My latest malware, adware scans...

farmerjohn1324 · Mar 5, 2016

What does this tell you?

My current symptoms, even after running these removal tools are that I will be browsing a site, such as HomeDepot.com and a popup will say I have adware (this is after running AdWCleaner).

I deleted FireFox and now use only Internet Explorer. What browser do the pros use and why?

farmerjohn1324 · Mar 5, 2016

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 09:17:50
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 10 Home (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\5a54b87b-10c5-1
[-] Folder Deleted : C:\ProgramData\5a54b87b-5861-0
[-] Folder Deleted : C:\ProgramData\97790e8c-20d3-0
[-] Folder Deleted : C:\ProgramData\97790e8c-20f5-0
[-] Folder Deleted : C:\ProgramData\97790e8c-3487-1
[-] Folder Deleted : C:\ProgramData\97790e8c-4105-1
[-] Folder Deleted : C:\ProgramData\97790e8c-48b7-0
[-] Folder Deleted : C:\ProgramData\97790e8c-4c07-0
[-] Folder Deleted : C:\ProgramData\97790e8c-5041-1
[-] Folder Deleted : C:\ProgramData\97790e8c-6277-0
[-] Folder Deleted : C:\ProgramData\97790e8c-6c25-0
[-] Folder Deleted : C:\ProgramData\c17239ee
[-] Folder Deleted : C:\ProgramData\{01398df3-312c-0}
[-] Folder Deleted : C:\ProgramData\{0aab9cb8-512c-1}
[-] Folder Deleted : C:\ProgramData\{1005e249-112c-0}
[-] Folder Deleted : C:\ProgramData\{128a052c-112c-0}
[-] Folder Deleted : C:\ProgramData\{20399c1b-412c-1}

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\LavasoftTcpServiceOff.ini

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com

***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ljibkigjccbegnbeojkoafejpoiachej

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5923 bytes] - [03/02/2016 23:35:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [2072 bytes] - [05/03/2016 09:17:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [5223 bytes] - [03/02/2016 23:27:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [5541 bytes] - [03/02/2016 23:32:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [5541 bytes] - [03/02/2016 23:34:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [2228 bytes] - [05/03/2016 09:05:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2437 bytes] ##########

farmerjohn1324 · Mar 5, 2016

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x86
Ran by User (Administrator) on Sat 03/05/2016 at 8:46:20.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-6A238A86.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/05/2016 at 8:50:33.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

farmerjohn1324 · Mar 5, 2016

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/5/2016
Scan Time: 8:20 AM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.05.03
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355669
Time Elapsed: 14 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

farmerjohn1324 · Mar 5, 2016

OTL logfile created on: 3/5/2016 9:25:15 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Computer Cleaning Programs
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 73.16% Memory free
7.00 Gb Paging File | 6.02 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.35 Gb Total Space | 192.04 Gb Free Space | 82.65% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/02/23 05:23:02 | 001,351,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
PRC - [2016/02/10 19:27:45 | 000,551,112 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/02/05 11:48:16 | 000,281,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
PRC - [2016/02/04 01:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Computer Cleaning Programs\OTL.exe
PRC - [2016/02/03 03:18:19 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2016/01/29 01:33:48 | 004,064,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/01/20 20:23:20 | 000,191,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
PRC - [2016/01/04 21:44:14 | 006,082,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2015/12/26 23:39:09 | 007,021,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 20:11:12 | 000,540,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontdrvhost.exe
PRC - [2015/10/30 00:44:55 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sihost.exe
PRC - [2015/10/30 00:44:46 | 000,073,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2015/10/30 00:44:45 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2015/10/30 00:44:40 | 000,071,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostw.exe
PRC - [2015/10/30 00:15:19 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_1a6aede66ddb29e0\TiWorker.exe
PRC - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
PRC - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2015/04/15 08:43:18 | 001,209,344 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2015/01/13 16:41:06 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

========== Modules (No Company Name) ==========

MOD - [2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\Windows\System32\CoreUIComponents.dll
MOD - [2016/02/23 02:48:32 | 000,316,416 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
MOD - [2016/02/11 22:43:08 | 000,733,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\79b0ecdc1d202c5491da0f58f0b361e2\System.Security.ni.dll
MOD - [2016/02/11 04:05:04 | 000,390,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\93bdfc942234dcac6772eef1034a8f7d\System.Xml.Linq.ni.dll
MOD - [2016/02/11 04:05:03 | 007,378,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e556397747c99d9c4fc5f4f939c8c6f0\System.Xml.ni.dll
MOD - [2016/02/11 04:04:56 | 001,876,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\eea5df710c79332df59430bf7854018c\System.Xaml.ni.dll
MOD - [2016/02/11 04:04:41 | 000,218,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\bc1c2b249a4b44ec6b90afa220bc2f26\System.ServiceProcess.ni.dll
MOD - [2016/02/11 04:04:39 | 002,772,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\29d45c65598ec75c9ad1f324ace8955c\System.Runtime.Serialization.ni.dll
MOD - [2016/02/11 04:04:34 | 001,150,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\26c5afea638c0b7aabfbf0de6fd85643\System.Management.ni.dll
MOD - [2016/02/11 04:04:29 | 007,839,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9c808d0eeb670a8e8b1781c54c2b8b1e\System.Data.ni.dll
MOD - [2016/02/11 04:04:22 | 000,970,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\dbc19a007569ea2001a975050da8b3af\System.Configuration.ni.dll
MOD - [2016/02/11 04:04:18 | 019,074,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\cdb09dfde216cb81df179801e5fbc764\PresentationFramework.ni.dll
MOD - [2016/02/11 04:03:59 | 011,559,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\2be64c7b72fe6d610b0d9368d9ec88df\PresentationCore.ni.dll
MOD - [2016/02/11 04:03:47 | 003,956,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0521c88cc609dcdfc595b00aeaffc1cc\WindowsBase.ni.dll
MOD - [2016/02/11 04:03:40 | 007,485,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\aef92996898ded5b2ca78fecfa86d323\System.Core.ni.dll
MOD - [2016/02/11 04:03:32 | 010,182,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c9b4fd28dc3c397b3d68f1082b65c3fc\System.ni.dll
MOD - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/01/21 22:40:51 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2016/01/16 00:09:45 | 002,656,768 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
MOD - [2016/01/16 00:06:42 | 002,366,464 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
MOD - [2016/01/04 20:23:28 | 005,340,672 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
MOD - [2016/01/04 20:19:27 | 000,471,552 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
MOD - [2015/12/26 23:39:11 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/12/26 23:39:07 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/12/26 23:39:06 | 000,469,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/12/26 23:39:02 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/12/25 01:24:50 | 000,271,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\10a6336dea6e3c1f1fe4d9e2f75a236c\System.Numerics.ni.dll
