Firefox crashing on startup and restarting

G25r8cer · Mar 26, 2015

Wondering If someone could help me out with this issue.

Firefox keeps crashing/closing on initial startup and restarts by itself. Sometimes it will do this 2 or 3 times before it stays open.

I did backup my profile and completely uninstall Firefox (deleted all firefox folders (including APP Data) and ran ccleaner multiple times before and after a reboot. Problem still persists after a reinstall.

Would make me assume there is a bad cookie or infection in my FF profile.

Have done full scans with Mbam and Superantispyware. I have ccleaner to remove all cookies besides my Exclusions of known good sites (ebay, facebook, etc)

Edit: Seems I had a hidden firefox extension installed. JRT found and removed it and my problem is gone now. However I believe there is some remaining pieces of it. It's called "Veggyaddon". Never heard of it. Any idea where this came from?

Posting logs in separate posts. If you see anything wrong I would love some help. I also get random new tabs (popups) even though I have adblock extension. I'm sure there is more going on here

G25r8cer · Mar 26, 2015

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 02:20:25
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Scott - SCOOTER
# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\ProgramData\baidu
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\ProgramData\ytd video downloader

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Found : [x64] HKCU\Software\Appscion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

*************************

AdwCleaner[R2].txt - [1231 bytes] - [26/03/2015 02:20:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1290 bytes] ##########

G25r8cer · Mar 26, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8.1 Pro x64
Ran by Scott on Thu 03/26/2015 at 2:22:56.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ FireFox

Successfully deleted the following from C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\prefs.js

user_pref("browser.tabs.datesRand", "W3siciI6ODAxLCJkIjoxNDI3MTY5NjAwLCJoYXNSdW4iOnRydWV9LHsiciI6Njg2LCJkIjoxNDI3MjU2MDAwLCJoYXNSdW4iOnRydWV9LHsiciI6NTg4LCJkIjoxNDI3MzQyNDAwLC
user_pref("extensions.fvd_sync.bookmarks.changes", "{\"removedIds\":[\"P4KNJ8L6r5oZWi620eudmL1TW3igii1x\",\"bJSHgpR9rxNTA9od3AZsc8weGo7ZdWGf\",\"vJTinfuV5tS3kL1WdMkaCCGF1cDzbi
user_pref("extensions.veggyAddon.veg_li1", "CQsOQFVQUFpRS04dWggWBWZQHk0ISwdJD1keSxUpVxINK0lTS0RWVU1HUl1bC1UFGwFSOAENShleCEkcHFQUBj4ATFE4TkRDS0hAAAsKQ1JTU19WS04fWggWBWZQHk0KSwV
user_pref("extensions.veggyAddon.veg_li3", "VkJHUVFDBAgNFFUEU11UVEBLU1RBBAkJQ1BSUF1UVEBHUVZFBQ0NT1UDUwhRUkBFVwBCVAoOQ1NSX1lTVkVHBlFBBQAJQ1BXVgtWV0NHUAFFBg9cRFVVX15QVUFEUFJFBw8
user_pref("extensions.veggyAddon.veg_li5", "QwRSUVhXUxZDVFQXA1gLRFZeVAtTBEVKUgdHBAgIR1ZSBlkBV0FHVFVKBwkNRlFSVQtVBEZFUlNGUggLQ1RTVlhSU0RHBlZKAwAOFVYCVFhRVEBBVlFGBAwIQ1dTBFxVU0x
user_pref("extensions.veggyAddon.veg_li7", "UFRHAQgKQ1FSVllcV0dHBFRLAAAOFFMCVA1WA0ZDUlVHVAkJQwBSAl0BVhZGUFBBAQkKQ1UDU1lQWkVFUl1HBgwJR11SBFhQV0BCU1AQBFsNQ1VeUQtTB0YWVARBAQwAQ1J
user_pref("extensions.veggyAddon.veg_li8", "VxZEUlATAwELT1MEVAxWU0ZLVAdEVg9cQwFSUlhdU0xGA1VGBQoJE1UBUllQA0AWV1JCBQsOQlRSUVhXVkJHUVFFAQ8LE1BRUgpVAEFBUgFHVQ0ORVRXA1wEV0JHUFFEAQ4
user_pref("extensions.veggyAddon.veg_li9", "UllQAUFKVlBGCA8ARQFUVlpcURdCAVVAAQ0JFFBWUg9RA0RDUlVHUwleQwZSV1hTVxNHBFBLAQoJFFVUUlxQBEFEUgFGAwhbR1ZWAlhSV0RHAlFDAQsIQ1BfUg9QBkBHVlx

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/26/2015 at 2:25:38.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

G25r8cer · Mar 26, 2015

OTL logfile created on: 3/26/2015 2:27:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 69.18% Memory free
7.50 Gb Paging File | 6.09 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 316.60 Gb Free Space | 68.03% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.30 Gb Free Space | 84.59% Space Free | Partition Type: FAT32
Drive J: | 14.90 Gb Total Space | 4.72 Gb Free Space | 31.70% Space Free | Partition Type: FAT32
Drive Z: | 1829.36 Gb Total Space | 611.02 Gb Free Space | 33.40% Space Free | Partition Type: NTFS

Computer Name: SCOOTER | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/03/26 02:20:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2015/03/11 21:13:28 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/03/11 21:13:26 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/03/11 21:13:18 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2011/03/07 02:01:10 | 001,041,408 | ---- | M] (Torrent Ratio Keeper) -- C:\Users\Scott\AppData\Roaming\Torrent Ratio Keeper\TorrentRatioKeeper.exe

