POP-up

[flashh4]

This is from my own computer that i use to remove Malware here at BT ! Somewhere i picked up a pop-up. Now to see what we find !

I am posting this to show that anyone can become infected even Malware Removal Specialist !!

 

This is the AdwCleaner log !!

# AdwCleaner v5.030 - Logfile created 19/01/2016 at 18:49:57
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : charles - BETTY
# Running from : C:\Users\charles\Downloads\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : VOTPrx

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\VOTPrxOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\VOTPrxOff.ini

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VOTPrx.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0B7CB21B-2D13-4315-9E35-69742BF77530}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4087 bytes] ##########

[flashh4]

Hey ........ this is the Junkware Removal Tool log !!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by charles (Administrator) on Tue 01/19/2016 at 18:56:48.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 3

Failed to delete: C:\WINDOWS\system32\drivers\votw864.sys (File)
Successfully deleted: C:\WINDOWS\system32\VOTPrxOff.ini (File)
Successfully deleted: C:\WINDOWS\SysWOW64\VOTPrxOff.ini (File)

 

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\VOTw8 (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/19/2016 at 18:58:48.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[flashh4]

This is my Malwarebytes log !!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2016
Scan Time: 7:03 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.19.06
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: charles

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346089
Time Elapsed: 11 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 53
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.LSPLogic, Quarantined, [136f57e45d3c90a613194743d42ed030],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.LSPLogic, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.LSPLogic, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.LSPLogic.1, Quarantined, [760cb6851782a1951418d1b9cd357b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableHolder, Quarantined, [325063d84e4b48ee4ce1e6a457ab6f91],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableHolder, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableHolder, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableHolder.1, Quarantined, [ea98f546d1c8d95db578573340c20000],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableFields, Quarantined, [1c668caf7623c076170efa90649e8b75],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableFields, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableFields, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTableFields.1, Quarantined, [136f0734bcddea4cf035e2a8cf339967],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.ReadOnlyManager, Quarantined, [daa82813267352e4ff28aae032d07f81],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.ReadOnlyManager, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.ReadOnlyManager, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.ReadOnlyManager.1, Quarantined, [89f9e853504959dd6bbc7e0c0101e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.WFPController, Quarantined, [a0e2d962623788aee2467713bf43ff01],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.WFPController, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.WFPController, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.WFPController.1, Quarantined, [98ea67d463364fe7eb3dc1c96d957789],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataController, Quarantined, [f38fad8e6a2f58dec8610882c83a4db3],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataController, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataController, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataController.1, Quarantined, [f58de655e9b0a6906ebbd7b3689a7b85],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTable, Quarantined, [562cfc3f90099a9c80aa87035fa3e719],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTable, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTable, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataTable.1, Quarantined, [d1b11427a4f5f4428b9f7713be442ad6],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataContainer, Quarantined, [641ea497dbbefe3850dbc9c1986a33cd],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataContainer, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataContainer, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VOTPrxLib.DataContainer.1, Quarantined, [99e9112a12879d9930fb42487b87817f],
PUP.Optional.ArcadeTwist, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8DCC92D3-78FC-EA7DB7F7-C0F58A4BBCCA}, Quarantined, [3a48b9823d5cb482138fbd1fe81c0ef2],
PUP.Optional.ArcadeCandy.WnskRST, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\VOTPrx, Quarantined, [730fe457c8d1c4721cd227fd0301639d],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\NowUSeeItPlayer, Quarantined, [88fa3902eeab5bdb3f8bed2cd52f7e82],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\nowuseeitplayer.com, Quarantined, [c3bf70cb702984b28da6909054b03bc5],
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ui.nowuseeitplayer.com, Quarantined, [c0c2fd3e6336d66086ad75ab21e35da3],

