FA43-EB05-A1935014F9DE}" = CCC Help French
"{7EFA185C-179A-E07B-6F67-AFE491EFD4E1}" = CCC Help Hungarian
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{87459992-7B4E-7E68-CFCD-8BE703D76D30}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A4F8020-ED9F-5FFC-9917-CB52CF811382}" = Catalyst Control Center Localization All
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{90932CBF-33F2-CF3F-C553-D76136AC8C5A}" = CCC Help Norwegian
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}" = PCDrafter 2015
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0C889A-285D-3ED0-EDEF-0122564A8B2A}" = CCC Help Greek
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB411CBB-9E34-94FD-4691-36B33D9DC181}" = CCC Help German
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{C2EA734A-92B2-AD20-2C85-337FDF0E8053}" = CCC Help Thai
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{CA355E6F-717E-A17C-05B0-AD951118875C}" = CCC Help Dutch
"{CAA5ED80-3F00-FA30-12B4-39073E135E7E}" = CCC Help Portuguese
"{CCEC41F0-1B86-B07B-C8D6-97CA8D616B16}" = CCC Help Swedish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D5B2B522-05A2-77CB-8BB5-971E6C613764}" = CCC Help Finnish
"{DA74DDB4-EB8D-A688-4E27-7C2680A7C26E}" = CCC Help Danish
"{DFC4F9CE-EED9-2167-E579-D4A43EF9C00B}" = CCC Help Polish
"{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}" = InsiderBaseball 2015
"{E3827F8B-56EA-C716-5284-07A1786DBBE2}" = Catalyst Control Center InstallProxy
"{E5BE63DE-CD83-49DB-FA2C-14BD29CD0489}" = CCC Help Spanish
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1029.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 en-US)" = Mozilla Firefox 42.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RotoLab 2015_is1" = RotoLab 2015
"sbrAppId_is1" = SBR Poker 1.0.81
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 7.7.0.4062
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/3/2015 11:29:44 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1ba8  Faulting application start time: 0x01d12e43b2e85c71  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: bac35dcf-a763-4d1a-83bc-a8cf7114006b  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/5/2015 3:30:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/7/2015 2:52:51 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1288  Faulting application start time: 0x01d1312042bf0cad  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 5c7402e6-1c7c-4dfa-b615-b5965b1dfd23  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/8/2015 2:53:08 PM | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp:
 0x52aef33f  Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time
 stamp: 0x559f38c3  Exception code: 0xe0434352  Fault offset: 0x000000000002a1c8  Faulting
 process id: 0x1aec  Faulting application start time: 0x01d131e96f3bee14  Faulting application
 path: C:\Windows\AutoKMS\AutoKMS.exe  Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report
 Id: 8de05dd2-646a-4b06-a043-00140e71fa99  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 12/11/2015 3:58:35 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 3:59:31 PM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 12/11/2015 9:35:36 PM | Computer Name = Family-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI
 was terminated because it took too long to suspend.
 
Error - 12/11/2015 9:35:38 PM | Computer Name = Family-PC | Source = Application Hang | ID = 1002
Description = The program SearchUI.exe version 10.0.10240.16515 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 1080    Start Time: 01d1347d07f7b364    Termination Time: 4294967295    Application Path:
 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe    Report
 Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d    Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting
 package-relative application ID: CortanaUI  
 
[ System Events ]
Error - 12/12/2015 12:04:59 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:06 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7031
Description = The Sync Host_Session1 service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksfridge service failed to start due to the following error: 
  %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The aksdf service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Application Popup | ID = 875
Description = 
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error:   %%1275
 
Error - 12/12/2015 12:05:51 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/12/2015 12:09:28 PM | Computer Name = Family-PC | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport TAP-Win32 Adapter OAS #28, {B97BB92D-F09A-4E7E-8E4B-928AA03E7C40},
 had event 76
 
 
< End of report >
 

[Help Removing Malware]

# AdwCleaner v5.024 - Logfile created 12/12/2015 at 11:05:00
# Updated 07/12/2015 by Xplode
# Database : 2015-12-12.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Downloads\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [664 bytes] ##########
 