MOD - [2015/12/25 01:21:37 | 000,194,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\187bd685c44f610586ac25dac5327c26\CustomMarshalers.ni.dll
MOD - [2015/12/06 23:11:10 | 000,070,656 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
MOD - [2015/12/06 20:53:22 | 018,137,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\7861e52ba2d943b167d29bdb87ff9d05\mscorlib.ni.dll
MOD - [2015/05/15 15:27:10 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2015/05/15 15:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - [2016/02/23 05:17:21 | 001,174,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/02/23 03:25:27 | 000,722,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblGameSave.dll -- (XblGameSave)
SRV - [2016/02/23 03:21:49 | 000,498,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ngcsvc.dll -- (NgcSvc)
SRV - [2016/02/23 02:49:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NetSetupSvc.dll -- (NetSetupSvc)
SRV - [2016/02/23 02:48:47 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2016/02/23 02:43:24 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2016/02/23 02:43:02 | 000,411,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SmsRouterSvc.dll -- (SmsRouter)
SRV - [2016/02/23 02:42:23 | 000,238,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2016/02/23 02:36:21 | 000,484,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2016/02/23 02:35:10 | 000,538,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblAuthManager.dll -- (XblAuthManager)
SRV - [2016/02/23 02:29:47 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2016/02/23 02:29:22 | 000,949,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\Unistore.dll -- (UnistoreSvc)
SRV - [2016/02/23 02:20:22 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2016/02/23 02:13:49 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\UserDataService.dll -- (UserDataSvc)
SRV - [2016/02/23 01:56:41 | 001,887,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2016/02/11 21:16:56 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/02/10 20:17:18 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/05 11:47:38 | 000,239,880 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe -- (McComponentHostService)
SRV - [2016/01/16 00:19:43 | 001,552,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2016/01/04 20:41:02 | 000,588,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PhoneService.dll -- (PhoneSvc)
SRV - [2016/01/04 20:35:58 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\usermgr.dll -- (UserManager)
SRV - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/08 20:11:07 | 000,240,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorService.dll -- (SensorService)
SRV - [2015/12/08 20:11:07 | 000,131,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tetheringservice.dll -- (icssvc)
SRV - [2015/12/08 20:11:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\tzautoupdate.dll -- (tzautoupdate)
SRV - [2015/12/08 20:03:59 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/12/08 20:03:57 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/12/06 23:12:17 | 000,820,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV - [2015/12/06 23:00:38 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\moshost.dll -- (MapsBroker)
SRV - [2015/10/30 01:57:35 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2015/10/30 00:45:46 | 000,783,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\RDXService.dll -- (RetailDemo)
SRV - [2015/10/30 00:45:46 | 000,425,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WalletService.dll -- (WalletService)
SRV - [2015/10/30 00:45:46 | 000,387,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2015/10/30 00:45:46 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2015/10/30 00:45:15 | 000,144,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2015/10/30 00:45:13 | 001,401,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2015/10/30 00:45:11 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/30 00:45:07 | 000,900,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorDataService.exe -- (SensorDataService)
SRV - [2015/10/30 00:45:07 | 000,612,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2015/10/30 00:45:06 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/10/30 00:44:57 | 000,294,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2015/10/30 00:44:57 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpnservice.dll -- (WpnService)
SRV - [2015/10/30 00:44:55 | 000,380,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\tileobjserver.dll -- (tiledatamodelsvc)
SRV - [2015/10/30 00:44:55 | 000,221,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV - [2015/10/30 00:44:55 | 000,202,752 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV - [2015/10/30 00:44:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DevQueryBroker.dll -- (DevQueryBroker)
SRV - [2015/10/30 00:44:55 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:44:55 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\LicenseManagerSvc.dll -- (LicenseManager)
SRV - [2015/10/30 00:44:53 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:44:53 | 000,548,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:44:53 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\cdpsvc.dll -- (CDPSvc)
SRV - [2015/10/30 00:44:53 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\embeddedmodesvc.dll -- (embeddedmode)
SRV - [2015/10/30 00:44:53 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AJRouter.dll -- (AJRouter)
SRV - [2015/10/30 00:44:51 | 002,885,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2015/10/30 00:44:51 | 000,804,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dosvc.dll -- (DoSvc)
SRV - [2015/10/30 00:44:51 | 000,251,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\usocore.dll -- (UsoSvc)
SRV - [2015/10/30 00:44:49 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2015/10/30 00:44:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2015/10/30 00:44:47 | 000,510,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ClipSVC.dll -- (ClipSVC)
SRV - [2015/10/30 00:44:47 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2015/10/30 00:44:47 | 000,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2015/10/30 00:44:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV - [2015/10/30 00:44:45 | 000,355,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2015/10/30 00:44:45 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2015/10/30 00:44:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2015/10/30 00:44:43 | 000,272,896 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\APHostService.dll -- (OneSyncSvc)
SRV - [2015/10/30 00:44:43 | 000,256,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TieringEngineService.exe -- (TieringEngineService)
SRV - [2015/10/30 00:44:43 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dcpsvc.dll -- (DcpSvc)
SRV - [2015/10/30 00:44:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2015/10/30 00:44:43 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2015/10/30 00:44:42 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dssvc.dll -- (DsSvc)
SRV - [2015/10/30 00:44:40 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV - [2015/10/30 00:44:40 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:44:40 | 000,047,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dmwappushsvc.dll -- (dmwappushservice)
SRV - [2015/10/30 00:44:38 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\MessagingService.dll -- (MessagingService)
SRV - [2015/10/30 00:44:37 | 000,449,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2015/10/30 00:44:35 | 000,280,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2015/10/30 00:44:35 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2015/10/30 00:44:35 | 000,023,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvmsession)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2015/10/30 00:44:27 | 002,718,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/30 00:44:25 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\BthHFSrv.dll -- (BthHFSrv)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