========== Modules (No Company Name) ==========

MOD - [2015/01/21 16:01:54 | 008,898,720 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015/02/11 06:02:54 | 001,357,104 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2015/02/03 19:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/02/03 19:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/12/17 23:12:00 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/05 21:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/12/01 08:46:24 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/12/01 02:46:40 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/12/01 02:46:39 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/12/01 02:46:39 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/12/01 02:46:34 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/12/01 02:46:33 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/12/01 02:46:33 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/12/01 02:46:33 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/12/01 02:46:32 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/12/01 02:46:32 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/12/01 02:46:31 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/12/01 02:46:30 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/12/01 02:46:30 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/12/01 02:46:30 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/12/01 02:46:29 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/12/01 02:46:29 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/12/01 02:46:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/12/01 02:46:29 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/12/01 02:46:28 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/12/01 02:46:28 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/12/01 02:46:28 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/12/01 02:46:28 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/12/01 02:46:28 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/12/01 02:46:27 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/12/01 02:46:26 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/12/01 02:46:24 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/12/01 02:46:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/07/22 19:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2014/03/24 18:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2012/12/11 13:00:52 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe -- (mi-raysat_3dsmax2015_64)
SRV - [2015/03/21 02:12:08 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/03/11 21:13:28 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/03/11 21:13:26 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/02/04 14:58:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/04 22:27:44 | 000,599,944 | ---- | M] (Autodesk Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe -- (AdAppMgrSvc)
SRV - [2014/12/01 08:46:24 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/12/01 02:46:36 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/12/01 02:46:24 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/12/01 02:46:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/07/14 16:26:54 | 000,786,256 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2014/02/07 03:03:18 | 000,031,192 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2013/09/23 05:19:06 | 000,013,824 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\unsignedthemes.exe -- (UnsignedThemes)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/03/26 02:05:48 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/03/11 21:15:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/03/11 21:14:44 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/02/27 23:26:36 | 000,127,760 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2015/02/14 05:59:46 | 000,030,352 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtproscsibus.sys -- (dtproscsibus)
DRV:64bit: - [2015/02/03 19:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/02/03 19:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/02/03 19:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/12/11 20:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/12/01 02:46:42 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/12/01 02:46:40 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/12/01 02:46:40 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/12/01 02:46:32 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/12/01 02:46:31 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/12/01 02:46:31 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/12/01 02:46:31 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/12/01 02:46:29 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/12/01 02:46:23 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/12/01 02:46:23 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/12/01 02:46:23 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/12/01 02:46:23 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/12/01 02:46:23 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/12/01 02:46:23 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/12/01 02:46:23 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/11/24 01:16:32 | 000,700,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_im.sys -- (Uim_IM)
DRV:64bit: - [2014/11/24 01:16:32 | 000,102,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\UimBus.sys -- (UimBus)
DRV:64bit: - [2014/11/24 01:16:32 | 000,025,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_devim.sys -- (Uim_DEVIM)
DRV:64bit: - [2014/11/19 03:29:16 | 000,876,760 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/11/10 14:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/11/06 05:30:58 | 000,689,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2014/11/04 15:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/10/17 00:56:24 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/17 00:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/16 23:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/08/16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/05/16 15:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/04/18 00:31:50 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2014/04/10 12:05:24 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2014/04/09 22:05:52 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/18 20:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/18 20:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/03/18 06:05:23 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 06:05:07 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 06:05:05 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 06:05:05 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 06:05:05 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 05:43:18 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014/03/18 05:43:10 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2014/03/18 05:43:10 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014/03/18 05:43:10 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2014/03/18 05:43:10 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2014/03/18 05:43:10 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/23 05:19:04 | 000,031,440 | ---- | M] (The Within Network, LLC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxstyle.sys -- (uxstyle)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:40:18 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 14:30:32 | 002,408,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013/06/18 10:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2013/05/17 15:13:26 | 000,017,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2013/03/08 10:47:44 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2012/11/22 12:13:04 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/11/22 12:12:57 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2012/11/22 12:12:57 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2012/10/03 17:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/19 10:09:14 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/19 10:05:46 | 011,926,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/07/01 13:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

G25r8cer · Mar 26, 2015

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D B3 65 14 32 38 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://fvd.speeddial/content/fvd_about_blank.html"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.5.6
FF - prefs.js..extensions.enabledAddons: %7Bea2d5bbc-69e9-36c9-3909-0ce5748707f6%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.68
FF - prefs.js..extensions.enabledAddons: fvdmedia%40gmail.com:5.6.4
FF - prefs.js..extensions.enabledAddons: pavel.sherbakov%40gmail.com:6.7.7
FF - prefs.js..extensions.enabledAddons: veggy%40veggyAddon.com:1.0416509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015/02/13 00:41:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/03/26 02:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\{ea2d5bbc-69e9-36c9-3909-0ce5748707f6}
[2015/03/26 02:00:54 | 000,000,000 | ---D | M] ("EverSync - Sync bookmarks, backup your favorites.") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\fvdmedia@gmail.com
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Speed Dial [FVD] - New Tab Page, Sync...") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\pavel.sherbakov@gmail.com
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Mozilla Firefox Hotfixer") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\veggy@veggyAddon.com
[2015/01/21 01:56:34 | 000,215,378 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
[2015/03/17 04:40:33 | 000,231,310 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2015/02/28 01:27:50 | 000,202,627 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2015/03/14 01:52:18 | 000,410,579 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2015/03/11 05:45:22 | 000,970,602 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/03/26 02:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/26 02:12:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/13 00:41:45 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [TorrentRatioKeeper] C:\Users\Scott\AppData\Roaming\TORREN~1\TORREN~1.EXE /s File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\Scott\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C129844-70BA-4AE5-B77A-A10E80A8513D}: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/11 04:04:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell - "" = AutoRun
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell\AutoRun\command - "" = "I:\LaunchU3.exe" -a
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell\AutoRun\command - "" = "E:\setup.exe"
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = "D:\Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

G25r8cer · Mar 26, 2015

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D B3 65 14 32 38 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://fvd.speeddial/content/fvd_about_blank.html"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.5.6
FF - prefs.js..extensions.enabledAddons: %7Bea2d5bbc-69e9-36c9-3909-0ce5748707f6%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.68
FF - prefs.js..extensions.enabledAddons: fvdmedia%40gmail.com:5.6.4
FF - prefs.js..extensions.enabledAddons: pavel.sherbakov%40gmail.com:6.7.7
FF - prefs.js..extensions.enabledAddons: veggy%40veggyAddon.com:1.0416509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015/02/13 00:41:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/03/26 02:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\{ea2d5bbc-69e9-36c9-3909-0ce5748707f6}
[2015/03/26 02:00:54 | 000,000,000 | ---D | M] ("EverSync - Sync bookmarks, backup your favorites.") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\fvdmedia@gmail.com
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Speed Dial [FVD] - New Tab Page, Sync...") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\pavel.sherbakov@gmail.com
[2015/03/26 02:00:57 | 000,000,000 | ---D | M] ("Mozilla Firefox Hotfixer") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\qzdrzyj3.default\extensions\veggy@veggyAddon.com
[2015/01/21 01:56:34 | 000,215,378 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
[2015/03/17 04:40:33 | 000,231,310 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2015/02/28 01:27:50 | 000,202,627 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2015/03/14 01:52:18 | 000,410,579 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2015/03/11 05:45:22 | 000,970,602 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\qzdrzyj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/03/26 02:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/26 02:12:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/13 00:41:45 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [TorrentRatioKeeper] C:\Users\Scott\AppData\Roaming\TORREN~1\TORREN~1.EXE /s File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\Scott\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C129844-70BA-4AE5-B77A-A10E80A8513D}: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/11 04:04:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell - "" = AutoRun
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell\AutoRun\command - "" = "I:\LaunchU3.exe" -a
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell\AutoRun\command - "" = "E:\setup.exe"
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = "D:\Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