[Help Removing Malware]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015
Ran by Family (2015-12-12 10:37:05)
Running from C:\Users\Family\Desktop
Windows 10 Home (X64) (2015-08-21 09:30:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-125191153-927833046-2172898461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-125191153-927833046-2172898461-503 - Limited - Disabled)
Family (S-1-5-21-125191153-927833046-2172898461-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-125191153-927833046-2172898461-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.53.1000.101 - ALLDATA Corporation)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.12.1.43164 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.12.3 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Easy Tune 6 B13.1029.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1029.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.7.0.4062 (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\GoToMeeting) (Version: 7.7.0.4062 - CitrixOnline)
InsiderBaseball 2015 (HKLM-x32\...\{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}) (Version: 16.1.1 - Fantistics)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PCDrafter 2015 (HKLM-x32\...\{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}) (Version: 15.0.0000 - PCDrafter)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RotoLab 2015 (HKLM-x32\...\RotoLab 2015_is1) (Version:  - RotoLab)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SBR Poker 1.0.81 (HKLM-x32\...\sbrAppId_is1) (Version: 1.0.0 - SBR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Family\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014949B1-4DFE-473D-879B-9F97B59688F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {080FF4AD-FB81-470B-BB1B-5218C1C3E8F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A26FA18-43EC-4CD9-AAFF-B10FF0C84425} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0BE43EEF-4232-4E56-8AB4-BE997FB5AB01} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1AB3DED8-838F-4D33-8073-BB92A863A393} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1EA7C1AA-DEF2-4B09-94E1-357A80AC4245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F4EA018-D0F7-4949-9EF9-C16762D01308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {214A316A-7DB8-45D3-A376-3F931DF582DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {22C81681-E369-4F13-9FC2-5F291DDB9FD1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {28AECC82-BE28-4E84-BD08-34CC77829326} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2C2F956A-729B-4946-ABB6-ED28563A5502} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe
Task: {32051A4C-89F2-4D01-B46D-A0606207C826} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-11-23] (AVG Technologies CZ, s.r.o.)
Task: {322989D2-0EBA-46AB-BACE-53E1CA2FB28A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {33579BBC-41CE-4BBD-91D7-4A383F30DE19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {367F41DC-6614-42D9-B328-8A44D571A827} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {381B4C47-6B9B-4438-B8B7-E6F5E8488737} - System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {42E92F8A-D911-4139-B951-DCF77474EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4541FEAF-613F-47F4-B470-F6D4383D0EFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4D7AA650-90F4-4252-A9BD-E6B1DBD11AE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4F95A94F-72E0-4BF6-9431-7FEA7D48CE79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {58869D45-E884-4F77-A6BE-543E9DE67AF2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5FA761FC-63C4-4CE9-A032-EE0E2AF71FC6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {624ACF40-65E1-44FE-84B4-BE554AB815AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation)
Task: {63733201-D67E-4ADF-8377-356F35F5788B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {683BAAF9-1DB5-484E-9C19-6C72B4342BFD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {740252EF-6ADE-4742-98C6-15B58C78C0E9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7FC27308-026B-46F7-98CF-DE61DC635AEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {82BDE5F8-5712-44C8-8050-A369070E68EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {867481C3-B03D-44B6-9ECC-111377B0A0CF} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {964C687E-267C-41A9-B8FD-811862459ABC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9B0192E6-8839-47B7-B27B-5D11ABC0F0BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9B5FEC1D-D45C-45BE-AE5E-4435C0603B22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A39109FC-2B89-46B4-9E86-F25D8FADEDD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {A59674FF-CC6F-4B4D-9892-B9B553EF0856} - System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A9523DC5-8E59-4795-8495-EB17B85D9A6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE9675E9-CDE0-4516-B297-46993CC51C49} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45A5EE0-7BF3-44E1-9DB6-2360E0F85113} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4D20D19-662D-488B-AAB9-08034417328F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-21] ()
Task: {B54749D2-A79D-497F-81BB-17CE1F7BE696} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB94E50C-4999-4380-855D-A651450160D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C8FF64F6-36F4-4DA9-A177-B6E9A36550BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC0DBB0A-F6CA-47B7-80D3-BA19CF194A88} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC2AECC0-FD65-4676-94BB-CB4537277B5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CE9D1D3B-0495-40A2-A74C-BF64B56EBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D03BAEFF-6CC9-4468-BD24-A3291225F62A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D56D7FE6-76FC-4F2E-9FFA-DCEF4631F810} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D7F73991-99C0-48AB-94ED-3AD31A35AE7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF23DEF6-47F8-4756-940F-8479B5DE0586} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {DFB55C65-E19E-4F00-BDDB-8D44A4F358F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EAEFCF09-0954-45B1-8A1D-CB796B3A0F4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED80E49E-093B-4E9E-AAA7-5894350269F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF915FFD-7569-463E-9672-2A60C598FD79} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F0BDC182-EE5E-4B19-9B13-674B14E3483B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F17B229E-88B0-473E-ADA2-51A5BC3D56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C579C6-3D95-4C1C-AA36-D57F7C5E4825} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FA591149-2347-4943-B958-6AF4ECA64634} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 05:19 - 2015-08-21 05:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 06:48 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-30 17:48 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 17:48 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-30 17:48 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 21:55 - 2015-12-08 21:55 - 03492352 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-12 15:21 - 2015-11-12 15:20 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-08 21:31 - 2015-12-04 16:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-125191153-927833046-2172898461-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\Microsoft\Windows\Themes\img28.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{89FB4CFA-3DB6-4201-9A45-37E791F49117}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4937FC0D-641F-4238-A708-24DF31247827}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E762C6A2-A924-407B-BA13-131B2EBAB7C0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E0D1CAC9-D29D-4215-B992-19367610AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91D08958-C150-4F21-8E1B-255306F7E8F8}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{37018B24-A849-42CC-9615-24997B7357D7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2C29507E-61DA-4671-BA64-3EE8197913AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4570D6BC-7477-4329-9C4C-2717F729FDEC}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{ACA9564D-A022-40B7-AB71-05F22DCDDD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E76551E5-95B2-4C3E-8BF2-881037573426}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4BA5837-C834-44F5-9551-0564E52C072D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9573E191-DBF0-4620-A19D-88DCC62059A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2519C3E2-8820-44AF-9E8E-0625182ED43D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D320F9B8-C3A5-4AEE-9E4A-F80F509F01A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1080