Registry Values: 5
PUP.Optional.NowUSeeItPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NowUSeeItPlayer.exe, 11000, Quarantined, [3250fc3f02972610451176bb010306fa]
Adware.NowUSeeIt, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb]
Adware.NowUSeeIt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb]
PUP.Optional.NowUSeeItPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [3a48a5967920de589d156666639f8d73]
PUP.Optional.NowUSeeItPlayer, HKU\S-1-5-21-3005563442-2442359175-2949884201-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [3a48a5967920de589d156666639f8d73]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\locales, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\plugin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx, Quarantined, [3f430932c2d72c0a2ae8e7e4fc064ab6],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer, Quarantined, [3a48a5967920de589d156666639f8d73],

Files: 64
PUP.Optional.ArcadeTwist, C:\Windows\System32\drivers\VOTw864.sys, Delete-on-Reboot, [ea9875c60b8e71c5dcc6b02c0103b34d],
Trojan.Crypt, C:\Users\charles\AppData\Local\Temp\j8mdxE\2bdfm91.dll, Quarantined, [87fb93a83d5cc86e5129fba35fa2946c],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\Temp\j8mdxE\141\atw_stub_tightrope_4.exe, Quarantined, [e49e1b20b5e4de58554da636ee16fc04],
PUP.Optional.OneSystemCare, C:\Users\charles\AppData\Local\Temp\j8mdxE\143\OneSystemCare.exe, Quarantined, [057da794f3a69f97c64cd3f9ca373fc1],
PUP.Optional.OpenCandy, C:\Users\charles\Downloads\DoNotSpy10-1.0.0.2-Setup(1).exe, Quarantined, [dba7ed4ef6a3be785b28f63245bd956b],
PUP.Optional.OpenCandy, C:\Users\charles\Downloads\DoNotSpy10-1.0.0.2-Setup.exe, Quarantined, [86fc9ba01a7f5adcb3d09494ad55e719],
PUP.Optional.InstallCore, C:\Users\charles\Downloads\safari-for-mac-and-windows.exe, Quarantined, [384a78c38415e353f1e872de0ef3619f],
PUP.Optional.InstallCore, C:\Users\charles\Downloads\Mozilla_Firefox_setup.exe, Quarantined, [037f8ead7029e84ecb76726c45bfb44c],
PUP.Optional.DownloadGuide, C:\Users\charles\Downloads\multiplyroi_free-photo-viewer-16679631.exe, Quarantined, [e49e8caf1089e4528fe0933d659c45bb],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\freebl3.dll, Quarantined, [562c86b508919c9aced4cc10b54f8d73],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libnspr4.dll, Quarantined, [89f9e457c4d56ccaa9f9b62631d3d52b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libplc4.dll, Quarantined, [e1a193a81b7e80b6f0b238a4ab59c53b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\libplds4.dll, Quarantined, [226092a9980148eeb4ee3aa2b94b956b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nss3.dll, Quarantined, [3b4756e5a1f894a20e94cc107d87827e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssckbi.dll, Quarantined, [2c563efdc4d53df9a5fd0ece5da731cf],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssdbm3.dll, Quarantined, [6f13e05badec48eebfe305d746bef808],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\nssutil3.dll, Quarantined, [96ece8536d2c9d994260a438a95b748c],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\smime3.dll, Quarantined, [1d651229a1f891a5990934a8b94bae52],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\softokn3.dll, Quarantined, [abd7d5664c4ddb5b930f7d5f7193857b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\sqlite3.dll, Quarantined, [176ba299cccdcf67faa8c21ac04433cd],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\ssl3.dll, Quarantined, [9be7f34839602313445ee9f3ce3640c0],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTCerInst.dll, Quarantined, [5e242b10fe9b3ef83b673aa2e0241be5],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstW8.exe, Quarantined, [f88a8daec0d90d297131efedc143e21e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP.exe, Quarantined, [532f07342772d561dcc65983c93b51af],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP64.exe, Quarantined, [b7cbd16a3d5c082e356d53892ada10f0],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.dll, Quarantined, [fc860b308c0d5cda8919588450b45aa6],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.exe, Quarantined, [344eea51c8d1c86e336febf1e024c53b],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx64.dll, Quarantined, [552d13283069f73f19895884bb498d73],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTw8.sys, Quarantined, [5f23b883dfba89ad732f835955afbc44],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\AcidThunde56\VOTw864.sys, Quarantined, [235f9f9c8316280ef9a9d705b94b23dd],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exabolish.exe, Quarantined, [3a48b9823d5cb482138fbd1fe81c0ef2],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Excopy.exe, Quarantined, [354df645bedb22148c168f4d45bf38c8],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exexplore.exe, Quarantined, [384a83b8a8f1ef475949ffddc63ec23e],
PUP.Optional.ArcadeTwist, C:\Users\charles\AppData\Local\ExprCanv5\Exverify.dll, Quarantined, [760c4deea0f9bb7b069ca339ad576799],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\VOTPrx.tlb, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\PCProxy.tlb, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\AcidThunde56\VOTInstWXP.ini, Quarantined, [552d52e9c9d0191d1e8ca27024e0718f],
PUP.Optional.Winsock.WnskRST, C:\Windows\Temp\VOTPrx.log, Quarantined, [285ad16a7722d660074834df71938977],
PUP.Optional.Winsock.WnskRST, C:\Users\charles\AppData\Local\Temp\VOTPrxr.log, Quarantined, [a4deee4df7a2fb3bbd9355befd078f71],
PUP.Optional.Winsock.WnskRST, C:\Windows\Temp\VOTPrxr.log, Quarantined, [3e447bc02a6ff343430d997a778d52ae],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\NowUSeeItPlayer.dat, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_100_percent.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_200_percent.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_extensions.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\cef_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\component_extension_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\content_resources.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\d3dcompiler_47.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\icudtl.dat, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libcef.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libEGL.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\libGLESv2.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\natives_blob.bin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\NowUSeeItPlayerBrowser.exe, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\snapshot_blob.bin, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\widevinecdm.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\widevinecdmadapter.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\locales\en-US.pak, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Users\charles\AppData\Local\NowUSeeItPlayer\plugin\pepflashplayer32_19_0_0_226.dll, Quarantined, [047eb2897f1a73c3d7f20c0da95b16ea],
Adware.NowUSeeIt, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe, Quarantined, [bbc77cbffc9d77bf102440e0d62e35cb],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx\VOTPrx.ini, Quarantined, [3f430932c2d72c0a2ae8e7e4fc064ab6],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.dll, Quarantined, [3a48a5967920de589d156666639f8d73],
PUP.Optional.NowUSeeItPlayer, C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe, Quarantined, [3a48a5967920de589d156666639f8d73],

