Is this the result of a virus?

Every time I open my browser, it has reset the home page to something other than Google.... Here is a screenshot... Then, it opens the settings menu...

Also, it always asks me if I want to make Firefox default and I uncheck it every time, but it still asks me...

Here's two screenshots...

Your browser could be hijacked due to malware. Do some scans and see how it is.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

Where does it take you when you open firefox? According to your image, that is google. You also need to check the box along with clicking on the box that says use firefox as my default browser.

johnb35 said:

You also need to check the box

Click to expand...

Only if you want it to check every time. You're supposed to untick the box and click to make it default.

But if it is his default browser, might as well tick it so it gets set correctly. In his default programs image, it doesn't show what his default browser is. Without images of what webpages are opening then we can only assume he isn't infected.

But then it will always pop up and ask him.

johnb35 said:

Where does it take you when you open firefox? According to your image, that is google. You also need to check the box along with clicking on the box that says use firefox as my default browser.

Click to expand...

That's because I had just changed it back to Google while that browser was open.

As soon as I close and open it again, it takes me to Yahoo! Search and makes that my default search engine after having changed it...

I'm going to install all those programs in the first thread and I bet that will fix it...

# AdwCleaner v5.032 - Logfile created 03/02/2016 at 23:35:46
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 10 Home (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\Computer Cleaning Programs\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\WinZip Malware Protector
[-] Folder Deleted : C:\Program Files\WinZip Registry Optimizer
[-] Folder Deleted : C:\Program Files\Search Know
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
[-] Folder Deleted : C:\Users\User\REACHit

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\roboot.exe
[-] File Deleted : C:\WINDOWS\system32\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6F387E5F-B247-45E2-A4B9-A1291DF085E4}
[-] Key Deleted : HKCU\Software\CoinisRS
[-] Key Deleted : HKCU\Software\ICSW1.17
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKCU\Software\Wincy
[-] Key Deleted : HKLM\SOFTWARE\SearchKnow
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincy
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\CoinisRS
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\ICSW1.17
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\PRODUCTSETUP
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\undefined
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\Wincy
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKU\S-1-5-21-3354214924-4125877794-2940462424-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}