========== Driver Services (SafeList) ==========

DRV - [2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2016/02/23 03:36:09 | 000,429,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2016/02/23 03:25:15 | 000,201,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xboxgip.sys -- (xboxgip)
DRV - [2016/02/23 03:22:46 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xinputhid.sys -- (xinputhid)
DRV - [2016/01/20 23:46:47 | 000,449,384 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/12/26 23:39:56 | 000,081,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/12/26 23:39:15 | 000,117,712 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/12/26 23:39:14 | 000,209,432 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/12/26 23:39:14 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/12/26 23:39:14 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/12/26 23:39:13 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/12/08 20:11:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\capimg.sys -- (CapImg)
DRV - [2015/12/08 20:11:07 | 000,076,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdstor.sys -- (sdstor)
DRV - [2015/12/08 20:03:48 | 000,130,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2015/10/30 01:57:54 | 000,023,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/10/30 01:57:41 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2015/10/30 00:45:52 | 000,024,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2015/10/30 00:45:11 | 000,043,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2015/10/30 00:45:01 | 000,280,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\clfs.sys -- (CLFS)
DRV - [2015/10/30 00:45:01 | 000,183,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ahcache.sys -- (ahcache)
DRV - [2015/10/30 00:44:58 | 000,086,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV - [2015/10/30 00:44:57 | 000,159,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2015/10/30 00:44:57 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2015/10/30 00:44:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\storqosflt.sys -- (storqosflt)
DRV - [2015/10/30 00:44:57 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmCx.sys -- (UcmCx0101)
DRV - [2015/10/30 00:44:57 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\condrv.sys -- (condrv)
DRV - [2015/10/30 00:44:57 | 000,023,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioqos.sys -- (IoQos)
DRV - [2015/10/30 00:44:52 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mmcss.sys -- (MMCSS)
DRV - [2015/10/30 00:44:48 | 000,033,112 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2015/10/30 00:44:47 | 000,200,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufx01000.sys -- (Ufx01000)
DRV - [2015/10/30 00:44:47 | 000,060,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SpbCx.sys -- (SpbCx)
DRV - [2015/10/30 00:44:47 | 000,042,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urscx01000.sys -- (UrsCx01000)
DRV - [2015/10/30 00:44:46 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2015/10/30 00:44:46 | 000,121,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx2.sys -- (SerCx2)
DRV - [2015/10/30 00:44:46 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2015/10/30 00:44:46 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx.sys -- (SerCx)
DRV - [2015/10/30 00:44:46 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2015/10/30 00:44:44 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV - [2015/10/30 00:44:43 | 000,054,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dam.sys -- (dam)
DRV - [2015/10/30 00:44:42 | 000,173,408 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\wof.sys -- (Wof)
DRV - [2015/10/30 00:44:38 | 000,497,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdiWiFi.sys -- (wdiwifi)
DRV - [2015/10/30 00:44:37 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2015/10/30 00:44:37 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Ndu.sys -- (Ndu)
DRV - [2015/10/30 00:44:37 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mslldp.sys -- (MsLldp)
DRV - [2015/10/30 00:44:36 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2015/10/30 00:44:35 | 000,246,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\WdFilter.sys -- (WdFilter)
DRV - [2015/10/30 00:44:35 | 000,098,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2015/10/30 00:44:35 | 000,037,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdBoot.sys -- (WdBoot)
DRV - [2015/10/30 00:44:33 | 000,173,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ucx01000.sys -- (Ucx01000)
DRV - [2015/10/30 00:44:33 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpiex.sys -- (acpiex)
DRV - [2015/10/30 00:44:33 | 000,083,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pdc.sys -- (pdc)
DRV - [2015/10/30 00:44:33 | 000,076,288 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\filecrypt.sys -- (FileCrypt)
DRV - [2015/10/30 00:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2015/10/30 00:44:33 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Udecx.sys -- (UdeCx)
DRV - [2015/10/30 00:44:33 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhf.sys -- (vhf)
DRV - [2015/10/30 00:44:29 | 000,036,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2015/10/30 00:44:29 | 000,025,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urschipidea.sys -- (UrsChipidea)
DRV - [2015/10/30 00:44:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2015/10/30 00:44:29 | 000,015,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV - [2015/10/30 00:44:28 | 001,038,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\adp80xx.sys -- (ADP80XX)
DRV - [2015/10/30 00:44:28 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2015/10/30 00:44:28 | 000,524,632 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2015/10/30 00:44:28 | 000,494,080 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt640x86.sys -- (rt640x86)
DRV - [2015/10/30 00:44:28 | 000,427,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spaceport.sys -- (spaceport)
DRV - [2015/10/30 00:44:28 | 000,287,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2015/10/30 00:44:28 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2015/10/30 00:44:28 | 000,172,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2015/10/30 00:44:28 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storahci.sys -- (storahci)
DRV - [2015/10/30 00:44:28 | 000,104,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV - [2015/10/30 00:44:28 | 000,088,928 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV - [2015/10/30 00:44:28 | 000,085,856 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\3ware.sys -- (3ware)
DRV - [2015/10/30 00:44:28 | 000,083,288 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV - [2015/10/30 00:44:28 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV - [2015/10/30 00:44:28 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2015/10/30 00:44:28 | 000,065,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\stornvme.sys -- (stornvme)
DRV - [2015/10/30 00:44:28 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2015/10/30 00:44:28 | 000,059,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uaspstor.sys -- (UASPStor)
DRV - [2015/10/30 00:44:28 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\mvumis.sys -- (mvumis)
DRV - [2015/10/30 00:44:28 | 000,051,552 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas3i.sys -- (percsas3i)
DRV - [2015/10/30 00:44:28 | 000,051,040 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas2i.sys -- (percsas2i)
DRV - [2015/10/30 00:44:28 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2015/10/30 00:44:28 | 000,038,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV - [2015/10/30 00:44:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV - [2015/10/30 00:44:28 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicRender.sys -- (BasicRender)
DRV - [2015/10/30 00:44:28 | 000,027,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storufs.sys -- (storufs)
DRV - [2015/10/30 00:44:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\buttonconverter.sys -- (buttonconverter)
DRV - [2015/10/30 00:44:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uefi.sys -- (UEFI)
DRV - [2015/10/30 00:44:28 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaiogpio.sys -- (GPIO)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kdnic.sys -- (kdnic)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\genericusbfn.sys -- (genericusbfn)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpitime.sys -- (acpitime)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipagr.sys -- (acpipagr)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn.sys -- (bcmfn)
DRV - [2015/10/30 00:44:26 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2015/10/30 00:44:25 | 000,552,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2015/10/30 00:44:25 | 000,101,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2015/10/30 00:44:25 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2015/10/30 00:44:25 | 000,066,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iai2c.sys -- (iai2c)
DRV - [2015/10/30 00:44:25 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2015/10/30 00:44:25 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2015/10/30 00:44:25 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\intelpep.sys -- (intelpep)
DRV - [2015/10/30 00:44:25 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2015/10/30 00:44:25 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidi2c.sys -- (hidi2c)
DRV - [2015/10/30 00:44:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2015/10/30 00:44:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_x86_dd1d60cd48926252\CompositeBus.sys -- (CompositeBus)
DRV - [2015/10/30 00:44:25 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2015/10/30 00:44:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2015/10/30 00:44:25 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2015/10/30 00:44:25 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2015/10/30 00:44:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2015/10/30 00:44:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmgencounter.sys -- (gencounter)
DRV - [2015/10/30 00:44:25 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2015/10/05 09:50:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/10/05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/08/07 05:49:26 | 000,041,584 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Thotkey.sys -- (Thotkey)
DRV - [2015/07/25 00:56:24 | 000,035,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2015/01/13 17:40:18 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015/01/13 16:20:36 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C FD 41 AD EB BF D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 7D D2 BE FC F7 74 D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/26 23:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/12/26 23:43:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2015/08/31 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2016/02/21 03:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xxgvph90.default-1456041116048\extensions
[2016/02/11 21:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2016/02/11 21:16:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016/02/26 21:46:38 | 000,000,080 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍਍⸰⸰⸰ऱ獭灳畬⹳捭晡敥挮浯਍
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [OneDrive] C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02c9c4ec-1d2f-48fe-a22b-3449fd9bbc29}: DhcpNameServer = 75.114.81.1 75.114.81.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135b02f8-71a0-4588-804e-c91f793a0a6b}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bdc5887f-4f0a-4e48-861f-68d1dede2733}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell - "" = AutoRun
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell\AutoRun\command - "" = "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/05 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\new scans
[2016/03/04 12:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2016/03/02 01:52:03 | 006,952,088 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/03/02 01:51:57 | 001,626,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
[2016/03/02 01:51:53 | 000,959,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/03/02 01:51:53 | 000,599,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/03/02 01:51:53 | 000,433,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/03/02 01:51:50 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/03/02 01:51:48 | 005,241,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/03/02 01:51:47 | 018,680,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/03/02 01:51:43 | 009,919,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/03/02 01:51:42 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentServer.dll
[2016/03/02 01:51:40 | 005,797,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2016/03/02 01:51:40 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/03/02 01:51:39 | 000,366,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/03/02 01:51:38 | 000,405,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/03/02 01:51:38 | 000,297,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/03/02 01:51:37 | 000,980,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfasfsrcsnk.dll
[2016/03/02 01:51:37 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/03/02 01:51:33 | 002,180,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcore.dll
[2016/03/02 01:51:33 | 000,713,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
[2016/03/02 01:51:32 | 002,977,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/03/02 01:51:32 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
[2016/03/02 01:51:31 | 001,707,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ActiveSyncProvider.dll
[2016/03/02 01:51:30 | 003,666,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2016/03/02 01:51:29 | 002,186,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2016/03/02 01:51:29 | 002,061,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFMediaEngine.dll
[2016/03/02 01:51:28 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UserDataService.dll