Physical Sectors: 0
(No malicious items detected)

(end)

[flashh4]

Now the OTL scan log !!

 

OTL logfile created on: 1/19/2016 7:37:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\charles\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.69 Gb Total Physical Memory | 14.03 Gb Available Physical Memory | 89.45% Memory free
18.06 Gb Paging File | 16.34 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.73 Gb Total Space | 869.04 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive D: | 15.87 Gb Total Space | 1.99 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
 
Computer Name: BETTY | User Name: charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2016/01/19 19:37:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\charles\Downloads\OTL.scr
PRC - [2016/01/06 15:01:51 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/12/17 07:15:04 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2015/11/30 03:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/06/23 09:39:28 | 000,060,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/17 07:15:04 | 021,845,504 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2015/12/17 07:15:04 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2015/12/17 07:15:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/01/04 18:49:33 | 000,749,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/01/04 18:43:47 | 000,912,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/12/06 21:15:40 | 001,035,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/12/06 21:04:20 | 000,066,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/12/06 21:00:52 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/12/06 20:56:18 | 000,607,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/12/03 17:05:18 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/12/03 17:05:08 | 001,223,168 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/12/03 17:05:08 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/12/03 17:05:08 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/12/03 17:05:07 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/12/03 17:05:07 | 000,087,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2015/10/30 00:19:28 | 001,073,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/10/30 00:19:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/10/30 00:19:26 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/10/30 00:19:26 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/10/30 00:18:46 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/10/30 00:18:43 | 001,872,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/10/30 00:18:41 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/30 00:18:19 | 001,297,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/10/30 00:18:18 | 000,729,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/10/30 00:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/10/30 00:18:03 | 001,613,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/10/30 00:18:01 | 001,491,456 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 001,130,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/10/30 00:18:01 | 000,649,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,587,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/10/30 00:18:01 | 000,490,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/10/30 00:18:01 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/10/30 00:18:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/10/30 00:18:01 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/10/30 00:18:01 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/10/30 00:17:59 | 002,745,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/10/30 00:17:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/10/30 00:17:59 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/10/30 00:17:58 | 000,764,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/10/30 00:17:58 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/10/30 00:17:54 | 003,449,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/10/30 00:17:54 | 001,090,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/10/30 00:17:54 | 000,360,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/10/30 00:17:53 | 002,058,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/10/30 00:17:53 | 000,846,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/10/30 00:17:53 | 000,625,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/10/30 00:17:53 | 000,361,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/10/30 00:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/10/30 00:17:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/10/30 00:17:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/10/30 00:17:52 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/10/30 00:17:51 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/10/30 00:17:50 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/10/30 00:17:50 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2b9756d)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_30365)
SRV:64bit: - [2015/10/30 00:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2b9756d)
SRV:64bit: - [2015/10/30 00:17:48 | 000,444,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/10/30 00:17:48 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/10/30 00:17:47 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/10/30 00:17:46 | 000,290,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2015/10/30 00:17:46 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/10/30 00:17:46 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/10/30 00:17:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/10/30 00:17:45 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 002,156,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 000,278,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/10/30 00:17:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/10/30 00:17:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2015/10/30 00:17:40 | 000,590,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/10/30 00:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/10/30 00:17:37 | 000,380,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/10/30 00:17:37 | 000,364,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/10/30 00:17:37 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/10/30 00:17:37 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/10/30 00:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/10/30 00:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/10/30 00:17:18 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015/07/13 19:24:52 | 000,263,232 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015/06/24 21:57:00 | 000,303,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2016/01/19 18:27:28 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/06 15:01:50 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/12/03 17:05:08 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/11/30 03:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/10/30 00:18:31 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:18:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:18:29 | 000,461,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:18:23 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/10/30 00:18:21 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/23 09:39:28 | 000,060,432 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/03 17:05:07 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/12/03 17:05:07 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/12/03 07:35:58 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (lvrs64)