***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA1HeVhaAg0TDAZAdVsVVVwURRhCcQsKTAEUQwNFeAEBVA5HExNBNARaB0tXUUEeGGlxR1dMclBCMlpQKlceVg==");
[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Amazon.com,Bing,DuckDuckGo,eBay,Palikan,Twitter,Wikipedia (en),Yahoo");
[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbJABZA1pFQxgQIwxaTA0URFEOIQgKUxRJRFcVJgEAWAxGFwcFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI=");
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Search Provided by Yahoo.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Palikan.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchinterneat-a.akamaihd.net
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbJABZA1pFQxgQIwxaTA0URFEOIQgKUxRJRFcVJgEAWAxGFwcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFcWFgTQgFBbQpbVFtcFVBGJBRZUAtDDA1GIg9eWQFIFAIVch9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_50&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0BtByByE0BtDtA0Fzy0DtN0D0Tzu0StCyEyEtBtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyEyDtAzzyBtD0AtGyDzyyEzytGtCyCtByBtGyBtBtDtAtGyDtC0F0EyBzzyDtDtCyD0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0F0A0AzytBtDtAtG0E0Dzz0EtGyEtD0D0AtG0AzyyEyBtGyC0F0CyB0D0FyC0Ezz0EtCtB2QtN0A0LzutB&cr=139641085&ir=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5844 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x86
Ran by User (Administrator) on Wed 02/03/2016 at 23:41:24.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\nico mak computing (Folder)
Successfully deleted: C:\Users\User\AppData\Roaming\nico mak computing (Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdc9b2b6-5796-4d44-bc7a-2fa644057d7f} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/03/2016 at 23:45:24.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 2/4/2016 1:58:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Computer Cleaning Programs
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 63.71% Memory free
7.00 Gb Paging File | 5.57 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.35 Gb Total Space | 193.38 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2016/02/04 01:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Computer Cleaning Programs\OTL.exe
PRC - [2016/02/03 03:18:19 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2016/01/27 11:19:48 | 000,016,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
PRC - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/01/20 22:17:19 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
PRC - [2016/01/20 22:13:33 | 003,034,624 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\Calculator.exe
PRC - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/01/07 14:15:38 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016/01/04 21:44:14 | 006,082,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2015/12/26 23:39:09 | 007,021,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/07 00:01:37 | 001,351,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
PRC - [2015/10/30 00:45:06 | 001,358,688 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
PRC - [2015/10/30 00:45:04 | 004,064,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2015/10/30 00:45:04 | 000,252,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LockAppHost.exe
PRC - [2015/10/30 00:45:03 | 000,036,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ApplicationFrameHost.exe
PRC - [2015/10/30 00:44:55 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sihost.exe
PRC - [2015/10/30 00:44:46 | 000,073,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2015/10/30 00:44:45 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2015/10/30 00:44:40 | 000,071,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostw.exe
PRC - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
PRC - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
========== Modules (No Company Name) ==========
MOD - [2016/01/27 11:19:48 | 012,345,856 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
MOD - [2016/01/27 11:19:48 | 000,016,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
MOD - [2016/01/21 22:40:51 | 022,330,368 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/01/21 22:40:51 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2016/01/20 22:17:19 | 017,882,304 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_20_0_0_286.dll
MOD - [2016/01/20 22:13:33 | 003,034,624 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\Calculator.exe
MOD - [2016/01/16 00:09:45 | 002,656,768 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
MOD - [2016/01/16 00:06:42 | 002,366,464 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
MOD - [2016/01/04 20:23:28 | 005,340,672 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
MOD - [2016/01/04 20:19:27 | 000,471,552 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
MOD - [2015/12/26 23:39:11 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/12/26 23:39:07 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/12/26 23:39:06 | 000,469,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/12/26 23:39:02 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/12/15 03:13:05 | 000,169,984 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
MOD - [2015/12/10 03:01:38 | 000,169,984 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
MOD - [2015/12/08 20:11:07 | 001,859,448 | ---- | M] () -- C:\Windows\System32\CoreUIComponents.dll
MOD - [2015/12/06 23:11:10 | 000,070,656 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
MOD - [2015/12/06 22:57:01 | 000,316,416 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
MOD - [2015/10/30 00:45:06 | 001,358,688 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
========== Services (SafeList) ==========
SRV - [2016/01/20 22:17:20 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/16 00:29:08 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2016/01/16 00:27:16 | 000,411,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SmsRouterSvc.dll -- (SmsRouter)
SRV - [2016/01/16 00:27:03 | 000,238,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2016/01/16 00:19:43 | 001,552,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/01/07 14:15:38 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/04 20:41:02 | 000,588,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PhoneService.dll -- (PhoneSvc)
SRV - [2016/01/04 20:35:58 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\usermgr.dll -- (UserManager)
SRV - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/08 20:11:07 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\Unistore.dll -- (UnistoreSvc)
SRV - [2015/12/08 20:11:07 | 000,538,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblAuthManager.dll -- (XblAuthManager)
SRV - [2015/12/08 20:11:07 | 000,240,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorService.dll -- (SensorService)
SRV - [2015/12/08 20:11:07 | 000,131,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tetheringservice.dll -- (icssvc)
SRV - [2015/12/08 20:11:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\tzautoupdate.dll -- (tzautoupdate)
SRV - [2015/12/08 20:03:59 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/12/08 20:03:57 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/12/06 23:12:17 | 000,820,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV - [2015/12/06 23:00:38 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\moshost.dll -- (MapsBroker)
SRV - [2015/12/06 22:57:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NetSetupSvc.dll -- (NetSetupSvc)
SRV - [2015/12/06 22:53:08 | 000,484,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2015/12/02 10:09:28 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe -- (McComponentHostService)
SRV - [2015/10/30 01:57:35 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2015/10/30 00:45:46 | 000,783,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\RDXService.dll -- (RetailDemo)
SRV - [2015/10/30 00:45:46 | 000,425,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WalletService.dll -- (WalletService)
SRV - [2015/10/30 00:45:46 | 000,387,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2015/10/30 00:45:46 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2015/10/30 00:45:15 | 000,144,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2015/10/30 00:45:13 | 001,401,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2015/10/30 00:45:11 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/30 00:45:07 | 000,900,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorDataService.exe -- (SensorDataService)
SRV - [2015/10/30 00:45:07 | 000,612,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2015/10/30 00:45:06 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/10/30 00:44:57 | 001,174,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/10/30 00:44:57 | 000,294,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2015/10/30 00:44:57 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpnservice.dll -- (WpnService)
SRV - [2015/10/30 00:44:55 | 001,183,744 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\UserDataService.dll -- (UserDataSvc)
SRV - [2015/10/30 00:44:55 | 000,717,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblGameSave.dll -- (XblGameSave)
SRV - [2015/10/30 00:44:55 | 000,498,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ngcsvc.dll -- (NgcSvc)
SRV - [2015/10/30 00:44:55 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2015/10/30 00:44:55 | 000,380,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\tileobjserver.dll -- (tiledatamodelsvc)
SRV - [2015/10/30 00:44:55 | 000,221,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV - [2015/10/30 00:44:55 | 000,202,752 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV - [2015/10/30 00:44:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DevQueryBroker.dll -- (DevQueryBroker)
SRV - [2015/10/30 00:44:55 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:44:55 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\LicenseManagerSvc.dll -- (LicenseManager)
SRV - [2015/10/30 00:44:53 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:44:53 | 000,548,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:44:53 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\cdpsvc.dll -- (CDPSvc)
SRV - [2015/10/30 00:44:53 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\embeddedmodesvc.dll -- (embeddedmode)
SRV - [2015/10/30 00:44:53 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AJRouter.dll -- (AJRouter)
SRV - [2015/10/30 00:44:51 | 002,885,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2015/10/30 00:44:51 | 000,804,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dosvc.dll -- (DoSvc)
SRV - [2015/10/30 00:44:51 | 000,251,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\usocore.dll -- (UsoSvc)
SRV - [2015/10/30 00:44:49 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2015/10/30 00:44:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2015/10/30 00:44:47 | 000,510,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ClipSVC.dll -- (ClipSVC)
SRV - [2015/10/30 00:44:47 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2015/10/30 00:44:47 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2015/10/30 00:44:47 | 000,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2015/10/30 00:44:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV - [2015/10/30 00:44:45 | 000,355,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2015/10/30 00:44:45 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2015/10/30 00:44:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2015/10/30 00:44:43 | 000,272,896 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\APHostService.dll -- (OneSyncSvc)
SRV - [2015/10/30 00:44:43 | 000,256,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TieringEngineService.exe -- (TieringEngineService)