[2016/03/02 01:51:27 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
[2016/03/02 01:51:26 | 002,793,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2016/03/02 01:51:26 | 002,604,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CertEnroll.dll
[2016/03/02 01:51:25 | 001,154,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kbase.sys
[2016/03/02 01:51:24 | 004,412,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ExplorerFrame.dll
[2016/03/02 01:51:24 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.AccountsControl.dll
[2016/03/02 01:51:23 | 000,882,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmp4srcsnk.dll
[2016/03/02 01:51:23 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\deviceaccess.dll
[2016/03/02 01:51:22 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Shell.dll
[2016/03/02 01:51:22 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\modernexecserver.dll
[2016/03/02 01:51:21 | 000,722,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XblGameSave.dll
[2016/03/02 01:51:20 | 000,895,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsrcsnk.dll
[2016/03/02 01:51:20 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XblAuthManager.dll
[2016/03/02 01:51:20 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.dll
[2016/03/02 01:51:19 | 001,944,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/03/02 01:51:19 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unistore.dll
[2016/03/02 01:51:19 | 000,709,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/03/02 01:51:19 | 000,502,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupEngine.dll
[2016/03/02 01:51:19 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\QuickActionsDataModel.dll
[2016/03/02 01:51:18 | 001,105,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.Audio.dll
[2016/03/02 01:51:18 | 001,051,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.efi
[2016/03/02 01:51:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceEnroller.exe
[2016/03/02 01:51:17 | 001,174,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diagtrack.dll
[2016/03/02 01:51:17 | 000,875,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.efi
[2016/03/02 01:51:17 | 000,572,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskschd.dll
[2016/03/02 01:51:17 | 000,539,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wer.dll
[2016/03/02 01:51:17 | 000,450,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCaptureEngine.dll
[2016/03/02 01:51:16 | 000,926,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.exe
[2016/03/02 01:51:16 | 000,771,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.exe
[2016/03/02 01:51:16 | 000,754,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSyncCore.dll
[2016/03/02 01:51:15 | 001,498,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMPDMC.exe
[2016/03/02 01:51:15 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupShim.dll
[2016/03/02 01:51:15 | 000,287,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
[2016/03/02 01:51:15 | 000,153,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dumpsd.sys
[2016/03/02 01:51:14 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSync.dll
[2016/03/02 01:51:14 | 000,221,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqmapi.dll
[2016/03/02 01:51:13 | 000,639,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\generaltel.dll
[2016/03/02 01:51:13 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ngcsvc.dll
[2016/03/02 01:51:13 | 000,420,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvproc.dll
[2016/03/02 01:51:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerServer.dll
[2016/03/02 01:51:12 | 000,484,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/03/02 01:51:12 | 000,379,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmkvsrcsnk.dll
[2016/03/02 01:51:11 | 001,028,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/03/02 01:51:11 | 000,694,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uDWM.dll
[2016/03/02 01:51:10 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultsvc.dll
[2016/03/02 01:51:10 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/03/02 01:51:09 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wcmsvc.dll
[2016/03/02 01:51:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xinputhid.sys
[2016/03/02 01:51:08 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bisrv.dll
[2016/03/02 01:51:08 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MDEServer.exe
[2016/03/02 01:51:08 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xboxgip.sys
[2016/03/02 01:51:08 | 000,187,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppxAllUserStore.dll
[2016/03/02 01:51:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InstallAgent.exe
[2016/03/02 01:51:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MCRecvSrc.dll
[2016/03/02 01:51:06 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SharedStartModel.dll
[2016/03/02 01:51:06 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\configurationclient.dll
[2016/03/02 01:51:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sharemediacpl.dll
[2016/03/02 01:51:06 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiDisplay.dll
[2016/03/02 01:51:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\flvprophandler.dll
[2016/03/02 01:51:05 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SyncController.dll
[2016/03/02 01:51:05 | 000,306,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/03/02 01:51:05 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFlacDecoder.dll
[2016/03/02 01:51:04 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MBMediaManager.dll
[2016/03/02 01:51:04 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wifiprofilessettinghandler.dll
[2016/03/02 01:51:04 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
[2016/03/02 01:51:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupSvc.dll
[2016/03/02 01:51:03 | 000,856,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecConfig.efi
[2016/03/02 01:51:03 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuuhext.dll
[2016/03/02 01:51:01 | 000,354,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\halmacpi.dll
[2016/03/02 01:51:01 | 000,354,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2016/03/02 01:51:01 | 000,335,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms1.sys
[2016/03/02 01:51:01 | 000,141,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wermgr.exe
[2016/03/02 01:51:01 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceCensus.exe
[2016/03/02 01:51:00 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/03/02 01:51:00 | 000,429,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBHUB3.SYS
[2016/03/02 01:50:59 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PsmServiceExtHost.dll
[2016/03/02 01:50:59 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/03/02 01:50:59 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psmsrv.dll
[2016/03/02 01:50:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MDMAppInstaller.exe
[2016/03/02 01:50:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/03/02 01:50:58 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultcli.dll
[2016/03/02 01:50:58 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accountaccessor.dll
[2016/03/02 01:50:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
[2016/03/02 01:50:57 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/03/02 01:50:57 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\provpackageapidll.dll
[2016/03/02 01:50:56 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srpapi.dll
[2016/03/02 01:50:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ngckeyenum.dll
[2016/03/02 01:50:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininetlui.dll
[2016/03/02 01:50:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2016/03/02 01:50:54 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scapi.dll
[2016/03/02 01:50:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/03/02 01:50:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wfdprov.dll
[2016/03/02 01:50:53 | 000,394,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\werui.dll
[2016/03/02 01:50:53 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanmsm.dll
[2016/03/02 01:50:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansvcpal.dll
[2016/03/02 01:50:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansec.dll
[2016/03/02 01:50:52 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bcastdvr.exe
[2016/03/02 01:50:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InputLocaleManager.dll
[2016/03/02 01:50:52 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppCapture.dll
[2016/03/02 01:50:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerClient.dll
[2016/03/02 01:50:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiConfigSP.dll
[2016/03/02 01:50:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LaunchWinApp.exe
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Payroll 5
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mictusoft Solutions
[2016/02/27 20:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Orange County Listings
[2016/02/26 21:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/02/26 02:14:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Payment Methods
[2016/02/26 00:32:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Chacons Eviction
[2016/02/26 00:32:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Brooks Evictions
[2016/02/21 13:45:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Pressure Washer and Painting Logos
[2016/02/15 01:48:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Old Firefox Data
[2016/02/11 21:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/02/10 19:41:31 | 005,662,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Chakra.dll
[2016/02/10 19:41:22 | 004,064,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/02/10 19:41:20 | 001,824,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\combase.dll
[2016/02/10 19:41:14 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft-windows-system-events.dll
[2016/02/10 19:41:13 | 000,820,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinTypes.dll
[2016/02/10 19:41:11 | 000,279,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systemreset.exe
[2016/02/10 19:41:10 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorcl32.dll
[2016/02/10 19:41:10 | 000,081,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OpenWith.exe
[2016/02/10 19:41:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztrace_maps.dll
[2016/02/10 19:41:09 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
[2016/02/10 19:41:09 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iassam.dll
[2016/02/10 19:41:09 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlink.dll
[2016/02/10 19:41:09 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2016/02/08 20:18:38 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2016/03/05 09:23:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/03/05 09:21:13 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/05 09:19:48 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/03/05 09:19:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/03/05 09:19:06 | 2816,860,160 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/05 09:17:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/03/05 08:20:46 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2016/03/04 19:06:24 | 000,033,535 | ---- | M] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:31 | 000,249,240 | ---- | M] () -- C:\Users\User\Desktop\order.jpg
[2016/03/04 13:02:02 | 000,823,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/03/04 13:02:02 | 000,166,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/03/04 12:53:39 | 385,021,090 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2016/03/03 20:57:48 | 003,886,226 | ---- | M] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2016/03/02 14:43:23 | 000,369,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2016/03/02 14:37:43 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForUser.job
[2016/02/28 20:26:26 | 000,001,050 | ---- | M] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:17 | 000,317,340 | ---- | M] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/26 21:46:38 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2016/02/26 21:46:24 | 000,002,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/02/24 01:51:11 | 000,051,480 | ---- | M] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/23 05:37:01 | 000,875,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.efi
[2016/02/23 05:37:01 | 000,771,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.exe
[2016/02/23 05:34:42 | 005,797,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2016/02/23 05:34:38 | 001,051,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.efi
[2016/02/23 05:34:38 | 000,926,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.exe
[2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/23 05:33:01 | 000,354,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\halmacpi.dll
[2016/02/23 05:33:01 | 000,354,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2016/02/23 05:31:15 | 000,599,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/02/23 05:29:43 | 000,959,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/02/23 05:22:50 | 000,572,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskschd.dll
[2016/02/23 05:22:49 | 000,433,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/02/23 05:17:21 | 001,174,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diagtrack.dll
[2016/02/23 05:16:12 | 000,856,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SecConfig.efi
[2016/02/23 04:40:05 | 000,306,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/02/23 04:39:55 | 000,502,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupEngine.dll
[2016/02/23 04:39:26 | 000,297,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/02/23 04:38:56 | 000,709,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/02/23 04:38:54 | 002,180,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcore.dll
[2016/02/23 04:38:45 | 006,952,088 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/02/23 04:38:45 | 000,420,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvproc.dll