Start Time: 01d1347d07f7b364

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: a4191df0-a070-11e5-9be8-ec7c68e2a24d

Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (12/11/2015 08:35:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Family-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (12/11/2015 02:59:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/11/2015 02:58:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/08/2015 01:53:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1aec
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/08/2015 01:53:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (12/07/2015 01:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1288
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/07/2015 01:52:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (12/05/2015 02:30:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/03/2015 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1ba8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

System errors:
=============
Error: (12/12/2015 10:00:23 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/11/2015 08:46:32 PM) (Source: DCOM) (EventID: 10016) (User: Family-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Family-PCFamilyS-1-5-21-125191153-927833046-2172898461-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (12/11/2015 08:38:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/11/2015 08:37:08 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #28, {D9379884-049A-4B2F-8D07-5B517E37D3BB}, had event 76

Error: (12/11/2015 08:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error: 
%%1053

Error: (12/11/2015 08:32:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.

Error: (12/11/2015 08:31:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (12/11/2015 08:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hardlock service failed to start due to the following error: 
%%1275

Error: (12/11/2015 08:31:36 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: hardlock.sys

Error: (12/11/2015 08:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aksfridge service failed to start due to the following error: 
%%1275

CodeIntegrity:
===================================
  Date: 2015-12-12 07:02:42.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-07 04:08:56.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-07 04:08:56.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 14:05:01.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 14:05:01.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 09:49:29.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-06 09:49:29.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:30:52.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:30:52.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 14:23:22.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 40%
Total physical RAM: 7373.8 MB
Available physical RAM: 4354.83 MB
Total Virtual: 14797.8 MB
Available Virtual: 11187.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:263.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C834FA10)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

[Help Removing Malware]

I ran Malwarebytes last week and quarantined the results, just ran it again and if found nothing this time.

[Help Removing Malware]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Family (Administrator) on Sat 12/05/2015 at 14:30:26.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1 

Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/05/2015 at 14:32:07.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[Help Removing Malware]

# AdwCleaner v5.023 - Logfile created 05/12/2015 at 09:18:45
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Downloads\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\TowerTilt
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\Program Files (x86)\TowerTilt
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\Users\Family\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Family\AppData\Roaming\YourFileDownloader

***** [ Files ] *****

File Found : C:\END
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.indianask.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.indianask.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1827 bytes] ##########
 

[Help Removing Malware]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Family (2015-12-05 08:56:55)
Running from C:\Users\Family\Downloads
Windows 10 Home (X64) (2015-08-21 09:30:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-125191153-927833046-2172898461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-125191153-927833046-2172898461-503 - Limited - Disabled)
Family (S-1-5-21-125191153-927833046-2172898461-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-125191153-927833046-2172898461-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.53.1000.101 - ALLDATA Corporation)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.12.1.43164 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.12.3 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Easy Tune 6 B13.1029.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1029.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.6.0.4007 (HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\GoToMeeting) (Version: 7.6.0.4007 - CitrixOnline)
InsiderBaseball 2015 (HKLM-x32\...\{E2C6F0AE-7752-4736-8EB8-C15DA62187C9}) (Version: 16.1.1 - Fantistics)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PCDrafter 2015 (HKLM-x32\...\{977DEBB3-85F6-4488-ADB3-A5E5D2464BE1}) (Version: 15.0.0000 - PCDrafter)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RotoLab 2015 (HKLM-x32\...\RotoLab 2015_is1) (Version:  - RotoLab)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SBR Poker 1.0.81 (HKLM-x32\...\sbrAppId_is1) (Version: 1.0.0 - SBR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125191153-927833046-2172898461-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Family\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