SRV - [2015/10/30 00:44:43 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dcpsvc.dll -- (DcpSvc)
SRV - [2015/10/30 00:44:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2015/10/30 00:44:43 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2015/10/30 00:44:42 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dssvc.dll -- (DsSvc)
SRV - [2015/10/30 00:44:40 | 001,885,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2015/10/30 00:44:40 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV - [2015/10/30 00:44:40 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:44:40 | 000,047,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dmwappushsvc.dll -- (dmwappushservice)
SRV - [2015/10/30 00:44:38 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\MessagingService.dll -- (MessagingService)
SRV - [2015/10/30 00:44:37 | 000,449,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2015/10/30 00:44:35 | 000,280,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2015/10/30 00:44:35 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2015/10/30 00:44:35 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2015/10/30 00:44:35 | 000,023,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvmsession)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2015/10/30 00:44:27 | 002,718,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/30 00:44:25 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\BthHFSrv.dll -- (BthHFSrv)
SRV - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
========== Driver Services (SafeList) ==========
DRV - [2016/01/20 23:46:47 | 000,449,384 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2016/01/20 23:46:46 | 000,812,208 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2015/12/26 23:39:56 | 000,081,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/12/26 23:39:15 | 000,117,712 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/12/26 23:39:14 | 000,209,432 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/12/26 23:39:14 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/12/26 23:39:14 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/12/26 23:39:13 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/12/08 20:11:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\capimg.sys -- (CapImg)
DRV - [2015/12/08 20:11:07 | 000,076,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdstor.sys -- (sdstor)
DRV - [2015/12/08 20:03:48 | 000,130,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2015/10/30 01:57:54 | 000,023,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/10/30 01:57:41 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2015/10/30 00:45:52 | 000,024,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2015/10/30 00:45:11 | 000,043,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2015/10/30 00:45:01 | 000,280,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\clfs.sys -- (CLFS)
DRV - [2015/10/30 00:45:01 | 000,183,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ahcache.sys -- (ahcache)
DRV - [2015/10/30 00:44:58 | 000,086,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV - [2015/10/30 00:44:57 | 000,159,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2015/10/30 00:44:57 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2015/10/30 00:44:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\storqosflt.sys -- (storqosflt)
DRV - [2015/10/30 00:44:57 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmCx.sys -- (UcmCx0101)
DRV - [2015/10/30 00:44:57 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\condrv.sys -- (condrv)
DRV - [2015/10/30 00:44:57 | 000,023,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioqos.sys -- (IoQos)
DRV - [2015/10/30 00:44:52 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mmcss.sys -- (MMCSS)
DRV - [2015/10/30 00:44:48 | 000,033,112 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2015/10/30 00:44:47 | 000,200,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufx01000.sys -- (Ufx01000)
DRV - [2015/10/30 00:44:47 | 000,060,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SpbCx.sys -- (SpbCx)
DRV - [2015/10/30 00:44:47 | 000,042,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urscx01000.sys -- (UrsCx01000)
DRV - [2015/10/30 00:44:46 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2015/10/30 00:44:46 | 000,121,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx2.sys -- (SerCx2)
DRV - [2015/10/30 00:44:46 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2015/10/30 00:44:46 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx.sys -- (SerCx)
DRV - [2015/10/30 00:44:46 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2015/10/30 00:44:44 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV - [2015/10/30 00:44:43 | 000,054,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dam.sys -- (dam)
DRV - [2015/10/30 00:44:42 | 000,173,408 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\wof.sys -- (Wof)
DRV - [2015/10/30 00:44:38 | 000,497,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdiWiFi.sys -- (wdiwifi)
DRV - [2015/10/30 00:44:37 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2015/10/30 00:44:37 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Ndu.sys -- (Ndu)
DRV - [2015/10/30 00:44:37 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mslldp.sys -- (MsLldp)
DRV - [2015/10/30 00:44:36 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2015/10/30 00:44:35 | 000,246,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\WdFilter.sys -- (WdFilter)
DRV - [2015/10/30 00:44:35 | 000,098,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2015/10/30 00:44:35 | 000,037,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdBoot.sys -- (WdBoot)
DRV - [2015/10/30 00:44:33 | 000,173,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ucx01000.sys -- (Ucx01000)
DRV - [2015/10/30 00:44:33 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpiex.sys -- (acpiex)
DRV - [2015/10/30 00:44:33 | 000,083,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pdc.sys -- (pdc)
DRV - [2015/10/30 00:44:33 | 000,076,288 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\filecrypt.sys -- (FileCrypt)
DRV - [2015/10/30 00:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2015/10/30 00:44:33 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Udecx.sys -- (UdeCx)
DRV - [2015/10/30 00:44:33 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhf.sys -- (vhf)
DRV - [2015/10/30 00:44:29 | 000,036,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2015/10/30 00:44:29 | 000,025,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urschipidea.sys -- (UrsChipidea)
DRV - [2015/10/30 00:44:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2015/10/30 00:44:29 | 000,015,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV - [2015/10/30 00:44:28 | 001,038,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\adp80xx.sys -- (ADP80XX)
DRV - [2015/10/30 00:44:28 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2015/10/30 00:44:28 | 000,524,632 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2015/10/30 00:44:28 | 000,494,080 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt640x86.sys -- (rt640x86)
DRV - [2015/10/30 00:44:28 | 000,429,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2015/10/30 00:44:28 | 000,427,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spaceport.sys -- (spaceport)
DRV - [2015/10/30 00:44:28 | 000,287,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2015/10/30 00:44:28 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2015/10/30 00:44:28 | 000,200,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xboxgip.sys -- (xboxgip)
DRV - [2015/10/30 00:44:28 | 000,172,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2015/10/30 00:44:28 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storahci.sys -- (storahci)
DRV - [2015/10/30 00:44:28 | 000,104,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV - [2015/10/30 00:44:28 | 000,088,928 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV - [2015/10/30 00:44:28 | 000,085,856 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\3ware.sys -- (3ware)
DRV - [2015/10/30 00:44:28 | 000,083,288 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV - [2015/10/30 00:44:28 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV - [2015/10/30 00:44:28 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2015/10/30 00:44:28 | 000,065,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\stornvme.sys -- (stornvme)
DRV - [2015/10/30 00:44:28 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2015/10/30 00:44:28 | 000,059,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uaspstor.sys -- (UASPStor)
DRV - [2015/10/30 00:44:28 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\mvumis.sys -- (mvumis)
DRV - [2015/10/30 00:44:28 | 000,051,552 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas3i.sys -- (percsas3i)
DRV - [2015/10/30 00:44:28 | 000,051,040 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas2i.sys -- (percsas2i)
DRV - [2015/10/30 00:44:28 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2015/10/30 00:44:28 | 000,038,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV - [2015/10/30 00:44:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV - [2015/10/30 00:44:28 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicRender.sys -- (BasicRender)
DRV - [2015/10/30 00:44:28 | 000,027,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storufs.sys -- (storufs)
DRV - [2015/10/30 00:44:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\buttonconverter.sys -- (buttonconverter)
DRV - [2015/10/30 00:44:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uefi.sys -- (UEFI)
DRV - [2015/10/30 00:44:28 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaiogpio.sys -- (GPIO)
DRV - [2015/10/30 00:44:28 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xinputhid.sys -- (xinputhid)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kdnic.sys -- (kdnic)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\genericusbfn.sys -- (genericusbfn)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpitime.sys -- (acpitime)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipagr.sys -- (acpipagr)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn.sys -- (bcmfn)
DRV - [2015/10/30 00:44:26 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2015/10/30 00:44:25 | 000,552,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2015/10/30 00:44:25 | 000,101,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2015/10/30 00:44:25 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2015/10/30 00:44:25 | 000,066,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iai2c.sys -- (iai2c)
DRV - [2015/10/30 00:44:25 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2015/10/30 00:44:25 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2015/10/30 00:44:25 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\intelpep.sys -- (intelpep)
DRV - [2015/10/30 00:44:25 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2015/10/30 00:44:25 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidi2c.sys -- (hidi2c)
DRV - [2015/10/30 00:44:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2015/10/30 00:44:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_x86_dd1d60cd48926252\CompositeBus.sys -- (CompositeBus)
DRV - [2015/10/30 00:44:25 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2015/10/30 00:44:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2015/10/30 00:44:25 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2015/10/30 00:44:25 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2015/10/30 00:44:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2015/10/30 00:44:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmgencounter.sys -- (gencounter)