G25r8cer · Mar 26, 2015

========== Files/Folders - Created Within 30 Days ==========

[2015/03/26 02:20:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/26 02:20:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2015/03/26 02:19:29 | 001,388,782 | ---- | C] (Thisisu) -- C:\Users\Scott\Desktop\JRT.exe
[2015/03/26 02:12:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2015/03/26 02:12:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla
[2015/03/26 02:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/03/26 02:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/26 00:32:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\IObit Driver Booster v2.2.0.160
[2015/03/24 03:35:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\BitTorrent
[2015/03/24 02:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2015/03/24 02:47:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\DMCache
[2015/03/23 05:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2015/03/23 05:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/03/23 05:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/03/23 03:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2015/03/23 03:52:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\qBittorrent
[2015/03/23 03:46:45 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/23 03:44:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Geek Uninstaller
[2015/03/23 03:18:03 | 000,000,000 | ---D | C] -- C:\Users\Scott\Doctor Web
[2015/03/23 02:45:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Passcape Software Reset Windows Password 4.1.0 Advanced Edition Full
[2015/03/23 01:48:13 | 000,000,000 | ---D | C] -- C:\Users\Scott\.swt
[2015/03/23 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Vuze Downloads
[2015/03/22 00:16:19 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\ahd_video_converter
[2015/03/21 03:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2015/03/21 02:33:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Frameworkx.com
[2015/03/20 03:44:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Android
[2015/03/20 03:29:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\JetBrains
[2015/03/20 03:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2015/03/20 02:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ShellIcons
[2015/03/18 04:28:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\cb07cc9234eb500809acfcb6316bcdd60a8900f8
[2015/03/18 02:32:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Apowersoft
[2015/03/18 02:32:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Apowersoft
[2015/03/18 02:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[2015/03/18 02:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft
[2015/03/18 01:55:09 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Torrent Ratio Keeper
[2015/03/18 01:55:09 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Ratio Keeper
[2015/03/15 05:42:50 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\VSO Downloader
[2015/03/15 05:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2015/03/15 05:38:57 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\ConvertXtoDVD
[2015/03/14 06:00:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\DVD Converter Ultimate
[2015/03/14 05:57:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Scott\AppData\Roaming\pcouffin.sys
[2015/03/14 05:57:35 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Vso
[2015/03/14 05:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2015/03/14 05:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2015/03/14 05:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2015/03/14 01:51:44 | 000,127,760 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2015/03/14 01:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2015/03/14 01:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2015/03/14 01:45:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2015/03/14 01:45:08 | 027,646,720 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2015/03/14 01:45:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2015/03/14 01:45:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2015/03/14 01:45:08 | 003,300,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2015/03/14 01:45:08 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2015/03/14 01:45:08 | 002,000,640 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO264.DLL
[2015/03/14 01:45:08 | 001,986,048 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2015/03/14 01:45:08 | 001,728,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO232.DLL
[2015/03/14 01:45:08 | 001,161,336 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2015/03/14 01:45:08 | 001,013,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/03/14 01:45:08 | 000,879,616 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2015/03/14 01:45:08 | 000,876,544 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2015/03/14 01:45:08 | 000,739,328 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2015/03/14 01:45:08 | 000,689,672 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2015/03/14 01:45:08 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2015/03/14 01:45:08 | 000,619,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMTHX64.DLL
[2015/03/14 01:45:08 | 000,554,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMTHX32.DLL
[2015/03/14 01:45:08 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2015/03/14 01:45:08 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2015/03/14 01:45:08 | 000,388,096 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2015/03/14 01:45:08 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2015/03/14 01:45:08 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2015/03/14 01:45:08 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2015/03/14 01:45:08 | 000,123,512 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2015/03/14 01:45:08 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2015/03/14 01:45:08 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2015/03/14 01:45:08 | 000,095,352 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2015/03/14 01:45:08 | 000,092,280 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2015/03/14 01:45:08 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2015/03/14 01:45:08 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2015/03/14 01:45:08 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2015/03/14 01:45:08 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2015/03/14 01:45:08 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2015/03/14 01:45:08 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2015/03/14 01:45:08 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2015/03/14 01:45:08 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2015/03/14 01:45:08 | 000,030,728 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\VMfilt64.sys
[2015/03/14 01:45:08 | 000,027,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2015/03/14 01:44:55 | 000,011,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys
[2015/03/14 01:44:21 | 000,876,760 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys
[2015/03/14 01:44:21 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2015/03/13 04:33:13 | 000,142,848 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\amdacpksl.sys
[2015/03/12 04:50:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2015/03/12 02:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2015/03/12 02:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2015/03/10 20:33:20 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe
[2015/03/10 20:33:19 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2015/03/10 20:33:16 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2015/03/10 20:33:16 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2015/03/10 20:33:15 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys
[2015/03/10 20:33:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winshfhc.dll
[2015/03/10 20:33:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winshfhc.dll
[2015/03/10 20:33:09 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2015/03/10 20:33:09 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2015/03/10 20:33:01 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2015/03/10 20:33:01 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2015/03/10 20:33:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2015/03/10 20:33:01 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2015/03/10 20:33:00 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/03/10 20:33:00 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/03/10 20:33:00 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/03/10 20:33:00 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/03/10 20:32:59 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2015/03/10 20:32:59 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2015/03/10 20:32:58 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll
[2015/03/10 20:32:58 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2015/03/10 20:32:58 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2015/03/10 20:32:58 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2015/03/10 20:32:58 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2015/03/10 20:32:58 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2015/03/10 20:32:57 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll
[2015/03/10 20:32:57 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2015/03/10 20:32:57 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atlthunk.dll
[2015/03/10 20:32:56 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2015/03/10 20:32:56 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2015/03/10 20:32:56 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/10 20:32:56 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/10 20:32:54 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2015/03/10 20:32:54 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2015/03/10 20:32:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StorageContextHandler.dll
[2015/03/10 20:32:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StorageContextHandler.dll
[2015/03/10 20:32:11 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/10 20:32:10 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/03/10 20:32:05 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/03/10 20:32:05 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2015/03/10 20:32:05 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2015/03/10 20:32:05 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2015/03/10 20:32:05 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2015/03/10 20:32:05 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2015/03/10 20:32:05 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2015/03/10 20:32:05 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015/03/10 20:32:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/03/10 20:32:05 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2015/03/10 20:32:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2015/03/10 20:31:57 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/03/10 20:31:53 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015/03/10 20:31:53 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/03/10 20:31:53 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/03/10 20:31:53 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/03/10 20:31:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/03/10 20:31:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/03/10 20:31:53 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/03/10 20:31:53 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/03/10 20:31:53 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/03/10 20:31:53 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/03/10 20:31:53 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/03/10 20:31:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015/03/10 20:31:53 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/03/10 20:31:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/03/10 20:31:53 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/03/10 20:31:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/03/10 20:31:53 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/03/10 20:31:41 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/03/10 20:31:41 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockScreenContentServer.exe
[2015/03/10 20:31:34 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2015/03/10 20:31:34 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2015/03/10 20:31:34 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/03/10 20:31:34 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll
[2015/03/10 20:31:34 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll
[2015/03/10 20:31:34 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015/03/10 20:31:34 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015/03/09 00:58:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Aiseesoft Studio
[2015/03/08 01:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/03/08 01:55:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\se_tmp
[2015/03/08 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\HMYGSetting
[2015/03/08 01:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2015/03/08 01:45:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Wondershare
[2015/03/07 04:21:51 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\4Videosoft Studio
[2015/03/07 04:19:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/07 04:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/07 04:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2015/03/07 02:16:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Corel
[2015/03/07 02:15:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Ulead Systems
[2015/03/07 02:15:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Corel PaintShop Pro
[2015/03/07 02:15:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Corel PaintShop Pro
[2015/03/07 02:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2015/03/07 02:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2015/03/07 02:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
[2015/03/07 02:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2015/03/06 04:10:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Auslogics
[2015/03/06 04:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2015/03/06 04:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2015/03/06 04:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2015/03/05 04:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/03/05 04:07:39 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/05 04:07:39 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/05 04:07:39 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/03/05 04:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/03/02 03:04:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Digiarty
[2015/03/02 01:55:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\DiskBoss Ultimate
[2015/03/02 01:51:30 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Hard Disk Sentinel
[2015/03/02 01:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2015/03/01 01:54:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Xilisoft
[2015/03/01 01:42:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WinAVI
[2015/03/01 01:42:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\WinAVI
[2015/03/01 01:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
[2015/03/01 01:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2015/03/01 01:24:52 | 000,033,872 | ---- | C] (AnvSoft Inc.) -- C:\Windows\SysNative\drivers\anvsnddrv.sys
[2015/03/01 01:21:14 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Aimersoft
[2015/03/01 01:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2015/03/01 01:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft Video Converter Ultimate
[2015/03/01 01:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft
[2015/02/28 02:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2015/02/28 02:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Premium
[2015/02/28 02:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2015/02/28 01:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit
[2015/02/26 03:09:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Registry Tweaks Win 8.1
[2015/02/25 02:46:43 | 000,000,000 | -HSD | C] -- C:\BOOT
[2015/02/25 01:45:11 | 000,189,000 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuFdDisk.sys
[2015/02/25 01:45:11 | 000,061,000 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eubakup.sys
[2015/02/25 01:45:11 | 000,018,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eudskacs.sys
[2015/02/25 01:45:08 | 000,061,000 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\.sys
[2015/02/24 03:21:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
[2015/02/24 03:20:52 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2015/02/24 03:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2015/02/24 03:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2015/02/24 03:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2015/02/24 02:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autoruns
[2014/07/10 02:16:28 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