28-11-2015 08:50:14 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014949B1-4DFE-473D-879B-9F97B59688F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {080FF4AD-FB81-470B-BB1B-5218C1C3E8F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A26FA18-43EC-4CD9-AAFF-B10FF0C84425} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0BE43EEF-4232-4E56-8AB4-BE997FB5AB01} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1AB3DED8-838F-4D33-8073-BB92A863A393} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1EA7C1AA-DEF2-4B09-94E1-357A80AC4245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F4EA018-D0F7-4949-9EF9-C16762D01308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {214A316A-7DB8-45D3-A376-3F931DF582DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {22C81681-E369-4F13-9FC2-5F291DDB9FD1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {28AECC82-BE28-4E84-BD08-34CC77829326} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2C2F956A-729B-4946-ABB6-ED28563A5502} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe
Task: {32051A4C-89F2-4D01-B46D-A0606207C826} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-11-23] (AVG Technologies CZ, s.r.o.)
Task: {322989D2-0EBA-46AB-BACE-53E1CA2FB28A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {33579BBC-41CE-4BBD-91D7-4A383F30DE19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {367F41DC-6614-42D9-B328-8A44D571A827} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {381B4C47-6B9B-4438-B8B7-E6F5E8488737} - System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe [2015-11-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {42E92F8A-D911-4139-B951-DCF77474EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4541FEAF-613F-47F4-B470-F6D4383D0EFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4D7AA650-90F4-4252-A9BD-E6B1DBD11AE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4F95A94F-72E0-4BF6-9431-7FEA7D48CE79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {58869D45-E884-4F77-A6BE-543E9DE67AF2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5FA761FC-63C4-4CE9-A032-EE0E2AF71FC6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {63733201-D67E-4ADF-8377-356F35F5788B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {683BAAF9-1DB5-484E-9C19-6C72B4342BFD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {740252EF-6ADE-4742-98C6-15B58C78C0E9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7FC27308-026B-46F7-98CF-DE61DC635AEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {82BDE5F8-5712-44C8-8050-A369070E68EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {867481C3-B03D-44B6-9ECC-111377B0A0CF} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-07-19] (GeoComply Inc.)
Task: {94B27DDA-7F10-4DE4-8A41-B253179D8FC6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {964C687E-267C-41A9-B8FD-811862459ABC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9B0192E6-8839-47B7-B27B-5D11ABC0F0BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9B5FEC1D-D45C-45BE-AE5E-4435C0603B22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A39109FC-2B89-46B4-9E86-F25D8FADEDD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A59674FF-CC6F-4B4D-9892-B9B553EF0856} - System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000 => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe [2015-11-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A9523DC5-8E59-4795-8495-EB17B85D9A6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE9675E9-CDE0-4516-B297-46993CC51C49} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45A5EE0-7BF3-44E1-9DB6-2360E0F85113} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B54749D2-A79D-497F-81BB-17CE1F7BE696} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB94E50C-4999-4380-855D-A651450160D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7A781FF-6602-493E-BB08-203090C653E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {C8FF64F6-36F4-4DA9-A177-B6E9A36550BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC0DBB0A-F6CA-47B7-80D3-BA19CF194A88} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC2AECC0-FD65-4676-94BB-CB4537277B5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CE9D1D3B-0495-40A2-A74C-BF64B56EBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D03BAEFF-6CC9-4468-BD24-A3291225F62A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D56D7FE6-76FC-4F2E-9FFA-DCEF4631F810} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D7F73991-99C0-48AB-94ED-3AD31A35AE7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF23DEF6-47F8-4756-940F-8479B5DE0586} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {DFB55C65-E19E-4F00-BDDB-8D44A4F358F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EAEFCF09-0954-45B1-8A1D-CB796B3A0F4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED80E49E-093B-4E9E-AAA7-5894350269F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF915FFD-7569-463E-9672-2A60C598FD79} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F0BDC182-EE5E-4B19-9B13-674B14E3483B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F17B229E-88B0-473E-ADA2-51A5BC3D56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C579C6-3D95-4C1C-AA36-D57F7C5E4825} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FA591149-2347-4943-B958-6AF4ECA64634} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FDEFFB29-EEB1-444B-AF5D-E1C24DDAE805} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job => C:\Users\Family\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 05:19 - 2015-08-21 05:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 06:48 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-30 17:48 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-09-30 17:48 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 17:47 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 17:48 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-26 04:20 - 2015-11-26 04:20 - 03494400 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-12 15:21 - 2015-11-12 15:20 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 00:26 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-125191153-927833046-2172898461-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\Microsoft\Windows\Themes\img28.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{89FB4CFA-3DB6-4201-9A45-37E791F49117}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4937FC0D-641F-4238-A708-24DF31247827}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E762C6A2-A924-407B-BA13-131B2EBAB7C0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E0D1CAC9-D29D-4215-B992-19367610AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91D08958-C150-4F21-8E1B-255306F7E8F8}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9390DD1D-2F33-4E5C-A412-266FB5E4FBA3}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{37018B24-A849-42CC-9615-24997B7357D7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{EBAA4DCE-14F3-4CBD-B23E-8D13898A5BDE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [UDP Query User{D10EB472-EF4F-4FC6-B740-6C08C4C70CE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F43D3A34-51A4-474F-8AF6-2A062A0437E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2C29507E-61DA-4671-BA64-3EE8197913AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABD3C63-6BD8-4053-AC90-7EC2F5C9216D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D69F1F7-5A5D-4288-A93D-7B0CB309987B}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4570D6BC-7477-4329-9C4C-2717F729FDEC}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{517762D2-90EB-4BFB-948A-1F3F4DAE3CB8}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{55012951-90D3-4734-A262-C9D8A344494C}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{ACA9564D-A022-40B7-AB71-05F22DCDDD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E76551E5-95B2-4C3E-8BF2-881037573426}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4BA5837-C834-44F5-9551-0564E52C072D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9573E191-DBF0-4620-A19D-88DCC62059A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2519C3E2-8820-44AF-9E8E-0625182ED43D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC52CF7F-1A5B-40C0-9BC3-6080D1D879AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62276E21-A549-4BB4-AB0E-702AE16889EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2015 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1ba8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (12/03/2015 10:29:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (11/28/2015 08:50:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/26/2015 07:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x6a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/26/2015 07:23:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 42.0.0.5780, time stamp: 0x5632ba5c
Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3b08
Exception code: 0xc0000409
Fault offset: 0x0000fcec
Faulting process id: 0x1988
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5