DRV - [2015/10/30 00:44:25 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2015/08/07 05:49:26 | 000,041,584 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Thotkey.sys -- (Thotkey)
DRV - [2015/07/25 00:56:24 | 000,035,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2015/01/13 17:40:18 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015/01/13 16:20:36 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C FD 41 AD EB BF D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultengine: "Google (avast)"
FF - prefs.js..browser.search.defaultenginename: "Google (avast)"
FF - prefs.js..browser.search.defaultenginename.US: "Default"
FF - prefs.js..browser.search.defaultthis.engineName: "Google (avast)"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search?trackid=sp-006"
FF - prefs.js..browser.search.order.1: "Google (avast)"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Google (avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://searchinterneat-a.akamaihd.n...AWAxGFwcFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4
FF - prefs.js..keyword.URL: "https://www.google.com/search?trackid=sp-006"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/26 23:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/12/26 23:43:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2015/08/31 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2016/01/30 02:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\extensions
[2015/12/13 16:32:34 | 000,009,153 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\extensions\{9b345654-2e75-4b7c-a218-8f4712ab4fe5}.xpi
[2016/01/16 08:08:07 | 000,002,428 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\searchplugins\google-avast.xml
[2016/01/01 12:28:54 | 000,000,411 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\searchplugins\yahoo.xml
[2016/01/17 22:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2016/01/07 14:15:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbldbfalomdbcmadkikldapjpgcfaeia\1.0.5843.26482_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.1.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015/12/25 00:51:35 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [NowUSeeIt Player] "C:\Program Files\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1 File not found
O4 - HKCU..\Run: [OneDrive] C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135b02f8-71a0-4588-804e-c91f793a0a6b}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bdc5887f-4f0a-4e48-861f-68d1dede2733}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016/02/03 23:31:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Computer Cleaning Programs
[2016/02/03 23:26:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/30 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\heater
[2016/01/27 23:22:39 | 006,971,752 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/01/27 23:22:32 | 005,238,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/01/27 23:22:31 | 009,918,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/01/27 23:22:26 | 018,678,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/01/27 23:22:23 | 013,018,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Xaml.dll
[2016/01/27 23:22:22 | 006,297,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mos.dll
[2016/01/27 23:22:20 | 004,759,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d2d1.dll
[2016/01/27 23:22:20 | 000,405,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/01/27 23:22:19 | 001,552,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlidsvc.dll
[2016/01/27 23:22:19 | 001,300,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WpcMon.exe
[2016/01/27 23:22:19 | 000,297,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/01/27 23:22:18 | 001,793,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetworkMobileSettings.dll
[2016/01/27 23:22:17 | 001,223,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RecoveryDrive.exe
[2016/01/27 23:22:16 | 005,202,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BingMaps.dll
[2016/01/27 23:22:16 | 001,944,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/01/27 23:22:16 | 000,959,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/01/27 23:22:15 | 001,626,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
[2016/01/27 23:22:15 | 000,709,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/01/27 23:22:14 | 002,977,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/01/27 23:22:14 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/01/27 23:22:13 | 000,608,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MapsStore.dll
[2016/01/27 23:22:12 | 000,652,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evr.dll
[2016/01/27 23:22:12 | 000,431,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WWanAPI.dll
[2016/01/27 23:22:12 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CredProvDataModel.dll
[2016/01/27 23:22:11 | 001,542,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll
[2016/01/27 23:22:11 | 000,687,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2016/01/27 23:22:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/01/27 23:22:10 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srcore.dll
[2016/01/27 23:22:10 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SensorsApi.dll
[2016/01/27 23:22:10 | 000,168,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscapi.dll
[2016/01/27 23:22:09 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2016/01/27 23:22:09 | 000,483,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/01/27 23:22:09 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/01/27 23:22:09 | 000,366,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/01/27 23:22:08 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2016/01/27 23:22:08 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SimCfg.dll
[2016/01/27 23:22:07 | 000,599,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/01/27 23:22:07 | 000,433,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/01/27 23:22:07 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MusUpdateHandlers.dll
[2016/01/27 23:22:07 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2016/01/27 23:22:07 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SimAuth.dll
[2016/01/27 23:22:06 | 000,463,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/01/27 23:22:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/01/27 23:22:06 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MusNotification.exe
[2016/01/27 23:22:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MapsBtSvc.dll
[2016/01/27 23:22:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MusNotificationUx.exe
[2016/01/27 23:22:05 | 001,028,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/01/27 23:22:05 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/01/27 23:22:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/01/27 23:22:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pcaui.exe
[2016/01/27 23:22:01 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Networking.UX.EapRequestHandler.dll
[2016/01/27 23:22:00 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlidcli.dll
[2016/01/27 23:21:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/01/27 23:21:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2016/01/27 23:21:58 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DDDS.dll
[2016/01/27 23:21:58 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FilterDS.dll
[2016/01/27 23:21:58 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttpcom.dll
[2016/01/27 23:21:57 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
[2016/01/27 23:21:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbio.dll
[2016/01/27 23:21:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sscoreext.dll
[2016/01/27 23:21:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastlsext.dll
[2016/01/27 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Lights
[2016/01/25 22:37:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\trailers
[2016/01/12 18:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2016/01/12 18:08:31 | 005,798,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2016/01/12 18:08:29 | 005,660,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Chakra.dll
[2016/01/12 18:08:29 | 002,180,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcore.dll
[2016/01/12 18:08:29 | 001,118,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfnetsrc.dll
[2016/01/12 18:08:28 | 000,701,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfnetcore.dll
[2016/01/12 18:08:28 | 000,695,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMADMOD.DLL
[2016/01/12 18:08:28 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\facecredentialprovider.dll
[2016/01/12 18:08:27 | 003,667,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2016/01/12 18:08:27 | 002,796,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2016/01/12 18:08:27 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usermgr.dll
[2016/01/12 18:08:26 | 001,051,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.efi
[2016/01/12 18:08:26 | 000,926,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.exe
[2016/01/12 18:08:26 | 000,890,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMSPDMOD.DLL
[2016/01/12 18:08:26 | 000,703,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WWAHost.exe
[2016/01/12 18:08:26 | 000,641,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\generaltel.dll
[2016/01/12 18:08:25 | 001,696,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMALFXGFXDSP.dll
[2016/01/12 18:08:25 | 001,137,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appraiser.dll
[2016/01/12 18:08:25 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PhoneService.dll
[2016/01/12 18:08:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qedit.dll
[2016/01/12 18:08:25 | 000,569,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qdvd.dll
[2016/01/12 18:08:25 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MessagingDataModel2.dll
[2016/01/12 18:08:25 | 000,208,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mftranscode.dll
[2016/01/12 18:08:25 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceCensus.exe
[2016/01/12 18:08:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ProximityCommon.dll
[2016/01/12 18:08:25 | 000,116,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfps.dll
[2016/01/12 18:08:25 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP3DMOD.DLL
[2016/01/12 18:08:24 | 001,496,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aitstatic.exe
[2016/01/12 18:08:24 | 001,070,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMSPDMOE.DLL
[2016/01/12 18:08:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DscCore.dll
[2016/01/12 18:08:24 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2016/01/12 18:08:24 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aepic.dll
[2016/01/12 18:08:24 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UserMgrProxy.dll
[2016/01/12 18:08:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storewuauth.dll
[2016/01/12 18:08:24 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\omadmclient.exe
[2016/01/12 18:08:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMSRoamingSecurity.dll
[2016/01/12 18:08:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usermgrcli.dll
========== Files - Modified Within 30 Days ==========
[2016/02/04 01:57:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/02/03 23:38:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/02/03 23:37:26 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForUser.job
[2016/02/03 23:37:16 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/02/03 23:37:12 | 2816,860,160 | -HS- | M] () -- C:\hiberfil.sys
[2016/02/03 23:23:36 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/02/03 23:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/02/01 19:00:17 | 000,002,102 | ---- | M] () -- C:\Users\User\Desktop\Google Earth.lnk