G25r8cer · Mar 26, 2015

========== Files - Modified Within 30 Days ==========

[2015/03/26 02:20:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2015/03/26 02:19:31 | 001,388,782 | ---- | M] (Thisisu) -- C:\Users\Scott\Desktop\JRT.exe
[2015/03/26 02:19:18 | 002,168,320 | ---- | M] () -- C:\Users\Scott\Desktop\AdwCleaner.exe
[2015/03/26 02:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/26 02:05:48 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/26 02:05:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/03/26 02:05:00 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/26 01:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/03/24 02:08:16 | 000,000,876 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2015/03/23 05:20:23 | 000,001,420 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/03/23 02:58:12 | 000,000,110 | RH-- | M] () -- C:\Users\Scott\Desktop\Stinger.opt
[2015/03/23 01:45:20 | 000,000,218 | ---- | M] () -- C:\Users\Scott\AppData\Local\recently-used.xbel
[2015/03/22 03:00:38 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/03/22 03:00:38 | 000,730,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/03/22 03:00:38 | 000,135,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/03/22 00:13:54 | 000,099,384 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\inst.exe
[2015/03/22 00:13:54 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Scott\AppData\Roaming\pcouffin.sys
[2015/03/22 00:13:54 | 000,007,859 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\pcouffin.cat
[2015/03/22 00:13:54 | 000,001,167 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\pcouffin.inf
[2015/03/18 04:28:26 | 011,783,877 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\8.1.2.zip
[2015/03/18 02:32:34 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\Apowersoft Phone Manager.lnk
[2015/03/17 04:47:38 | 000,159,200 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\CrashRpt1402.dll
[2015/03/13 04:38:14 | 005,176,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/03/11 21:15:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/11 21:14:48 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/11 21:14:44 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/03/04 17:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/03/04 17:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/03/03 06:09:14 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2015/03/03 03:32:20 | 000,000,798 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/27 23:26:36 | 000,127,760 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2015/02/25 20:25:41 | 000,000,000 | -H-- | M] () -- C:\Users\Scott\Documents\Default.rdp
[2015/02/25 01:47:40 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\Eu(10-20140814).OD
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/03/26 02:19:15 | 002,168,320 | ---- | C] () -- C:\Users\Scott\Desktop\AdwCleaner.exe
[2015/03/26 02:12:37 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/03/23 05:20:23 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/03/23 02:58:12 | 000,000,110 | RH-- | C] () -- C:\Users\Scott\Desktop\Stinger.opt
[2015/03/23 01:45:20 | 000,000,218 | ---- | C] () -- C:\Users\Scott\AppData\Local\recently-used.xbel
[2015/03/18 04:28:24 | 011,783,877 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\8.1.2.zip
[2015/03/18 02:32:34 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Apowersoft Phone Manager.lnk
[2015/03/17 04:47:38 | 000,159,200 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\CrashRpt1402.dll
[2015/03/15 05:41:25 | 000,041,304 | ---- | C] () -- C:\Windows\SysNative\drivers\eve.sys
[2015/03/14 05:57:36 | 000,099,384 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\inst.exe
[2015/03/14 05:57:36 | 000,007,859 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.cat
[2015/03/14 05:57:36 | 000,001,167 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.inf
[2015/03/10 20:33:10 | 000,396,419 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/03/08 01:45:50 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\dllhost.exe.config
[2015/03/01 01:21:04 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2015/02/26 03:19:01 | 000,001,627 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WDMYCLOUD.lnk
[2015/02/25 20:25:41 | 000,000,000 | -H-- | C] () -- C:\Users\Scott\Documents\Default.rdp
[2015/02/25 01:45:22 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Eu(10-20140814).OD
[2015/02/25 01:45:08 | 000,048,200 | ---- | C] () -- C:\Windows\SysNative\drivers\EUBKMON.sys
[2015/02/23 04:52:19 | 000,269,792 | ---- | C] () -- C:\ProgramData\1424681455.bdinstall.bin
[2015/02/13 04:54:56 | 000,880,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/11 06:03:07 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/01/27 02:51:44 | 000,004,608 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/01/07 04:23:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2015/01/07 04:23:41 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/01/01 02:42:53 | 000,000,798 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/29 05:14:02 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SCOOTER-Microsoft-Windows-8.1-Pro-(64-bit).dat
[2014/12/28 03:33:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/12/01 02:46:38 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2014/12/01 02:46:24 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/04/18 00:31:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/03/18 06:05:40 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014/12/28 03:26:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 13:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 13:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/12/01 02:46:26 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/12/01 02:46:35 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/12/01 02:46:26 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Scott\OneDrive:ms-properties

< End of report >

G25r8cer · Mar 27, 2015

The problem came back again so..

Well I strongly believe this is an internal infection of Firefox. As nothing else on my system is suffering. So, I have Backed up just my bookmarks and wrote down all my passwords. And completely reinstalled firefox.

All seems well again.

First time I have had to create a new FF profile in years!

I would still like to have someone go over my logs to see if there is anything suspicious.

I have ran Mbam, Hitmanpro, and superantipyware (all paid versions). Every one of them kept finding bad things in the FF profile. That's when I decided to start over

johnb35 · Mar 27, 2015

Sorry about not this but I didn't have time yesterday to reply, was in and out all day yesterday and was gone all evening. From what I saw in your OTL log there was a remnant of veggy still in firefox and some other extensions that could have caused it. The only thing I would have recommended anyway was to reset firefox back to defaults and try again.

Now that you have reset it, can you rerun just adwcleaner and OTL and post the logs?

Agent Smith · Mar 28, 2015

Use Sandboxie next time. If you want to do this I can tell you how to do it.

https://blog.************.net/?p=42

G25r8cer · Mar 28, 2015

# AdwCleaner v4.113 - Logfile created 28/03/2015 at 00:51:35
# Updated 22/03/2015 by Xplode
# Database : 2015-03-27.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Scott - SCOOTER
# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\GreenTree Applications

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Found : [x64] HKCU\Software\Appscion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v37.0 (x86 en-US)

*************************

AdwCleaner[R3].txt - [1050 bytes] - [28/03/2015 00:51:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1109 bytes] ##########

G25r8cer · Mar 28, 2015

OTL logfile created on: 3/28/2015 12:53:31 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 30.43% Memory free
7.50 Gb Paging File | 5.57 Gb Available in Paging File | 74.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 289.71 Gb Free Space | 62.25% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.30 Gb Free Space | 84.59% Space Free | Partition Type: FAT32
Drive J: | 14.90 Gb Total Space | 7.09 Gb Free Space | 47.55% Space Free | Partition Type: FAT32
Drive Z: | 1829.36 Gb Total Space | 608.66 Gb Free Space | 33.27% Space Free | Partition Type: NTFS

Computer Name: SCOOTER | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/03/27 04:33:00 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/03/26 02:20:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2015/03/23 20:01:52 | 003,981,912 | ---- | M] (BitTorrent Inc.) -- C:\Users\Scott\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2015/03/11 21:13:28 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/03/11 21:13:26 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/03/11 21:13:18 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2011/03/07 02:01:10 | 001,041,408 | ---- | M] (Torrent Ratio Keeper) -- C:\Users\Scott\AppData\Roaming\Torrent Ratio Keeper\TorrentRatioKeeper.exe