DRV:64bit: - [2015/12/03 07:35:34 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2015/10/30 02:07:05 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/10/30 02:06:56 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/10/30 00:19:39 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/10/30 00:18:42 | 000,052,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/10/30 00:18:09 | 000,930,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/10/30 00:18:09 | 000,385,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/10/30 00:18:08 | 000,218,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/10/30 00:18:03 | 000,200,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/10/30 00:18:03 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/10/30 00:18:03 | 000,078,848 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/10/30 00:18:03 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/10/30 00:18:03 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/10/30 00:18:03 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/10/30 00:18:03 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/10/30 00:18:01 | 000,154,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/10/30 00:17:57 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/10/30 00:17:52 | 000,254,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/10/30 00:17:52 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/10/30 00:17:52 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/10/30 00:17:52 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/10/30 00:17:51 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/10/30 00:17:51 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/10/30 00:17:51 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/10/30 00:17:51 | 000,074,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/10/30 00:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/10/30 00:17:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/10/30 00:17:46 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/10/30 00:17:46 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/10/30 00:17:42 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/10/30 00:17:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/10/30 00:17:40 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/10/30 00:17:39 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/10/30 00:17:37 | 000,293,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/10/30 00:17:37 | 000,209,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/10/30 00:17:37 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/10/30 00:17:37 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/10/30 00:17:37 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/10/30 00:17:37 | 000,099,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/10/30 00:17:37 | 000,087,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/10/30 00:17:37 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2015/10/30 00:17:37 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/10/30 00:17:37 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/10/30 00:17:37 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/10/30 00:17:26 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/10/30 00:17:25 | 000,046,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/10/30 00:17:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/10/30 00:17:25 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/10/30 00:17:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/10/30 00:17:25 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/10/30 00:17:23 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/10/30 00:17:23 | 000,534,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/30 00:17:23 | 000,532,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/10/30 00:17:23 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/10/30 00:17:23 | 000,378,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/10/30 00:17:23 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/10/30 00:17:23 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/10/30 00:17:23 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/10/30 00:17:23 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/10/30 00:17:23 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/10/30 00:17:23 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/10/30 00:17:23 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/10/30 00:17:23 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/10/30 00:17:23 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/10/30 00:17:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/10/30 00:17:23 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/10/30 00:17:23 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/10/30 00:17:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/10/30 00:17:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/10/30 00:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/10/30 00:17:23 | 000,034,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/10/30 00:17:23 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/10/30 00:17:23 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/10/30 00:17:22 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/10/30 00:17:22 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/10/30 00:17:22 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/10/30 00:17:22 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/10/30 00:17:22 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/10/30 00:17:22 | 000,238,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/10/30 00:17:22 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/10/30 00:17:22 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/10/30 00:17:22 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/10/30 00:17:22 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/10/30 00:17:22 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/10/30 00:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/10/30 00:17:22 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/10/30 00:17:22 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/10/30 00:17:22 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/10/30 00:17:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/10/30 00:17:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/10/30 00:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/10/30 00:17:22 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/10/30 00:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/10/30 00:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2015/10/30 00:17:18 | 000,277,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/10/30 00:17:18 | 000,165,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2015/10/30 