[2016/02/01 19:00:16 | 000,000,888 | ---- | M] () -- C:\Users\User\Desktop\My Documents.lnk
[2016/01/29 12:32:02 | 000,001,923 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2016/01/29 12:31:58 | 000,001,927 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2016/01/20 23:46:47 | 000,449,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2016/01/20 23:46:46 | 000,812,208 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2016/01/17 20:31:44 | 000,823,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/01/17 20:31:44 | 000,166,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/01/16 08:08:07 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/01/16 01:35:55 | 000,168,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscapi.dll
[2016/01/16 01:35:32 | 000,599,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/01/16 01:35:14 | 000,959,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/01/16 01:33:28 | 000,433,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/01/16 01:20:56 | 000,431,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WWanAPI.dll
[2016/01/16 01:20:12 | 006,971,752 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/01/16 01:20:12 | 000,297,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/01/16 01:20:01 | 000,652,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\evr.dll
[2016/01/16 01:20:00 | 000,366,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/01/16 01:19:59 | 000,709,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/01/16 01:19:58 | 000,405,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/01/16 01:17:18 | 001,300,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WpcMon.exe
[2016/01/16 01:16:49 | 005,238,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/01/16 01:08:49 | 000,483,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/01/16 00:36:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastlsext.dll
[2016/01/16 00:35:52 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MusNotification.exe
[2016/01/16 00:35:03 | 013,018,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Xaml.dll
[2016/01/16 00:34:55 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttpcom.dll
[2016/01/16 00:34:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sscoreext.dll
[2016/01/16 00:33:53 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MapsBtSvc.dll
[2016/01/16 00:32:52 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MusNotificationUx.exe
[2016/01/16 00:32:30 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pcaui.exe
[2016/01/16 00:31:54 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2016/01/16 00:31:11 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\FilterDS.dll
[2016/01/16 00:30:34 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MusUpdateHandlers.dll
[2016/01/16 00:30:19 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SimCfg.dll
[2016/01/16 00:30:18 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winbio.dll
[2016/01/16 00:29:46 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/01/16 00:29:08 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/01/16 00:29:06 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/01/16 00:28:57 | 000,335,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DDDS.dll
[2016/01/16 00:28:52 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SimAuth.dll
[2016/01/16 00:28:49 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2016/01/16 00:28:26 | 000,463,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/01/16 00:28:02 | 009,918,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/01/16 00:27:16 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/01/16 00:27:16 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2016/01/16 00:27:03 | 000,398,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srcore.dll
[2016/01/16 00:27:03 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/01/16 00:25:50 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Networking.UX.EapRequestHandler.dll
[2016/01/16 00:25:39 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlidcli.dll
[2016/01/16 00:24:44 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SensorsApi.dll
[2016/01/16 00:24:29 | 018,678,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/01/16 00:24:13 | 000,350,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CredProvDataModel.dll
[2016/01/16 00:23:46 | 000,608,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MapsStore.dll
[2016/01/16 00:23:07 | 002,050,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2016/01/16 00:23:03 | 000,687,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2016/01/16 00:22:44 | 001,223,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\RecoveryDrive.exe
[2016/01/16 00:21:51 | 006,297,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mos.dll
[2016/01/16 00:20:40 | 001,944,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/01/16 00:20:26 | 001,028,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/01/16 00:19:43 | 001,552,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlidsvc.dll
[2016/01/16 00:19:08 | 000,162,816 | ---- | M] () -- C:\WINDOWS\System32\MTF.dll
[2016/01/16 00:19:08 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/01/16 00:19:06 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\MTFServer.dll
[2016/01/16 00:19:05 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/01/16 00:17:08 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetworkMobileSettings.dll
[2016/01/16 00:16:05 | 005,202,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\BingMaps.dll
[2016/01/16 00:15:29 | 004,759,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d2d1.dll
[2016/01/16 00:14:55 | 002,977,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/01/16 00:14:51 | 001,626,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
[2016/01/16 00:06:14 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
========== Files Created - No Company Name ==========
[2016/01/29 12:32:02 | 000,001,923 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2016/01/29 12:31:58 | 000,001,927 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2016/01/27 23:22:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\MTFServer.dll
[2016/01/27 23:22:13 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\MTF.dll
[2015/12/25 18:34:24 | 000,002,888 | ---- | C] () -- C:\WINDOWS\System32\LavasoftTcpServiceOff.ini
[2015/12/25 01:01:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/12/25 00:33:30 | 000,000,013 | ---- | C] () -- C:\Users\User\.pluto.tv
[2015/12/13 19:22:03 | 000,000,135 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/12/08 20:11:07 | 001,859,448 | ---- | C] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2015/12/08 17:46:01 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/12/08 17:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/08 17:22:41 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/08 17:20:57 | 000,360,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015/11/17 00:30:50 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2015/11/17 00:26:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\Settings.ini
[2015/10/30 00:49:53 | 000,823,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2015/10/30 00:49:53 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2015/10/30 00:49:53 | 000,166,542 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2015/10/30 00:49:53 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2015/10/30 00:48:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2015/10/30 00:48:48 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2015/10/30 00:48:48 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\AutoWorkplace.exe.config
[2015/10/30 00:45:11 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2015/10/30 00:45:11 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2015/10/30 00:45:10 | 000,164,224 | ---- | C] () -- C:\WINDOWS\System32\weretw.dll
[2015/10/30 00:45:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2015/10/30 00:45:04 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2015/10/30 00:45:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\GamePanelExternalHook.dll
[2015/10/30 00:44:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\System32\chs_singlechar_pinyin.dat
[2015/10/30 00:44:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\ism32k.dll
[2015/10/30 00:44:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\Windows.Perception.Stub.dll
[2015/10/30 00:44:52 | 004,227,116 | ---- | C] () -- C:\WINDOWS\System32\DefaultHrtfs.bin
[2015/10/30 00:44:52 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\HrtfApo.dll
[2015/10/30 00:44:52 | 000,149,044 | ---- | C] () -- C:\WINDOWS\System32\LargeRoom.bin
[2015/10/30 00:44:52 | 000,110,024 | ---- | C] () -- C:\WINDOWS\System32\MediumRoom.bin
[2015/10/30 00:44:52 | 000,069,776 | ---- | C] () -- C:\WINDOWS\System32\SmallRoom.bin
[2015/10/30 00:44:52 | 000,046,908 | ---- | C] () -- C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[2015/10/30 00:44:48 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\EditionUpgradeHelper.dll
[2015/10/30 00:44:48 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\efsext.dll
[2015/10/30 00:44:43 | 000,056,119 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2015/10/30 00:44:41 | 000,002,269 | ---- | C] () -- C:\WINDOWS\System32\WimBootCompress.ini
[2015/10/30 00:44:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2015/10/30 00:44:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2015/10/30 00:44:38 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/09/26 08:57:45 | 001,101,824 | ---- | C] () -- C:\ProgramData\TrezaaSetupx30039.msi
[2015/09/25 08:04:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\wsusnative32.exe
[2015/09/01 05:52:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015/08/30 20:03:48 | 000,007,625 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2015/01/13 16:49:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\amdverag.dll
[2015/01/13 16:22:32 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat
[2015/01/13 16:22:32 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat
========== ZeroAccess Check ==========
[2015/12/25 18:35:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/01/16 01:16:49 | 005,238,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:44:40 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2015/10/30 00:44:39 | 000,409,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 2/4/2016 1:58:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Computer Cleaning Programs
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 63.71% Memory free
7.00 Gb Paging File | 5.57 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.35 Gb Total Space | 193.38 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
"DontEnumerateCommonFilesUpgradeExe" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1735F1AC-3465-47C9-AB27-895CEF7CED72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E3CF601-2C04-427B-AF16-5A54E93DB187}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{93E04D96-6BA7-4721-B7FB-23B4E9258102}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95582B6B-9B77-43D7-8ED8-554D5F4A784E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{B0A1F810-DB90-4B87-AED4-0408EE5B0AC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031072B6-D65C-4D23-96AC-52DD76E0DD1E}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{03150917-8E8E-41EF-9956-1DD2DD535FBB}" = protocol=6 | dir=in | app=c:\program files\360\total security\safemon\qhsafetray.exe |
"{064CF45C-E70D-4E99-9BE8-67F2363A90C9}" = dir=out | name=candy crush soda saga |
"{09941CD3-9906-4BF7-85DB-8F5AF6EBB3F7}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{0C38B2E2-D0C6-4242-AC5F-747367A432EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0DF34D46-23EA-45F0-90ED-63F3DED9B968}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{17F52ABA-029B-4ABF-8275-5B29ACB7222E}" = dir=out | name=onenote |