========== Modules (No Company Name) ==========

MOD - [2015/01/21 16:01:54 | 008,898,720 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015/02/11 06:02:54 | 001,357,104 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2015/02/03 19:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/02/03 19:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/12/17 23:12:00 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/05 21:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/12/01 08:46:24 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/12/01 02:46:40 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/12/01 02:46:39 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/12/01 02:46:39 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/12/01 02:46:34 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/12/01 02:46:33 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/12/01 02:46:33 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/12/01 02:46:33 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/12/01 02:46:32 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/12/01 02:46:32 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/12/01 02:46:31 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/12/01 02:46:30 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/12/01 02:46:30 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/12/01 02:46:30 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/12/01 02:46:29 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/12/01 02:46:29 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/12/01 02:46:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/12/01 02:46:29 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/12/01 02:46:28 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/12/01 02:46:28 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/12/01 02:46:28 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/12/01 02:46:28 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/12/01 02:46:28 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/12/01 02:46:28 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/12/01 02:46:27 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/12/01 02:46:26 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/12/01 02:46:26 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/12/01 02:46:24 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/12/01 02:46:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/07/22 19:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/12/11 13:00:52 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe -- (mi-raysat_3dsmax2015_64)
SRV - [2015/03/27 04:33:00 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/03/11 21:13:28 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/03/11 21:13:26 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/02/04 14:58:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/04 22:27:44 | 000,599,944 | ---- | M] (Autodesk Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe -- (AdAppMgrSvc)
SRV - [2014/12/01 08:46:24 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/12/01 02:46:36 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/12/01 02:46:24 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/12/01 02:46:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/07/14 16:26:54 | 000,786,256 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2014/02/07 03:03:18 | 000,031,192 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2013/09/23 05:19:06 | 000,013,824 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\unsignedthemes.exe -- (UnsignedThemes)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

G25r8cer · Mar 28, 2015

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/03/27 03:23:07 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/03/11 21:15:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/03/11 21:14:44 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/02/27 23:26:36 | 000,127,760 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2015/02/14 05:59:46 | 000,030,352 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtproscsibus.sys -- (dtproscsibus)
DRV:64bit: - [2015/02/03 19:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/02/03 19:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/02/03 19:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/12/11 20:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/12/01 02:46:42 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/12/01 02:46:40 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/12/01 02:46:40 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/12/01 02:46:32 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/12/01 02:46:31 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/12/01 02:46:31 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/12/01 02:46:31 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/12/01 02:46:29 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/12/01 02:46:23 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/12/01 02:46:23 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/12/01 02:46:23 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/12/01 02:46:23 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/12/01 02:46:23 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/12/01 02:46:23 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/12/01 02:46:23 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/11/24 01:16:32 | 000,700,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_im.sys -- (Uim_IM)
DRV:64bit: - [2014/11/24 01:16:32 | 000,102,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\UimBus.sys -- (UimBus)
DRV:64bit: - [2014/11/24 01:16:32 | 000,025,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_devim.sys -- (Uim_DEVIM)
DRV:64bit: - [2014/11/19 03:29:16 | 000,876,760 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/11/10 14:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/11/06 05:30:58 | 000,689,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2014/11/04 15:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/10/17 00:56:24 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/17 00:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/16 23:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/08/16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/05/16 15:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/04/18 00:31:50 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2014/04/10 12:05:24 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2014/04/09 22:05:52 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/18 20:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/18 20:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/03/18 06:05:23 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 06:05:07 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 06:05:05 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 06:05:05 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 06:05:05 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 05:43:18 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014/03/18 05:43:10 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2014/03/18 05:43:10 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014/03/18 05:43:10 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2014/03/18 05:43:10 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2014/03/18 05:43:10 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/23 05:19:04 | 000,031,440 | ---- | M] (The Within Network, LLC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxstyle.sys -- (uxstyle)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:40:18 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 14:30:32 | 002,408,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013/06/18 10:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2013/05/17 15:13:26 | 000,017,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2013/03/08 10:47:44 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2012/11/22 12:13:04 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/11/22 12:12:57 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2012/11/22 12:12:57 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2012/10/03 17:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/19 10:09:14 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/19 10:05:46 | 011,926,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/07/01 13:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D B3 65 14 32 38 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