[2016/02/23 04:38:24 | 000,450,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCaptureEngine.dll
[2016/02/23 04:38:18 | 000,980,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfasfsrcsnk.dll
[2016/02/23 04:38:14 | 000,882,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmp4srcsnk.dll
[2016/02/23 04:38:10 | 000,895,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsrcsnk.dll
[2016/02/23 04:37:41 | 000,713,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
[2016/02/23 04:37:37 | 000,405,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/02/23 04:37:30 | 000,366,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/02/23 04:26:51 | 005,241,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/02/23 03:58:42 | 000,187,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppxAllUserStore.dll
[2016/02/23 03:56:01 | 002,186,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2016/02/23 03:55:40 | 000,221,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqmapi.dll
[2016/02/23 03:55:29 | 000,484,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/02/23 03:55:29 | 000,335,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms1.sys
[2016/02/23 03:54:10 | 000,539,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wer.dll
[2016/02/23 03:54:02 | 000,141,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wermgr.exe
[2016/02/23 03:43:21 | 000,639,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\generaltel.dll
[2016/02/23 03:38:02 | 000,287,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
[2016/02/23 03:36:09 | 000,429,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBHUB3.SYS
[2016/02/23 03:25:27 | 000,722,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XblGameSave.dll
[2016/02/23 03:25:15 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xboxgip.sys
[2016/02/23 03:22:46 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xinputhid.sys
[2016/02/23 03:21:49 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ngcsvc.dll
[2016/02/23 03:18:19 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\provpackageapidll.dll
[2016/02/23 03:16:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiConfigSP.dll
[2016/02/23 03:14:36 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LaunchWinApp.exe
[2016/02/23 03:14:06 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansvcpal.dll
[2016/02/23 03:13:41 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\flvprophandler.dll
[2016/02/23 03:07:44 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wfdprov.dll
[2016/02/23 03:07:31 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
[2016/02/23 03:06:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininetlui.dll
[2016/02/23 03:06:09 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2016/02/23 03:05:39 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InstallAgent.exe
[2016/02/23 03:01:44 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ngckeyenum.dll
[2016/02/23 03:01:36 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srpapi.dll
[2016/02/23 03:01:22 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MDMAppInstaller.exe
[2016/02/23 02:59:12 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceCensus.exe
[2016/02/23 02:57:46 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppCapture.dll
[2016/02/23 02:57:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerClient.dll
[2016/02/23 02:51:17 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/02/23 02:50:47 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\psmsrv.dll
[2016/02/23 02:50:06 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFlacDecoder.dll
[2016/02/23 02:49:21 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupSvc.dll
[2016/02/23 02:49:13 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/02/23 02:48:47 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/02/23 02:48:32 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\QuickActionsDataModel.dll
[2016/02/23 02:47:00 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiDisplay.dll
[2016/02/23 02:46:31 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wifiprofilessettinghandler.dll
[2016/02/23 02:45:46 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MBMediaManager.dll
[2016/02/23 02:45:10 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bcastdvr.exe
[2016/02/23 02:44:40 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansec.dll
[2016/02/23 02:43:24 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultsvc.dll
[2016/02/23 02:43:02 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/02/23 02:42:29 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scapi.dll
[2016/02/23 02:42:23 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/02/23 02:40:42 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MDEServer.exe
[2016/02/23 02:40:01 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
[2016/02/23 02:39:56 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultcli.dll
[2016/02/23 02:38:24 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanmsm.dll
[2016/02/23 02:38:05 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MCRecvSrc.dll
[2016/02/23 02:37:41 | 000,394,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\werui.dll
[2016/02/23 02:36:32 | 000,379,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmkvsrcsnk.dll
[2016/02/23 02:36:25 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/02/23 02:36:21 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wcmsvc.dll
[2016/02/23 02:35:10 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XblAuthManager.dll
[2016/02/23 02:34:43 | 000,447,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PsmServiceExtHost.dll
[2016/02/23 02:31:48 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.AccountsControl.dll
[2016/02/23 02:31:17 | 000,525,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\configurationclient.dll
[2016/02/23 02:31:10 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\deviceaccess.dll
[2016/02/23 02:30:29 | 000,646,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
[2016/02/23 02:29:47 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bisrv.dll
[2016/02/23 02:29:22 | 000,949,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Unistore.dll
[2016/02/23 02:29:15 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupShim.dll
[2016/02/23 02:28:15 | 000,689,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\modernexecserver.dll
[2016/02/23 02:28:13 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kbase.sys
[2016/02/23 02:28:07 | 000,739,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SharedStartModel.dll
[2016/02/23 02:26:05 | 001,498,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMPDMC.exe
[2016/02/23 02:24:42 | 000,291,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuuhext.dll
[2016/02/23 02:24:33 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.dll
[2016/02/23 02:24:27 | 001,105,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.Audio.dll
[2016/02/23 02:23:21 | 001,028,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/02/23 02:22:38 | 001,944,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/02/23 02:21:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/02/23 02:21:02 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/02/23 02:20:45 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InputLocaleManager.dll
[2016/02/23 02:20:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerServer.dll
[2016/02/23 02:19:28 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sharemediacpl.dll
[2016/02/23 02:14:02 | 000,694,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uDWM.dll
[2016/02/23 02:13:49 | 001,184,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UserDataService.dll
[2016/02/23 02:08:08 | 002,977,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/02/23 02:05:36 | 000,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSync.dll
[2016/02/23 02:00:04 | 001,524,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
[2016/02/23 01:58:41 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SyncController.dll
[2016/02/23 01:58:06 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accountaccessor.dll
[2016/02/23 01:56:41 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentServer.dll
[2016/02/23 01:56:08 | 004,412,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ExplorerFrame.dll
[2016/02/23 01:55:49 | 001,707,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ActiveSyncProvider.dll
[2016/02/23 01:51:25 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSyncCore.dll
[2016/02/23 01:50:03 | 009,919,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/02/23 01:47:05 | 001,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Shell.dll
[2016/02/23 01:36:51 | 018,680,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/02/23 01:36:28 | 003,666,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2016/02/23 01:33:20 | 002,604,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CertEnroll.dll
[2016/02/23 01:32:57 | 002,793,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2016/02/23 01:30:30 | 002,061,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFMediaEngine.dll
[2016/02/21 01:34:52 | 000,520,428 | ---- | M] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2016/02/08 23:14:46 | 000,153,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dumpsd.sys
[2016/02/08 22:23:56 | 000,464,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/02/08 22:09:47 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceEnroller.exe
[2016/02/08 22:07:16 | 001,626,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
[2016/02/04 11:27:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2016/03/04 18:47:50 | 000,033,535 | ---- | C] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:30 | 000,249,240 | ---- | C] () -- C:\Users\User\Desktop\order.jpg
[2016/03/04 13:00:06 | 004,559,583 | ---- | C] () -- C:\Users\User\Desktop\#1 Stunna.wma
[2016/03/03 20:57:36 | 003,886,226 | ---- | C] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 01:51:45 | 001,859,960 | ---- | C] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/28 20:26:26 | 000,001,050 | ---- | C] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:07 | 000,317,340 | ---- | C] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/24 01:48:58 | 000,051,480 | ---- | C] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/21 01:34:51 | 000,520,428 | ---- | C] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2016/01/27 23:22:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\MTFServer.dll
[2016/01/27 23:22:13 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\MTF.dll
[2015/12/25 01:01:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/12/25 00:33:30 | 000,000,013 | ---- | C] () -- C:\Users\User\.pluto.tv
[2015/12/13 19:22:03 | 000,000,135 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/12/08 17:46:01 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/12/08 17:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/08 17:22:41 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/08 17:20:57 | 000,369,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015/11/17 00:30:50 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2015/11/17 00:26:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\Settings.ini
[2015/10/30 00:49:53 | 000,823,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2015/10/30 00:49:53 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2015/10/30 00:49:53 | 000,166,542 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2015/10/30 00:49:53 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2015/10/30 00:48:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2015/10/30 00:48:48 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2015/10/30 00:48:48 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\AutoWorkplace.exe.config
[2015/10/30 00:45:11 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2015/10/30 00:45:11 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2015/10/30 00:45:10 | 000,164,224 | ---- | C] () -- C:\WINDOWS\System32\weretw.dll
[2015/10/30 00:45:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2015/10/30 00:45:04 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2015/10/30 00:45:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\GamePanelExternalHook.dll
[2015/10/30 00:44:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\System32\chs_singlechar_pinyin.dat
[2015/10/30 00:44:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\ism32k.dll
[2015/10/30 00:44:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\Windows.Perception.Stub.dll
[2015/10/30 00:44:52 | 004,227,116 | ---- | C] () -- C:\WINDOWS\System32\DefaultHrtfs.bin
[2015/10/30 00:44:52 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\HrtfApo.dll
[2015/10/30 00:44:52 | 000,149,044 | ---- | C] () -- C:\WINDOWS\System32\LargeRoom.bin
[2015/10/30 00:44:52 | 000,110,024 | ---- | C] () -- C:\WINDOWS\System32\MediumRoom.bin
[2015/10/30 00:44:52 | 000,069,776 | ---- | C] () -- C:\WINDOWS\System32\SmallRoom.bin
[2015/10/30 00:44:52 | 000,046,908 | ---- | C] () -- C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[2015/10/30 00:44:48 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\EditionUpgradeHelper.dll
[2015/10/30 00:44:48 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\efsext.dll
[2015/10/30 00:44:43 | 000,056,119 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2015/10/30 00:44:41 | 000,002,269 | ---- | C] () -- C:\WINDOWS\System32\WimBootCompress.ini
[2015/10/30 00:44:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2015/10/30 00:44:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2015/10/30 00:44:38 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/09/26 08:57:45 | 001,101,824 | ---- | C] () -- C:\ProgramData\TrezaaSetupx30039.msi
[2015/09/25 08:04:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\wsusnative32.exe
[2015/09/01 05:52:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015/08/30 20:03:48 | 000,007,625 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2015/01/13 16:49:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\amdverag.dll
[2015/01/13 16:22:32 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat
[2015/01/13 16:22:32 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat

========== ZeroAccess Check ==========

[2015/12/25 18:35:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/02/23 04:26:51 | 005,241,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:44:40 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2015/10/30 00:44:39 | 000,409,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

johnb35 · Mar 5, 2016

Looks like you have a hijacked hosts file. Please do the following.

Open OTL and copy and paste the following text inside the codebox into the custom scans/fixes box at the bottom and then click on run fix up top.

Code:

:OTL

O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)

:commands

[resethosts]
[emptytemp]
[reboot]

The machine will reboot then I need you to rerun the quickscan on otl and post the new log to make sure the hosts file has been fixed.

farmerjohn1324 · Mar 5, 2016

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 123591873 bytes
->Temporary Internet Files folder emptied: 182949159 bytes
->FireFox cache emptied: 333952460 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6912 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 384166537 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 977.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03052016_123740

Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Local\Temp\Microsoft.Explorer.Notification.{F3021280-8B71-AE51-7BF9-DAA692344272}.png not found!
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\WWRHV04X\unifi-ap[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\WWRHV04X\xd_arbiter[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\BVtM30trf7q_jfqYeHfjtA[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\fontawesome-webfont[1].eot moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\like[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\my-latest-malware-adware-scans[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\postmessageRelay[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\termsofuse[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWNN9SIQ\xd_arbiter[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\KT3KS9Aol4WfR6Vas8kNcg[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\like[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\TreeRemovalPermitDevelopedProperty[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\ubnt[1].eot moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\wkfQbvfT_02e2IWO3yYueQ[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\xd_arbiter[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\U49KNGV6\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Q9W8FRRB\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Q9W8FRRB\ptiiorcoco_ch15enco_artviiitrprre[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Q9W8FRRB\xd_arbiter[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\PR1JM9D1\DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\PR1JM9D1\grlryt2bdKIyfMSOhzd1eA[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\DE61KHQC\tweet_button.b212c8422d3b3079acc6183618b32f10.en[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\B2ZKAK7H\sh.7c7179124ea24ac6ba46caac[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AEP306OF\9k-RPmcnxYEPm8CNFsH2gg[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AEP306OF\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AEP306OF\EInbV5DfGHOiMmvb1Xr-hnhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AEP306OF\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

farmerjohn1324 · Mar 5, 2016

OTL logfile created on: 3/5/2016 12:54:42 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Computer Cleaning Programs
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 73.50% Memory free
7.00 Gb Paging File | 6.12 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.35 Gb Total Space | 193.16 Gb Free Space | 83.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/02/23 05:23:02 | 001,351,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
PRC - [2016/02/10 19:27:45 | 000,551,112 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/02/05 11:48:16 | 000,281,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
PRC - [2016/02/04 01:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Computer Cleaning Programs\OTL.exe
PRC - [2016/02/03 03:18:19 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2016/01/29 01:33:48 | 004,064,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/01/04 21:44:14 | 006,082,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2015/12/26 23:39:09 | 007,021,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 20:11:12 | 000,540,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontdrvhost.exe
PRC - [2015/10/30 00:44:55 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sihost.exe
PRC - [2015/10/30 00:44:46 | 000,073,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2015/10/30 00:44:45 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2015/10/30 00:44:40 | 000,071,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostw.exe
PRC - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2015/04/15 08:43:18 | 001,209,344 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2015/01/13 16:41:06 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

========== Modules (No Company Name) ==========

MOD - [2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\Windows\System32\CoreUIComponents.dll
MOD - [2016/02/23 02:48:32 | 000,316,416 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
MOD - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/01/21 22:40:51 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2016/01/16 00:09:45 | 002,656,768 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
MOD - [2016/01/16 00:06:42 | 002,366,464 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
MOD - [2016/01/04 20:23:28 | 005,340,672 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
MOD - [2016/01/04 20:19:27 | 000,471,552 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
MOD - [2015/12/26 23:39:11 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/12/26 23:39:07 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/12/26 23:39:06 | 000,469,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/12/26 23:39:02 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/12/06 23:11:10 | 000,070,656 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
MOD - [2015/05/15 15:27:10 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2015/05/15 15:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - [2016/02/23 05:17:21 | 001,174,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/02/23 03:25:27 | 000,722,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblGameSave.dll -- (XblGameSave)
SRV - [2016/02/23 03:21:49 | 000,498,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ngcsvc.dll -- (NgcSvc)
SRV - [2016/02/23 02:49:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NetSetupSvc.dll -- (NetSetupSvc)
SRV - [2016/02/23 02:48:47 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2016/02/23 02:43:24 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2016/02/23 02:43:02 | 000,411,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SmsRouterSvc.dll -- (SmsRouter)
SRV - [2016/02/23 02:42:23 | 000,238,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2016/02/23 02:36:21 | 000,484,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2016/02/23 02:35:10 | 000,538,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblAuthManager.dll -- (XblAuthManager)
SRV - [2016/02/23 02:29:47 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2016/02/23 02:29:22 | 000,949,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\Unistore.dll -- (UnistoreSvc)
SRV - [2016/02/23 02:20:22 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2016/02/23 02:13:49 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\UserDataService.dll -- (UserDataSvc)
SRV - [2016/02/23 01:56:41 | 001,887,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2016/02/10 20:17:18 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/05 11:47:38 | 000,239,880 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe -- (McComponentHostService)
SRV - [2016/01/16 00:19:43 | 001,552,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2016/01/04 20:41:02 | 000,588,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PhoneService.dll -- (PhoneSvc)
SRV - [2016/01/04 20:35:58 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\usermgr.dll -- (UserManager)
SRV - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/08 20:11:07 | 000,240,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorService.dll -- (SensorService)
SRV - [2015/12/08 20:11:07 | 000,131,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tetheringservice.dll -- (icssvc)
SRV - [2015/12/08 20:11:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\tzautoupdate.dll -- (tzautoupdate)
SRV - [2015/12/08 20:03:59 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/12/08 20:03:57 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/12/06 23:12:17 | 000,820,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV - [2015/12/06 23:00:38 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\moshost.dll -- (MapsBroker)
SRV - [2015/10/30 01:57:35 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2015/10/30 00:45:46 | 000,783,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\RDXService.dll -- (RetailDemo)
SRV - [2015/10/30 00:45:46 | 000,425,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WalletService.dll -- (WalletService)
SRV - [2015/10/30 00:45:46 | 000,387,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2015/10/30 00:45:46 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2015/10/30 00:45:15 | 000,144,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2015/10/30 00:45:13 | 001,401,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2015/10/30 00:45:11 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/30 00:45:07 | 000,900,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorDataService.exe -- (SensorDataService)
SRV - [2015/10/30 00:45:07 | 000,612,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2015/10/30 00:45:06 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/10/30 00:44:57 | 000,294,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2015/10/30 00:44:57 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpnservice.dll -- (WpnService)
SRV - [2015/10/30 00:44:55 | 000,380,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\tileobjserver.dll -- (tiledatamodelsvc)
SRV - [2015/10/30 00:44:55 | 000,221,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV - [2015/10/30 00:44:55 | 000,202,752 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV - [2015/10/30 00:44:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DevQueryBroker.dll -- (DevQueryBroker)
SRV - [2015/10/30 00:44:55 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:44:55 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\LicenseManagerSvc.dll -- (LicenseManager)
SRV - [2015/10/30 00:44:53 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:44:53 | 000,548,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:44:53 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\cdpsvc.dll -- (CDPSvc)
SRV - [2015/10/30 00:44:53 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\embeddedmodesvc.dll -- (embeddedmode)
SRV - [2015/10/30 00:44:53 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AJRouter.dll -- (AJRouter)
SRV - [2015/10/30 00:44:51 | 002,885,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2015/10/30 00:44:51 | 000,804,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dosvc.dll -- (DoSvc)
SRV - [2015/10/30 00:44:51 | 000,251,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\usocore.dll -- (UsoSvc)
SRV - [2015/10/30 00:44:49 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2015/10/30 00:44:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2015/10/30 00:44:47 | 000,510,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ClipSVC.dll -- (ClipSVC)
SRV - [2015/10/30 00:44:47 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2015/10/30 00:44:47 | 000,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2015/10/30 00:44:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV - [2015/10/30 00:44:45 | 000,355,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2015/10/30 00:44:45 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2015/10/30 00:44:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2015/10/30 00:44:43 | 000,272,896 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\APHostService.dll -- (OneSyncSvc)
SRV - [2015/10/30 00:44:43 | 000,256,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TieringEngineService.exe -- (TieringEngineService)
SRV - [2015/10/30 00:44:43 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dcpsvc.dll -- (DcpSvc)
SRV - [2015/10/30 00:44:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2015/10/30 00:44:43 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2015/10/30 00:44:42 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dssvc.dll -- (DsSvc)
SRV - [2015/10/30 00:44:40 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV - [2015/10/30 00:44:40 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:44:40 | 000,047,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dmwappushsvc.dll -- (dmwappushservice)
SRV - [2015/10/30 00:44:38 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\MessagingService.dll -- (MessagingService)
SRV - [2015/10/30 00:44:37 | 000,449,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2015/10/30 00:44:35 | 000,280,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2015/10/30 00:44:35 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2015/10/30 00:44:35 | 000,023,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvmsession)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2015/10/30 00:44:27 | 002,718,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/30 00:44:25 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\BthHFSrv.dll -- (BthHFSrv)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