"{1D9BBBEC-B9F8-4427-A4CE-6BE33AF005A5}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{1F3F98F9-3935-46FD-B212-2EF0DF81ED1A}" = dir=in | name=sway |
"{222C5880-A511-430E-A281-148E2FBB09B5}" = dir=out | name=windows_ie_ac_001 |
"{25F44CDD-8474-44C1-B22B-10BD2792935B}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{26110245-8508-469B-85EA-A4100BA163B9}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{2689B995-E3DF-440F-B2E5-407F13E11314}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{29796481-4AAA-4A65-A751-F75BA08AD1C0}" = dir=in | name=@{microsoft.bingsports_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{2BAAE426-13C2-4104-9255-351A99B7C818}" = dir=in | name=@{microsoft.zunevideo_3.6.16941.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{3049BEDA-14B7-41AE-BE88-8432695E0582}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{309FF4AD-3E26-4547-8756-C27F6D4FFD87}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{33C1BD42-958E-4062-B258-354641D61511}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6568.16731.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{37037EDE-C678-41A2-A01A-037AC1FD0C1B}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{37AB52FB-16A2-4867-9333-01A996B5948F}" = dir=out | name=@{microsoft.3dbuilder_10.10.38.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{3EF4540B-23F4-436E-8354-CBC0D5E014DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{42911EA1-AB4F-4B7C-8761-F71B80EC98C4}" = dir=out | name=@{microsoft.bingsports_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{43A716AF-DAC7-4A43-802F-354B018B3BC8}" = dir=out | name=@{microsoft.windows.photos_16.122.14020.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{444A3DE7-FC1B-4F8A-9B53-700DBA78CA56}" = dir=out | name=@{microsoft.bingfinance_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{4609788E-137B-4962-95D1-42B6836DD2E0}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{4647A299-F4DB-4A2D-9601-CF8EAA57B8EF}" = dir=in | name=@{microsoft.microsoftofficehub_17.6628.23511.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{476508A7-7E93-4831-B7AD-C9E05BA6A211}" = dir=in | name=@{microsoft.commsphone_2.12.14001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{48E474A9-6E8B-41C3-BD27-0C813E28A1D2}" = dir=out | name=@{microsoft.connectivitystore_1.1511.2.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{4E396750-C78E-419B-A0C8-C3F0EF14931B}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{4F82112A-B897-4B6E-B3AC-E8D458749F96}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{50109A70-D623-4B8E-872F-2B143156D197}" = dir=out | name=sway |
"{60F0A63A-FAEB-449C-A4D3-880FE0DC659F}" = dir=out | name=@{microsoft.commsphone_2.12.14001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{65BA3880-E7D0-45C5-BBAA-CE760F1EFE86}" = dir=out | name=windowsdvdplayer |
"{66925668-0DCD-4D54-8C23-0F474745BBEC}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{669FCA39-208D-440A-AC44-B324BF3AF198}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{72B85007-D0CB-47BA-9DA8-68F2F3369E71}" = dir=out | name=@{microsoft.windowsphone_10.1511.18010.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{73751308-5B25-46BF-98AE-E0B8C3792FBD}" = dir=out | name=@{microsoft.zunevideo_3.6.16941.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7705C40A-BD52-4AC3-A3BF-7B9FCF7B51D7}" = dir=out | name=@{microsoft.microsoftofficehub_17.6628.23511.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{792F304C-B57B-4842-8852-DE8B19712815}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{7A8519EA-7F96-481F-88CE-F0E5C4C1BF9E}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{7F9E5D23-D251-400B-B6FA-9EA17F69D50D}" = dir=out | name=@{microsoft.bingnews_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{80DC7428-5CB6-43AC-BB5F-E9790034E045}" = dir=in | name=@{microsoft.bingnews_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{81D4BCA7-2C8E-4459-8B39-42ACC2A776BE}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe |
"{89C8861E-46CE-46B9-89DA-D2A51D3469CF}" = dir=in | name=xbox |
"{89F1CEDA-291E-49A5-B56B-62C0C736B608}" = dir=out | name=@{microsoft.windowsstore_2015.25.24.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{900A8B38-91E1-402D-9F60-C3B543019072}" = dir=in | name=@{microsoft.bingfinance_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{969E9717-F58F-417A-B4E9-52158B4BDC55}" = dir=out | name=microsoft solitaire collection |
"{9B5E343B-9797-4459-9453-2D0EA3ECAF0C}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\devicesetup.exe |
"{9F1EEF52-509A-479A-88E4-492F09B3856D}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{A04695F0-DB60-4E1A-9818-DA4D042D3566}" = dir=in | name=@{microsoft.messaging_2.13.20000.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{A259033B-C72F-44B3-9CF7-FA2DE4CF434E}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{A3956621-71FA-45D9-8E11-DBA02638BA3F}" = dir=out | name=@{microsoft.messaging_2.13.20000.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{AB93D9CC-6A73-4320-8265-7D184F0F7A58}" = dir=in | name=@{microsoft.bingweather_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{AE40BF8E-4DD1-4F11-B4CF-CAE2102A87A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B03A9D41-5388-4BE8-8BDF-B95F95C739FC}" = dir=in | name=@{microsoft.windowsstore_2015.25.24.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{B0D4D64C-2802-42B9-AE90-03F669EF5BD1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6568.16731.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{B5053072-D7F5-451E-B577-F3A30203E4CB}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B8AD824C-D1B7-4964-BC02-261488151AF9}" = dir=out | name=@{microsoft.people_10.0.10220.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{BD8E13CF-FAD6-45A5-99EE-BC549C3B890D}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{BD8F666C-9892-4461-9EEB-ADE6F780DD82}" = dir=out | name=@{microsoft.bingweather_4.8.239.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{C104F520-6AA8-4184-B015-2409ADBBEE8F}" = protocol=17 | dir=in | app=c:\program files\360\total security\safemon\qhsafetray.exe |
"{C41BED7C-6565-45EC-B15B-CDA1941C8F8D}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C42AE7AE-D0A7-47BB-BD4E-A2999C195CC8}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C4B07FB0-7834-452A-A593-399405CAB9D8}" = dir=out | name=@{microsoft.windowsmaps_4.1601.10150.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{C6D8501A-4114-4893-8C04-F14DA7EF7EFA}" = dir=in | name=@{microsoft.windows.photos_16.122.14020.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{CE9B7371-68C3-46E2-88FE-FA76BA13CCA8}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{CEA5EFFC-D7AA-451C-B882-CC53772DAE18}" = dir=out | name=@{microsoft.getstarted_2.6.12.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{CF58C23C-30EC-4C23-B0A2-E5721AFF9787}" = dir=out | name=twitter |
"{D371FECD-CB45-44E4-9FB3-4B7B7E6D9930}" = dir=in | name=microsoft solitaire collection |
"{E8F96FEA-6F7E-4A6E-A738-B4872E3BDCD3}" = dir=out | name=my toshiba |
"{E9F15949-0BDD-411F-9025-3FA3751F09EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EA5BFD29-E89D-4D0A-AD88-42D3BBFC2339}" = dir=in | name=onenote |
"{FCD4A904-3308-47CB-976A-AA06C9574760}" = dir=out | name=xbox |
"TCP Query User{2B337997-EB55-46B0-A8F9-99AF70243E17}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{A6D59E15-99DC-48EF-930F-015CA88F1DE7}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025E78AC-BD91-4E9E-B165-3C09D4084BA4}" = iTunes
"{0437D800-738B-4EDF-A009-9D7B99CD4143}" = Product Improvement Study for HP ENVY 5530 series
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x86)
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}" = Apple Mobile Device Support
"{5EBC9F1B-F969-4CF9-A616-F6BDDD46042B}" = HP ENVY 5530 series Basic Device Software
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61EB474B-67A6-47F4-B1B7-386851BAB3D0}" = HP Support Assistant
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Apple Application Support (32-bit)
"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{97EAE055-1BE8-4775-8101-453E9715EC3F}" = HP ENVY 5530 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BEDD987-AC68-44D2-8803-EC0650F6C43F}" = Verizon Wireless Software Upgrade Assistant for Motorola
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BA562260-B4FA-4D87-ADC5-963783028C68}" = Motorola Mobile Drivers Installation 6.4.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}" = HP Customer Experience Enhancements
"{DDAA788F-52E6-44EA-ADB8-92837B11BF26}" = Metric Collection SDK
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6A11738-3EE4-4573-AEA5-6CD5D491C167}" = HP Support Solutions Framework
"{F933562A-45B5-4730-8A5E-0D282AA9866B}" = Verizon Software Upgrade Assistant
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.18
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Avast" = Avast Free Antivirus
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 43.0.4 (x86 en-US)" = Mozilla Firefox 43.0.4 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/24/2016 12:46:07 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 1/25/2016 9:47:03 AM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 1/26/2016 10:45:12 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35,
time stamp: 0x566505ae Faulting module name: QuickActions.dll, version: 0.0.0.0,
time stamp: 0x5665038d Exception code: 0xc0000005 Fault offset: 0x00008848 Faulting
process id: 0xda4 Faulting application start time: 0x01d14f22f439cc10 Faulting application
path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting
module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
Report
Id: 41bc4409-7244-4a5f-9b8c-6ebd35ba8bc8 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting
package-relative application ID: App
Error - 1/27/2016 12:12:57 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 1/28/2016 12:54:11 AM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.
Error - 1/29/2016 5:26:32 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 1/30/2016 11:17:23 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 1/31/2016 11:31:27 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 2/3/2016 11:56:43 PM | Computer Name = User-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed
with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 2/4/2016 12:42:01 AM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.
[ System Events ]
Error - 2/4/2016 12:35:43 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 2/4/2016 12:35:43 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The PST Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 6000 milliseconds:
Restart the service.
Error - 2/4/2016 12:35:44 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 2/4/2016 12:35:44 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 2/4/2016 12:35:45 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The Office Software Protection Platform service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/4/2016 12:35:45 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The HP Support Solutions Framework Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/4/2016 12:36:14 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056
Error - 2/4/2016 12:36:18 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Sync Host_3848a service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.
Error - 2/4/2016 12:36:43 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%3
Error - 2/4/2016 12:37:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The NetTcpActivator service depends on the NetTcpPortSharing service
which failed to start because of the following error: %%1058
< End of report >