G25r8cer · Mar 28, 2015

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "chrome://fvd.speeddial/content/fvd_about_blank.html"
FF - prefs.js..extensions.enabledAddons: pavel.sherbakov%40gmail.com:6.7.7
FF - prefs.js..extensions.enabledAddons: fvdmedia%40gmail.com:5.6.4
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.5.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/03/27 03:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions
[2015/03/27 03:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\17spqh79.default\extensions
[2015/03/27 03:25:34 | 000,000,000 | ---D | M] ("EverSync - Sync bookmarks, backup your favorites.") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\17spqh79.default\extensions\fvdmedia@gmail.com
[2015/03/27 03:25:34 | 000,000,000 | ---D | M] ("Speed Dial [FVD] - New Tab Page, Sync...") -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\17spqh79.default\extensions\pavel.sherbakov@gmail.com
[2015/03/27 03:53:23 | 000,231,310 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\17spqh79.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2015/03/27 03:51:48 | 000,970,602 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\17spqh79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/03/27 03:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/27 03:24:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Users\Scott\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [TorrentRatioKeeper] C:\Users\Scott\AppData\Roaming\TORREN~1\TORREN~1.EXE /s File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\Scott\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C129844-70BA-4AE5-B77A-A10E80A8513D}: DhcpNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/11 04:04:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell - "" = AutoRun
O33 - MountPoints2\{522bc16e-90b8-11e4-8266-00f1310000fc}\Shell\AutoRun\command - "" = "I:\LaunchU3.exe" -a
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c737fe90-b402-11e4-827f-005056c00008}\Shell\AutoRun\command - "" = "E:\setup.exe"
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = "D:\Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/03/28 00:51:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/28 00:51:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2015/03/27 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2015/03/27 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla
[2015/03/27 03:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/03/27 03:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/26 03:48:05 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2015/03/26 03:33:05 | 003,677,488 | ---- | C] (Logitech Inc.) -- C:\Users\Scott\Desktop\SetPoint6.65.62_smart.exe
[2015/03/26 02:56:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Tools (update regularly)
[2015/03/26 00:32:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\IObit Driver Booster v2.2.0.160
[2015/03/24 03:35:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\BitTorrent
[2015/03/24 02:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2015/03/24 02:47:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\DMCache
[2015/03/23 05:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2015/03/23 05:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/03/23 05:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/03/23 03:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2015/03/23 03:52:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\qBittorrent
[2015/03/23 03:46:45 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/23 03:44:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Geek Uninstaller
[2015/03/23 03:18:03 | 000,000,000 | ---D | C] -- C:\Users\Scott\Doctor Web
[2015/03/23 01:48:13 | 000,000,000 | ---D | C] -- C:\Users\Scott\.swt
[2015/03/23 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Vuze Downloads
[2015/03/22 00:16:19 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\ahd_video_converter
[2015/03/21 03:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2015/03/21 02:33:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Frameworkx.com
[2015/03/20 03:44:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Android
[2015/03/20 03:29:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\JetBrains
[2015/03/20 03:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2015/03/20 02:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ShellIcons
[2015/03/18 04:28:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\cb07cc9234eb500809acfcb6316bcdd60a8900f8
[2015/03/18 02:32:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Apowersoft
[2015/03/18 02:32:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Apowersoft
[2015/03/18 02:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[2015/03/18 02:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft
[2015/03/18 01:55:09 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Torrent Ratio Keeper
[2015/03/18 01:55:09 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Ratio Keeper
[2015/03/15 05:42:50 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\VSO Downloader
[2015/03/15 05:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2015/03/15 05:38:57 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\ConvertXtoDVD
[2015/03/14 06:00:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\DVD Converter Ultimate
[2015/03/14 05:57:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Scott\AppData\Roaming\pcouffin.sys
[2015/03/14 05:57:35 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Vso
[2015/03/14 05:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2015/03/14 05:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2015/03/14 05:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2015/03/14 01:51:44 | 000,127,760 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2015/03/14 01:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2015/03/14 01:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2015/03/14 01:45:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2015/03/14 01:45:08 | 027,646,720 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2015/03/14 01:45:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2015/03/14 01:45:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2015/03/14 01:45:08 | 003,300,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2015/03/14 01:45:08 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2015/03/14 01:45:08 | 002,000,640 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO264.DLL
[2015/03/14 01:45:08 | 001,986,048 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2015/03/14 01:45:08 | 001,728,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO232.DLL
[2015/03/14 01:45:08 | 001,161,336 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2015/03/14 01:45:08 | 001,013,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/03/14 01:45:08 | 000,879,616 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2015/03/14 01:45:08 | 000,876,544 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2015/03/14 01:45:08 | 000,739,328 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2015/03/14 01:45:08 | 000,689,672 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2015/03/14 01:45:08 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2015/03/14 01:45:08 | 000,619,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMTHX64.DLL
[2015/03/14 01:45:08 | 000,554,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMTHX32.DLL
[2015/03/14 01:45:08 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2015/03/14 01:45:08 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2015/03/14 01:45:08 | 000,388,096 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2015/03/14 01:45:08 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2015/03/14 01:45:08 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2015/03/14 01:45:08 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2015/03/14 01:45:08 | 000,123,512 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2015/03/14 01:45:08 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2015/03/14 01:45:08 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2015/03/14 01:45:08 | 000,095,352 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2015/03/14 01:45:08 | 000,092,280 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2015/03/14 01:45:08 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2015/03/14 01:45:08 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2015/03/14 01:45:08 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2015/03/14 01:45:08 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2015/03/14 01:45:08 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2015/03/14 01:45:08 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2015/03/14 01:45:08 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2015/03/14 01:45:08 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2015/03/14 01:45:08 | 000,030,728 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\VMfilt64.sys
[2015/03/14 01:45:08 | 000,027,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2015/03/14 01:44:55 | 000,011,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys
[2015/03/14 01:44:21 | 000,876,760 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys
[2015/03/14 01:44:21 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2015/03/13 04:33:13 | 000,142,848 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\amdacpksl.sys
[2015/03/12 04:50:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2015/03/12 02:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2015/03/12 02:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2015/03/10 20:33:20 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe
[2015/03/10 20:33:19 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2015/03/10 20:33:16 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2015/03/10 20:33:16 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2015/03/10 20:33:15 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys
[2015/03/10 20:33:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winshfhc.dll
[2015/03/10 20:33:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winshfhc.dll
[2015/03/10 20:33:09 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2015/03/10 20:33:09 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2015/03/10 20:33:01 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2015/03/10 20:33:01 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2015/03/10 20:33:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2015/03/10 20:33:01 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2015/03/10 20:33:00 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/03/10 20:33:00 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/03/10 20:33:00 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/03/10 20:33:00 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/03/10 20:32:59 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2015/03/10 20:32:59 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2015/03/10 20:32:58 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll
[2015/03/10 20:32:58 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2015/03/10 20:32:58 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2015/03/10 20:32:58 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2015/03/10 20:32:58 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2015/03/10 20:32:58 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2015/03/10 20:32:57 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll
[2015/03/10 20:32:57 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2015/03/10 20:32:57 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atlthunk.dll
[2015/03/10 20:32:56 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2015/03/10 20:32:56 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2015/03/10 20:32:56 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/10 20:32:56 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/10 20:32:54 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2015/03/10 20:32:54 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2015/03/10 20:32:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StorageContextHandler.dll
[2015/03/10 20:32:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StorageContextHandler.dll
[2015/03/10 20:32:11 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/10 20:32:10 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/03/10 20:32:05 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/03/10 20:32:05 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2015/03/10 20:32:05 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2015/03/10 20:32:05 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2015/03/10 20:32:05 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2015/03/10 20:32:05 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2015/03/10 20:32:05 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2015/03/10 20:32:05 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015/03/10 20:32:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/03/10 20:32:05 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2015/03/10 20:32:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2015/03/10 20:31:57 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/03/10 20:31:53 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015/03/10 20:31:53 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/03/10 20:31:53 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/03/10 20:31:53 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/03/10 20:31:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/03/10 20:31:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/03/10 20:31:53 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/03/10 20:31:53 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/03/10 20:31:53 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/03/10 20:31:53 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/03/10 20:31:53 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/03/10 20:31:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015/03/10 20:31:53 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/03/10 20:31:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/03/10 20:31:53 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/03/10 20:31:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/03/10 20:31:53 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/03/10 20:31:41 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/03/10 20:31:41 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockScreenContentServer.exe
[2015/03/10 20:31:34 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2015/03/10 20:31:34 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2015/03/10 20:31:34 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/03/10 20:31:34 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll
[2015/03/10 20:31:34 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll
[2015/03/10 20:31:34 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015/03/10 20:31:34 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015/03/09 00:58:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Aiseesoft Studio
[2015/03/08 01:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/03/08 01:55:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\se_tmp
[2015/03/08 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\HMYGSetting
[2015/03/08 01:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2015/03/08 01:45:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Wondershare
[2015/03/07 04:21:51 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\4Videosoft Studio
[2015/03/07 04:19:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/07 04:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/07 04:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2015/03/07 02:16:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Corel
[2015/03/07 02:15:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Ulead Systems
[2015/03/07 02:15:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Corel PaintShop Pro
[2015/03/07 02:15:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Corel PaintShop Pro
[2015/03/07 02:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2015/03/07 02:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2015/03/07 02:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
[2015/03/07 02:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2015/03/06 04:10:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Auslogics
[2015/03/06 04:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2015/03/06 04:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2015/03/06 04:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2015/03/05 04:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/03/05 04:07:39 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/05 04:07:39 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/05 04:07:39 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/03/05 04:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/03/02 03:04:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Digiarty
[2015/03/02 01:55:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\DiskBoss Ultimate
[2015/03/02 01:51:30 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Hard Disk Sentinel
[2015/03/02 01:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2015/03/01 01:54:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Xilisoft
[2015/03/01 01:42:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WinAVI
[2015/03/01 01:42:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\WinAVI
[2015/03/01 01:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
[2015/03/01 01:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2015/03/01 01:24:52 | 000,033,872 | ---- | C] (AnvSoft Inc.) -- C:\Windows\SysNative\drivers\anvsnddrv.sys
[2015/03/01 01:21:14 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Aimersoft
[2015/03/01 01:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2015/03/01 01:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft Video Converter Ultimate
[2015/03/01 01:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft
[2015/02/28 02:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2015/02/28 02:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Premium
[2015/02/28 02:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2015/02/28 01:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit
[2015/02/26 03:09:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Registry Tweaks Win 8.1
[2014/07/10 02:16:28 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