========== Driver Services (SafeList) ==========

DRV - [2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2016/02/23 03:36:09 | 000,429,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2016/02/23 03:25:15 | 000,201,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xboxgip.sys -- (xboxgip)
DRV - [2016/02/23 03:22:46 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xinputhid.sys -- (xinputhid)
DRV - [2016/01/20 23:46:47 | 000,449,384 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/12/26 23:39:56 | 000,081,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/12/26 23:39:15 | 000,117,712 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/12/26 23:39:14 | 000,209,432 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/12/26 23:39:14 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/12/26 23:39:14 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/12/26 23:39:13 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/12/08 20:11:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\capimg.sys -- (CapImg)
DRV - [2015/12/08 20:11:07 | 000,076,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdstor.sys -- (sdstor)
DRV - [2015/12/08 20:03:48 | 000,130,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2015/10/30 01:57:54 | 000,023,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/10/30 01:57:41 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2015/10/30 00:45:52 | 000,024,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2015/10/30 00:45:11 | 000,043,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2015/10/30 00:45:01 | 000,280,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\clfs.sys -- (CLFS)
DRV - [2015/10/30 00:45:01 | 000,183,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ahcache.sys -- (ahcache)
DRV - [2015/10/30 00:44:58 | 000,086,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV - [2015/10/30 00:44:57 | 000,159,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2015/10/30 00:44:57 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2015/10/30 00:44:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\storqosflt.sys -- (storqosflt)
DRV - [2015/10/30 00:44:57 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmCx.sys -- (UcmCx0101)
DRV - [2015/10/30 00:44:57 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\condrv.sys -- (condrv)
DRV - [2015/10/30 00:44:57 | 000,023,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioqos.sys -- (IoQos)
DRV - [2015/10/30 00:44:52 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mmcss.sys -- (MMCSS)
DRV - [2015/10/30 00:44:48 | 000,033,112 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2015/10/30 00:44:47 | 000,200,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufx01000.sys -- (Ufx01000)
DRV - [2015/10/30 00:44:47 | 000,060,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SpbCx.sys -- (SpbCx)
DRV - [2015/10/30 00:44:47 | 000,042,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urscx01000.sys -- (UrsCx01000)
DRV - [2015/10/30 00:44:46 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2015/10/30 00:44:46 | 000,121,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx2.sys -- (SerCx2)
DRV - [2015/10/30 00:44:46 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2015/10/30 00:44:46 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx.sys -- (SerCx)
DRV - [2015/10/30 00:44:46 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2015/10/30 00:44:44 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV - [2015/10/30 00:44:43 | 000,054,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dam.sys -- (dam)
DRV - [2015/10/30 00:44:42 | 000,173,408 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\wof.sys -- (Wof)
DRV - [2015/10/30 00:44:38 | 000,497,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdiWiFi.sys -- (wdiwifi)
DRV - [2015/10/30 00:44:37 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2015/10/30 00:44:37 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Ndu.sys -- (Ndu)
DRV - [2015/10/30 00:44:37 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mslldp.sys -- (MsLldp)
DRV - [2015/10/30 00:44:36 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2015/10/30 00:44:35 | 000,246,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\WdFilter.sys -- (WdFilter)
DRV - [2015/10/30 00:44:35 | 000,098,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2015/10/30 00:44:35 | 000,037,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdBoot.sys -- (WdBoot)
DRV - [2015/10/30 00:44:33 | 000,173,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ucx01000.sys -- (Ucx01000)
DRV - [2015/10/30 00:44:33 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpiex.sys -- (acpiex)
DRV - [2015/10/30 00:44:33 | 000,083,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pdc.sys -- (pdc)
DRV - [2015/10/30 00:44:33 | 000,076,288 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\filecrypt.sys -- (FileCrypt)
DRV - [2015/10/30 00:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2015/10/30 00:44:33 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Udecx.sys -- (UdeCx)
DRV - [2015/10/30 00:44:33 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhf.sys -- (vhf)
DRV - [2015/10/30 00:44:29 | 000,036,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2015/10/30 00:44:29 | 000,025,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urschipidea.sys -- (UrsChipidea)
DRV - [2015/10/30 00:44:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2015/10/30 00:44:29 | 000,015,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV - [2015/10/30 00:44:28 | 001,038,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\adp80xx.sys -- (ADP80XX)
DRV - [2015/10/30 00:44:28 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2015/10/30 00:44:28 | 000,524,632 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2015/10/30 00:44:28 | 000,494,080 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt640x86.sys -- (rt640x86)
DRV - [2015/10/30 00:44:28 | 000,427,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spaceport.sys -- (spaceport)
DRV - [2015/10/30 00:44:28 | 000,287,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2015/10/30 00:44:28 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2015/10/30 00:44:28 | 000,172,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2015/10/30 00:44:28 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storahci.sys -- (storahci)
DRV - [2015/10/30 00:44:28 | 000,104,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV - [2015/10/30 00:44:28 | 000,088,928 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV - [2015/10/30 00:44:28 | 000,085,856 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\3ware.sys -- (3ware)
DRV - [2015/10/30 00:44:28 | 000,083,288 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV - [2015/10/30 00:44:28 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV - [2015/10/30 00:44:28 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2015/10/30 00:44:28 | 000,065,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\stornvme.sys -- (stornvme)
DRV - [2015/10/30 00:44:28 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2015/10/30 00:44:28 | 000,059,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uaspstor.sys -- (UASPStor)
DRV - [2015/10/30 00:44:28 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\mvumis.sys -- (mvumis)
DRV - [2015/10/30 00:44:28 | 000,051,552 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas3i.sys -- (percsas3i)
DRV - [2015/10/30 00:44:28 | 000,051,040 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas2i.sys -- (percsas2i)
DRV - [2015/10/30 00:44:28 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2015/10/30 00:44:28 | 000,038,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV - [2015/10/30 00:44:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV - [2015/10/30 00:44:28 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicRender.sys -- (BasicRender)
DRV - [2015/10/30 00:44:28 | 000,027,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storufs.sys -- (storufs)
DRV - [2015/10/30 00:44:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\buttonconverter.sys -- (buttonconverter)
DRV - [2015/10/30 00:44:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uefi.sys -- (UEFI)
DRV - [2015/10/30 00:44:28 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaiogpio.sys -- (GPIO)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kdnic.sys -- (kdnic)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\genericusbfn.sys -- (genericusbfn)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpitime.sys -- (acpitime)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipagr.sys -- (acpipagr)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn.sys -- (bcmfn)
DRV - [2015/10/30 00:44:26 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2015/10/30 00:44:25 | 000,552,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2015/10/30 00:44:25 | 000,101,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2015/10/30 00:44:25 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2015/10/30 00:44:25 | 000,066,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iai2c.sys -- (iai2c)
DRV - [2015/10/30 00:44:25 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2015/10/30 00:44:25 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2015/10/30 00:44:25 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\intelpep.sys -- (intelpep)
DRV - [2015/10/30 00:44:25 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2015/10/30 00:44:25 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidi2c.sys -- (hidi2c)
DRV - [2015/10/30 00:44:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2015/10/30 00:44:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_x86_dd1d60cd48926252\CompositeBus.sys -- (CompositeBus)
DRV - [2015/10/30 00:44:25 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2015/10/30 00:44:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2015/10/30 00:44:25 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2015/10/30 00:44:25 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2015/10/30 00:44:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2015/10/30 00:44:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmgencounter.sys -- (gencounter)
DRV - [2015/10/30 00:44:25 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2015/10/05 09:50:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/10/05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/08/07 05:49:26 | 000,041,584 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Thotkey.sys -- (Thotkey)
DRV - [2015/07/25 00:56:24 | 000,035,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2015/01/13 17:40:18 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015/01/13 16:20:36 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C FD 41 AD EB BF D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 7D D2 BE FC F7 74 D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/26 23:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/12/26 23:43:24 | 000,000,000 | ---D | M]