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/02/04 11:07:11 -0500</date>
<logfile>mbam-log-2016-02-04 (11-06-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.02.04.04</malware-database>
<rootkit-database>v2016.01.20.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>USER-PC</hostname>
<ip>192.168.1.4</ip>
<osversion>Windows 10</osversion>
<arch>x86</arch>
<username>User</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>353598</objects>
<time>1069</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\User\AppData\Local\Temp\478EAC65-E9E4-4088-A8DF-43ABB16B8193\DmiProvider.dll</path><vendor>Trojan.Agent.Generic</vendor><action>success</action><hash>b6fe4a120b8e2511486735b3b150f40c</hash></file>
<file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>user_pref(&quot;browser.startup.homepage&quot;, &quot;http://searchinterneat-a.akamaihd.n...AWAxGFwcFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI=&quot;</baddata><gooddata>user_pref(&quot;browser.startup.homepage&quot;, &quot;https://www.malwarebytes.org/restor...60ec09cff9aab8bac361ae90cf9e818</hash></file>
</items>
</mbam-log>

So there are the logs.

The Trojan in the MalWare seems pretty significant.

I'm glad it's gone and I wonder why it didn't come up when Avast scanned it.

You posted an xml malwarebytes log which isn't what I needed to see. You should have a regular log. I have an OTL script for you to run.