G25r8cer · Mar 28, 2015

========== Files Created - No Company Name ==========

[2015/03/28 00:50:54 | 002,168,320 | ---- | C] () -- C:\Users\Scott\Desktop\AdwCleaner.exe
[2015/03/27 03:24:37 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/03/23 05:20:23 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/03/23 02:58:12 | 000,000,110 | RH-- | C] () -- C:\Users\Scott\Desktop\Stinger.opt
[2015/03/23 01:45:20 | 000,000,218 | ---- | C] () -- C:\Users\Scott\AppData\Local\recently-used.xbel
[2015/03/18 04:28:24 | 011,783,877 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\8.1.2.zip
[2015/03/18 02:32:34 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Apowersoft Phone Manager.lnk
[2015/03/17 04:47:38 | 000,159,200 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\CrashRpt1402.dll
[2015/03/15 05:41:25 | 000,041,304 | ---- | C] () -- C:\Windows\SysNative\drivers\eve.sys
[2015/03/14 05:57:36 | 000,099,384 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\inst.exe
[2015/03/14 05:57:36 | 000,007,859 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.cat
[2015/03/14 05:57:36 | 000,001,167 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.inf
[2015/03/10 20:33:10 | 000,396,419 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/03/08 01:45:50 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\dllhost.exe.config
[2015/03/01 01:21:04 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2015/02/26 03:19:01 | 000,001,627 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WDMYCLOUD.lnk
[2015/02/23 04:52:19 | 000,269,792 | ---- | C] () -- C:\ProgramData\1424681455.bdinstall.bin
[2015/02/13 04:54:56 | 000,880,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/11 06:03:07 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/01/27 02:51:44 | 000,004,608 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/01/07 04:23:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2015/01/07 04:23:41 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/01/01 02:42:53 | 000,000,798 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/29 05:14:02 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SCOOTER-Microsoft-Windows-8.1-Pro-(64-bit).dat
[2014/12/28 03:33:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/12/01 02:46:38 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2014/12/01 02:46:24 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/04/18 00:31:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/03/18 06:05:40 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014/12/28 03:26:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 13:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 13:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/12/01 02:46:26 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/12/01 02:46:35 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/12/01 02:46:26 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Scott\OneDrive:ms-properties

< End of report >

G25r8cer · Mar 28, 2015

Agent Smith said:
Use Sandboxie next time. If you want to do this I can tell you how to do it.

https://blog.************.net/?p=42

I have used it before but, a very long time ago. I do have multiple instances of Win XP in virtualbox and I guess I should use them more often when I feel necessary. I just get sick of copying files back and forth.

Unfort I don't have the hardware necessary to run win 8.1 properly in a VM or I would be doing so already.

I will also get into the habbit of manually creating restore points on a regular basis.

Note: I do make complete HD backups to an external drive using Paragon Hard Disk Manager 15. I could have reverted to that image but it was made about a month ago and I would have lost tons of changes.

I need to find a more efficient backup program. Something that will run on a schedule or automatic once file changes are made on the Host computer. Any recommendations? Paid options are welcome

I would like to exclude certain folders, auto backup, scheduled backup, backups changes only.

In the next month or so this backup hard drive will be connected to a router via USB 2.0 (limited by the enclosure). So a program that works seamlessly with a network drive would be awesome! No matter the cost.

I believe Paragon offers this however I don't know how to initially set it up. Any help?

Agent Smith · Mar 28, 2015

Sandboxie is not like an OS emulator/virtual machine. It's just a sandbox for your browser or other programs. When you download a file you just click the recover button.

I would also use the NoScript addon and you can disable it, but keep basic protection on to lessen cumbersomeness.

G25r8cer · Mar 29, 2015

Yes I know sandboxie is not a VM I was just saying I should use mine more often for "suspicous" things.

Malwarebytes seems to catch and block a pretty decent amount of bad sites though.

Has anyone heard of this "veggy" addon? Not sure where it came from.

Does anything in my new logs look bad? I would like to be sure I have a nice clean system before making a new image backup.

johnb35 · Mar 29, 2015

Rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and then click on the run fix button up top.

Code:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - user.js - File not found

I did notice that you are running a driver update program from IObit called driver booster. I wouldn't recommend using any driver update programs.

Also noticed this folder.

C:\Users\Public\Documents\Baidu

Baidu is malware but check contents of folder and delete.

Firefox crashing on startup and restarting

Active Member

Active Member

Active Member

Active Member

Active Member

Active Member

Active Member

Active Member

Active Member

Administrator

Well-Known Member

Active Member

Active Member

Active Member

Active Member

Active Member

Active Member

Well-Known Member

Active Member

Administrator