00:17:18 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/10/30 00:17:18 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/10/30 00:17:18 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2015/10/30 00:17:18 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/10/30 00:17:18 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/10/30 00:17:18 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/10/30 00:17:18 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/10/30 00:17:18 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/10/30 00:17:18 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/10/30 00:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/10/30 00:17:18 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/10/30 00:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/10/30 00:17:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/10/30 00:17:18 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/10/30 00:17:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/10/29 21:51:28 | 004,629,744 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2015/10/29 21:50:56 | 000,896,752 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/10 13:24:04 | 000,095,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2015/07/13 19:24:54 | 021,637,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015/07/13 19:24:52 | 000,682,056 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015/06/23 09:39:28 | 000,277,240 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdpsp.sys -- (amdpsp)
DRV:64bit: - [2015/06/23 09:39:28 | 000,101,104 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdkmcsp.sys -- (amdkmcsp)
DRV:64bit: - [2015/05/28 06:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/06/16 20:53:26 | 000,036,608 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2013/07/18 16:00:04 | 000,083,224 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2015/10/30 00:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = C4 73 65 E6 06 32 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 13 00 00 00 78 2A D5 92 33 8B 22 16 88 E3 29 8A DE EE A9 1C D3 7D EA 02 00 00 00 0E 00 00 00 4E 4E 64 72 68 74 54 43 74 58 38 25 33 64  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.cohort: "search"
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=U143&ocid=U143DHP&osmkt=en-us"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\charles\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Users\charles\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/12/03 07:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Extensions
[2016/01/19 10:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions
[2016/01/19 10:41:28 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/01/06 15:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/06 15:01:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015/12/03 07:44:18 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BingSvc] C:\Users\charles\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [OneDrive] C:\Users\charles\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8245ee03-771d-4049-b3fd-e208d0a19285}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/01/19 19:02:38 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/19 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/19 19:02:12 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2016/01/19 19:02:12 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2016/01/19 19:02:12 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2016/01/19 19:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/01/19 19:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/19 18:48:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/19 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\CEF
[2016/01/19 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\f3d1e640-6a17-0
[2016/01/19 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\f3d1e640-0a51-1
[2016/01/19 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\ExprCanv5
[2016/01/13 10:42:25 | 016,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/01/13 10:42:24 | 013,018,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/01/13 10:42:19 | 003,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/01/13 10:42:19 | 002,544,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/01/13 10:42:19 | 002,180,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/01/13 10:42:18 | 022,393,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/01/13 10:42:16 | 002,796,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/01/13 10:42:15 | 018,677,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/01/13 10:42:12 | 001,299,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2016/01/13 10:42:12 | 001,118,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/01/13 10:42:11 | 007,477,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/01/13 10:42:10 | 007,826,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/01/13 10:42:10 | 000,569,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll
[2016/01/13 10:42:09 | 000,912,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2016/01/13 10:42:09 | 000,808,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2016/01/13 10:42:09 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll
[2016/01/13 10:42:08 | 005,660,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/01/13 10:42:08 | 000,703,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2016/01/13 10:42:08 | 000,245,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2016/01/13 10:42:08 | 000,116,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfps.dll
[2016/01/13 10:42:07 | 004,894,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/01/13 10:42:07 | 000,786,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMADMOD.DLL
[2016/01/13 10:42:06 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOD.DLL
[2016/01/13 10:42:06 | 000,858,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2016/01/13 10:42:06 | 000,796,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/01/13 10:42:06 | 000,701,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/01/13 10:42:06 | 000,695,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMADMOD.DLL
[2016/01/13 10:42:06 | 000,638,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/01/13 10:42:05 | 001,674,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2016/01/13 10:42:05 | 000,785,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\evr.dll
[2016/01/13 10:42:05 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2016/01/13 10:42:04 | 000,890,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
[2016/01/13 10:42:04 | 000,848,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/01/13 10:42:04 | 000,713,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/01/13 10:42:04 | 000,513,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/01/13 10:42:03 | 001,804,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMALFXGFXDSP.dll
[2016/01/13 10:42:03 | 001,594,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2016/01/13 10:42:03 | 000,709,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/01/13 10:42:03 | 000,671,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\advapi32.dll