Open OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and then click on run fix up top.

voyagerfan99 said:

But then it will always pop up and ask him.

Click to expand...

No it won't. It will only pop up if the browser isn't set as his default. I have mine set and it doesn't pop up everytime I open the browser.

All processes killed
========== OTL ==========
Prefs.js: "http://searchinterneat-a.akamaihd.n...AWAxGFwcFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI=" removed from browser.startup.homepage
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\searchplugins\yahoo.xml not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
0.0.0.1 mssplus.mcafee.com removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 500653990 bytes
->Temporary Internet Files folder emptied: 29719549 bytes
->FireFox cache emptied: 372689631 bytes
->Google Chrome cache emptied: 402537718 bytes
->Flash cache emptied: 31095 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57441366 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,300.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02082016_201838

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

How is everything right now?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/9/2016
Scan Time: 8:45 AM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.09.02
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349911
Time Elapsed: 20 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Yontoo, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uom3tyqm.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://searchinterneat-a.akamaihd.n...AWAxGFwcFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI="), Replaced,[8f1790cec3d673c35ee751b964a1de22]

Physical Sectors: 0
(No malicious items detected)


(end)

johnb35 said:

How is everything right now?

Click to expand...

Still the same old problems... I also have a problem that sometimes the cursor will mess up when I'm typing in fields like the one I'm typing in now. It will start deleting text for no reason.

Try resetting firefox back to defaults.

https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

I refreshed Firefox. But since I ran all those scans, the problems have gotten worse. When I tried to open AdWCleaner for a second scan, the program (or at least the shortcut) was deleted from my computer.

Is there a way that I can show you the state of my antivirus protection so that you can tell me if it's sufficient?

I have Avast and it says that I'm fully protected, but I want to make extra sure because why else would all these problems be happening?

Also, I'm about to have my computer as the central computer of a wireless network that could be hosting up to 8 computers at once.

Will this add any security risk to this computer? If so, how can I protect myself (ideally, for free).