Error: (11/26/2015 07:44:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Family-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/25/2015 07:02:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1f8
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (11/25/2015 07:02:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (11/25/2015 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0xa7c
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (11/25/2015 06:37:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0xd80
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

System errors:
=============
Error: (12/04/2015 10:28:58 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #26, {CCD4BFF1-875F-4932-A349-0FAEA3213EC3}, had event 76

Error: (12/03/2015 10:29:33 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {1E9D6717-96F2-4912-8159-6E431CDEBCE3}, had event 76

Error: (12/02/2015 10:25:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {90AF029F-CF48-4E2B-92C4-A75281128418}, had event 76

Error: (12/01/2015 10:23:02 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {EB8B15E3-0A3B-43C2-BC96-919DD15CD7BD}, had event 76

Error: (11/30/2015 10:20:11 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {DBBE70D6-594A-4C68-AC3F-16B8222E3AB3}, had event 76

Error: (11/29/2015 10:17:19 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {32A3C5BC-3081-4115-A07D-64CE61168B25}, had event 76

Error: (11/28/2015 10:14:29 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {DA99CADA-992B-47E5-B852-D6EA0DF5E709}, had event 76

Error: (11/28/2015 12:48:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/27/2015 10:25:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/27/2015 10:11:17 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Win32 Adapter OAS #25, {952CFF0B-D777-4D0E-A9CD-53AED5435EA1}, had event 76

CodeIntegrity:
===================================
  Date: 2015-12-05 08:56:17.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-05 08:56:17.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-28 09:19:11.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:57:44.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:38:37.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:38:37.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:32:10.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 06:32:10.632
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 03:49:02.896
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 03:49:02.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 48%
Total physical RAM: 7373.8 MB
Available physical RAM: 3775.33 MB
Total Virtual: 14797.8 MB
Available Virtual: 10330.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:257.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C834FA10)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================