[2016/01/13 10:42:03 | 000,652,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\evr.dll
[2016/01/13 10:42:03 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/01/13 10:42:02 | 001,542,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2016/01/13 10:42:02 | 001,309,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/01/13 10:42:02 | 000,644,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2016/01/13 10:42:02 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/01/13 10:42:02 | 000,584,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/01/13 10:42:01 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOE.DLL
[2016/01/13 10:42:01 | 001,173,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/01/13 10:42:01 | 000,749,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneService.dll
[2016/01/13 10:42:01 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/01/13 10:42:01 | 000,234,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mftranscode.dll
[2016/01/13 10:42:01 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/01/13 10:42:01 | 000,208,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mftranscode.dll
[2016/01/13 10:42:01 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP3DMOD.DLL
[2016/01/13 10:42:00 | 001,317,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/01/13 10:42:00 | 001,141,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/01/13 10:42:00 | 000,678,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2016/01/13 10:42:00 | 000,558,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2016/01/13 10:42:00 | 000,119,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP3DMOD.DLL
[2016/01/13 10:42:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgrcli.dll
[2016/01/13 10:41:59 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2016/01/13 10:41:59 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityCommon.dll
[2016/01/13 10:41:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshom.ocx
[2016/01/13 10:41:59 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmclient.exe
[2016/01/13 10:41:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll
[2016/01/13 10:41:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usermgrcli.dll
[2016/01/13 10:41:58 | 001,070,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
[2016/01/13 10:41:58 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DscCore.dll
[2016/01/13 10:41:58 | 000,305,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ksproxy.ax
[2016/01/13 10:41:58 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2016/01/13 10:41:58 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ksproxy.ax
[2016/01/13 10:41:58 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshom.ocx
[2016/01/13 10:41:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMSRoamingSecurity.dll
[2016/01/13 10:41:57 | 001,582,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2016/01/13 10:41:57 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/01/13 10:41:57 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2016/01/13 10:41:57 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/01/13 10:41:57 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/01/06 15:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/12/25 09:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/01/19 19:39:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ClutterSto833.job
[2016/01/19 19:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/01/19 19:22:57 | 000,879,220 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/01/19 19:22:57 | 000,743,336 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/01/19 19:22:57 | 000,138,962 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/01/19 19:20:37 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/01/19 19:19:31 | 000,496,879 | ---- | M] () -- C:\WINDOWS\SysWow64\rootpa.e2e
[2016/01/19 19:19:26 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/19 19:18:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/01/19 19:18:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\lvuvc.hs
[2016/01/19 19:18:28 | 2441,895,935 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/19 19:18:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2016/01/19 19:02:22 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/19 18:31:41 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\CellulPow956.job
[2016/01/18 16:34:33 | 000,000,824 | ---- | M] () -- C:\Users\charles\Desktop\Dave Ramsey.rtf
[2016/01/18 07:28:11 | 000,001,171 | ---- | M] () -- C:\Users\charles\Desktop\KeePass.lnk
[2016/01/04 19:51:20 | 007,477,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/01/04 19:51:19 | 001,317,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/01/04 19:51:19 | 001,141,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/01/04 19:50:53 | 000,713,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2016/01/04 19:50:44 | 001,173,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2016/01/04 19:50:11 | 000,671,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\advapi32.dll
[2016/01/04 19:49:06 | 000,513,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2016/01/04 19:37:53 | 002,544,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/01/04 19:37:52 | 001,299,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2016/01/04 19:37:52 | 000,858,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2016/01/04 19:37:52 | 000,848,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/01/04 19:37:51 | 000,785,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\evr.dll
[2016/01/04 19:37:50 | 000,245,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2016/01/04 19:37:47 | 000,234,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mftranscode.dll
[2016/01/04 19:36:37 | 000,808,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2016/01/04 19:33:24 | 002,180,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/01/04 19:33:19 | 001,118,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/01/04 19:33:18 | 000,701,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/01/04 19:33:18 | 000,652,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\evr.dll
[2016/01/04 19:33:17 | 000,709,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/01/04 19:33:17 | 000,208,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mftranscode.dll
[2016/01/04 19:33:16 | 000,116,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfps.dll
[2016/01/04 19:31:38 | 000,703,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2016/01/04 19:27:02 | 001,594,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2016/01/04 19:24:13 | 000,796,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2016/01/04 19:23:42 | 001,309,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/01/04 19:23:32 | 000,786,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMADMOD.DLL
[2016/01/04 19:23:12 | 001,804,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMALFXGFXDSP.dll
[2016/01/04 19:23:10 | 000,119,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP3DMOD.DLL
[2016/01/04 19:17:18 | 000,695,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMADMOD.DLL
[2016/01/04 19:16:58 | 000,100,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP3DMOD.DLL
[2016/01/04 18:59:10 | 022,393,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/01/04 18:57:09 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMSRoamingSecurity.dll
[2016/01/04 18:57:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgrcli.dll
[2016/01/04 18:57:00 | 016,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/01/04 18:56:09 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\omadmclient.exe
[2016/01/04 18:54:30 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2016/01/04 18:53:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshom.ocx
[2016/01/04 18:52:39 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2016/01/04 18:51:51 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DscCore.dll
[2016/01/04 18:51:09 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2016/01/04 18:50:20 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2016/01/04 18:50:17 | 000,638,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/01/04 18:50:14 | 000,644,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2016/01/04 18:49:34 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOE.DLL
[2016/01/04 18:49:33 | 000,749,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneService.dll
[2016/01/04 18:49:30 | 000,764,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2016/01/04 18:49:25 | 001,582,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2016/01/04 18:49:16 | 013,018,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/01/04 18:49:15 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityCommon.dll
[2016/01/04 18:48:52 | 001,009,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMSPDMOD.DLL
[2016/01/04 18:48:14 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usermgrcli.dll
[2016/01/04 18:48:02 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll
[2016/01/04 18:47:41 | 000,305,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ksproxy.ax
[2016/01/04 18:47:25 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MessagingDataModel2.dll
[2016/01/04 18:45:22 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2016/01/04 18:45:17 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2016/01/04 18:44:16 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshom.ocx
[2016/01/04 18:43:59 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2016/01/04 18:43:47 | 000,912,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2016/01/04 18:43:38 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/01/04 18:42:34 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/01/04 18:41:55 | 018,677,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/01/04 18:41:45 | 000,558,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2016/01/04 18:41:00 | 001,070,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
[2016/01/04 18:40:48 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll
[2016/01/04 18:40:28 | 000,890,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
[2016/01/04 18:39:45 | 000,569,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll
[2016/01/04 18:39:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ksproxy.ax
[2016/01/04 18:39:26 | 003,428,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/01/04 18:39:12 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
[2016/01/04 18:36:38 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2016/01/04 18:33:02 | 001,674,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2016/01/04 18:30:15 | 002,796,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/01/04 18:28:41 | 004,894,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/01/04 18:28:32 | 001,542,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2016/01/04 18:28:31 | 007,826,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/01/04 18:25:44 | 005,660,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/01/02 18:40:25 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/01/02 18:40:25 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/12/26 07:00:45 | 000,010,043 | ---- | M] () -- C:\Users\charles\Desktop\Windows 10 Info.rtf
[2015/12/25 19:05:39 | 000,004,931 | ---- | M] () -- C:\Users\charles\Desktop\Phone Numbers.rtf
[2015/12/25 09:40:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/01/19 19:02:22 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/19 15:07:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\CellulPow956.job
[2016/01/19 15:07:36 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ClutterSto833.job
[2016/01/18 09:08:15 | 000,000,824 | ---- | C] () -- C:\Users\charles\Desktop\Dave Ramsey.rtf
[2015/12/25 09:40:14 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/12/03 17:05:08 | 001,859,448 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/12/03 16:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/03 16:17:13 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/03 07:35:33 | 000,103,272 | ---- | C] () -- C:\WINDOWS\SysWow64\LogiDPPApp.exe
[2015/12/03 07:35:32 | 010,919,784 | ---- | C] () -- C:\WINDOWS\SysWow64\LogiDPP.dll
[2015/12/03 07:35:32 | 000,336,232 | ---- | C] () -- C:\WINDOWS\SysWow64\DevManagerCore.dll
[2015/10/30 00:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/10/30 00:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/10/30 00:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/10/30 00:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/10/30 00:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/10/30 00:18:34 | 000,157,696 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/10/30 00:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015/10/30 00:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 00:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/10/30 00:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/10/30 00:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/10/30 00:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 00:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 00:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 00:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/07/13 19:24:54 | 000,119,880 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015/07/13 19:24:52 | 000,161,352 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/07/13 19:24:50 | 001,012,824 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/07/13 19:24:50 | 000,816,216 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/07/13 19:24:48 | 000,207,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/07/13 19:24:48 | 000,140,864 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/07/13 17:05:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/13 17:05:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/06/23 09:33:20 | 000,002,473 | ---- | C] () -- C:\WINDOWS\SysWow64\tbaseprovisioning.exe.config
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/10/30 00:17:59 | 006,601,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/10/30 00:18:31 | 005,237,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 00:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 00:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/12/03 08:23:33 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\KeePass
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\charles\OneDrive:ms-properties

< End of report >

 

[flashh4]

Running this OTL fix !!

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll File not found
[2015/12/03 07:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Extensions
[2016/01/19 10:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions
[2016/01/19 10:41:28 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/01/06 15:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O4 - HKCU..\RunOnce: [Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

[flashh4]

Ran the OTL fix log !!

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\charles\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\charles\AppData\Roaming\mozilla\Firefox\Profiles\ri9slipv.default\extensions folder moved successfully.
File C:\Users\charles\AppData\Roaming\mozilla\firefox\profiles\ri9slipv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\charles\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: charles
->Java cache emptied: 3082665 bytes
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Public
 
Total Java Files Cleaned = 3.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: charles
->Flash cache emptied: 12788 bytes
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: charles
->Temp folder emptied: 262160016 bytes
->Temporary Internet Files folder emptied: 41633966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 370045684 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
%systemdrive% .tmp files removed: 146323 bytes
%systemroot% .tmp files removed: 375296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13666939 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 656.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01192016_200248

Files\Folders moved on Reboot...
File move failed. C:\Users\charles\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[flashh4]

Ran the Delfix to remove all tools/programs and their logs 111

 

NOW REMEMBER PEOPLE WHO READ THIS THERE IS MORE SCRIPT ADDED TO SOME SCANS TO REMOVE OTHER STUFF !! SO DO NOT USE THIS AS A GUIDE TO CLEAN YOUR COMPUTER> IF YOU FEEL YOU NEED CLEANING PLEASE CONTACT ME BEFORE RUNNING THESE SCANS !!

Thanks

Chuck

[flashh4]

NO MORE POP_UPS !!! YAHOOOOOO

Chuck