[2015/08/31 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2016/02/21 03:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xxgvph90.default-1456041116048\extensions
[2016/02/11 21:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016/03/05 12:37:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [OneDrive] C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.114.81.1 75.114.81.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02c9c4ec-1d2f-48fe-a22b-3449fd9bbc29}: DhcpNameServer = 75.114.81.1 75.114.81.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135b02f8-71a0-4588-804e-c91f793a0a6b}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bdc5887f-4f0a-4e48-861f-68d1dede2733}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell - "" = AutoRun
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell\AutoRun\command - "" = "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/05 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\new scans
[2016/03/04 12:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Payroll 5
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mictusoft Solutions
[2016/02/27 20:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Orange County Listings
[2016/02/26 21:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/02/26 02:14:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Payment Methods
[2016/02/26 00:32:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Chacons Eviction
[2016/02/26 00:32:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Brooks Evictions
[2016/02/11 21:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/02/08 20:18:38 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2016/03/05 12:53:44 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/05 12:52:14 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/03/05 12:51:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/03/05 12:51:37 | 2816,860,160 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/05 12:37:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2016/03/05 12:23:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/03/05 12:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/03/05 12:07:43 | 000,823,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/03/05 12:07:43 | 000,166,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/03/05 08:20:46 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2016/03/04 19:06:24 | 000,033,535 | ---- | M] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:31 | 000,249,240 | ---- | M] () -- C:\Users\User\Desktop\order.jpg
[2016/03/04 12:53:39 | 385,021,090 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2016/03/03 20:57:48 | 003,886,226 | ---- | M] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2016/03/02 14:43:23 | 000,369,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2016/03/02 14:37:43 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForUser.job
[2016/02/28 20:26:26 | 000,001,050 | ---- | M] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:17 | 000,317,340 | ---- | M] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/26 21:46:24 | 000,002,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/02/24 01:51:11 | 000,051,480 | ---- | M] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/21 01:34:52 | 000,520,428 | ---- | M] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

========== Files Created - No Company Name ==========

[2016/03/04 18:47:50 | 000,033,535 | ---- | C] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:30 | 000,249,240 | ---- | C] () -- C:\Users\User\Desktop\order.jpg
[2016/03/04 13:00:06 | 004,559,583 | ---- | C] () -- C:\Users\User\Desktop\#1 Stunna.wma
[2016/03/03 20:57:36 | 003,886,226 | ---- | C] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 01:51:45 | 001,859,960 | ---- | C] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/28 20:26:26 | 000,001,050 | ---- | C] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:07 | 000,317,340 | ---- | C] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/24 01:48:58 | 000,051,480 | ---- | C] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/21 01:34:51 | 000,520,428 | ---- | C] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2016/01/27 23:22:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\MTFServer.dll
[2016/01/27 23:22:13 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\MTF.dll
[2015/12/25 01:01:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/12/25 00:33:30 | 000,000,013 | ---- | C] () -- C:\Users\User\.pluto.tv
[2015/12/13 19:22:03 | 000,000,135 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/12/08 17:46:01 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/12/08 17:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/08 17:22:41 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/08 17:20:57 | 000,369,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015/11/17 00:30:50 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2015/11/17 00:26:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\Settings.ini
[2015/10/30 00:49:53 | 000,823,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2015/10/30 00:49:53 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2015/10/30 00:49:53 | 000,166,542 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2015/10/30 00:49:53 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2015/10/30 00:48:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2015/10/30 00:48:48 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2015/10/30 00:48:48 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\AutoWorkplace.exe.config
[2015/10/30 00:45:11 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2015/10/30 00:45:11 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2015/10/30 00:45:10 | 000,164,224 | ---- | C] () -- C:\WINDOWS\System32\weretw.dll
[2015/10/30 00:45:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2015/10/30 00:45:04 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2015/10/30 00:45:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\GamePanelExternalHook.dll
[2015/10/30 00:44:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\System32\chs_singlechar_pinyin.dat
[2015/10/30 00:44:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\ism32k.dll
[2015/10/30 00:44:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\Windows.Perception.Stub.dll
[2015/10/30 00:44:52 | 004,227,116 | ---- | C] () -- C:\WINDOWS\System32\DefaultHrtfs.bin
[2015/10/30 00:44:52 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\HrtfApo.dll
[2015/10/30 00:44:52 | 000,149,044 | ---- | C] () -- C:\WINDOWS\System32\LargeRoom.bin
[2015/10/30 00:44:52 | 000,110,024 | ---- | C] () -- C:\WINDOWS\System32\MediumRoom.bin
[2015/10/30 00:44:52 | 000,069,776 | ---- | C] () -- C:\WINDOWS\System32\SmallRoom.bin
[2015/10/30 00:44:52 | 000,046,908 | ---- | C] () -- C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[2015/10/30 00:44:48 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\EditionUpgradeHelper.dll
[2015/10/30 00:44:48 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\efsext.dll
[2015/10/30 00:44:43 | 000,056,119 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2015/10/30 00:44:41 | 000,002,269 | ---- | C] () -- C:\WINDOWS\System32\WimBootCompress.ini
[2015/10/30 00:44:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2015/10/30 00:44:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2015/10/30 00:44:38 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/09/26 08:57:45 | 001,101,824 | ---- | C] () -- C:\ProgramData\TrezaaSetupx30039.msi
[2015/09/25 08:04:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\wsusnative32.exe
[2015/09/01 05:52:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015/08/30 20:03:48 | 000,007,625 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2015/01/13 16:49:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\amdverag.dll
[2015/01/13 16:22:32 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat
[2015/01/13 16:22:32 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat

========== ZeroAccess Check ==========

[2015/12/25 18:35:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/02/23 04:26:51 | 005,241,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:44:40 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2015/10/30 00:44:39 | 000,409,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015/12/26 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
[2015/09/01 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Motorola
[2015/09/01 22:50:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Motorola Mobility
[2015/08/29 21:01:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice
[2015/11/01 22:02:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SmartDraw
[2015/07/16 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

farmerjohn1324 · Mar 5, 2016

Do you know how I might have gotten this infection and how I can prevent it from happening again? I have Avast running.

I know what a hosts file is. Did someone do this purposefully? And did they do it to try to do something malicious? Where do these things come from?

Is any of my personal information in danger, such as when I sign in to my online banking?

Also, what is the generic name for programs like "OTL," "JRT," "Malwarebytes," and "AdWCleaner?"

johnb35 · Mar 5, 2016

Your hosts file is now fixed. Not sure how exactly you got it, I don't use your computer. Definitely change your passwords for any online banking/credit cards.

farmerjohn1324 said:
Also, what is the generic name for programs like "OTL," "JRT," "Malwarebytes," and "AdWCleaner?"

malware removal programs.

Let me know if you still get popups.

farmerjohn1324 · Mar 5, 2016

johnb35 said:
Your hosts file is now fixed. Not sure how exactly you got it, I don't use your computer. Definitely change your passwords for any online banking/credit cards.

malware removal programs.

Let me know if you still get popups.

I will.

What browser do you use? And why?

johnb35 · Mar 6, 2016

I use firefox now. No problems with playing videos now. Assuming it was an issue with flash player/html5 player. I never used to have any issues with Pale Moon until the last year or so.

farmerjohn1324 · Mar 6, 2016

johnb35 said:
I use firefox now. No problems with playing videos now. Assuming it was an issue with flash player/html5 player. I never used to have any issues with Pale Moon until the last year or so.

I'm going to stick with Internet Explorer just to keep things simple for now. I don't see any increased operational efficiency with FireFox, Google Chrome, etc.

johnb35 · Mar 6, 2016

Internet Explorer is a malware magnet. Just to warn you.

farmerjohn1324 · Mar 6, 2016

johnb35 said:
Internet Explorer is a malware magnet. Just to warn you.

Okay then I'll get FireFox again.

Here is a symptom that persists.... I am typing in a box like I am now, and the text will just disappear. It doesn't happen on this site, but it happens on gmail.com.

I'll run all the scans again and get FireFox.

johnb35 · Mar 6, 2016

farmerjohn1324 said:
Here is a symptom that persists.... I am typing in a box like I am now, and the text will just disappear. It doesn't happen on this site, but it happens on gmail.com.

In Firefox or Internet Explorer?

farmerjohn1324 · Mar 7, 2016

johnb35 said:
In Firefox or Internet Explorer?

Both.

johnb35 · Mar 7, 2016

Can you post a video of this happening? Using a desktop or laptap? If laptop, you may be accidentally touching the touchpad and erasing the text that way.

farmerjohn1324 · Mar 7, 2016

If it happens again, I will try to.

farmerjohn1324 · Mar 7, 2016

OTL logfile created on: 3/6/2016 10:48:30 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Computer Cleaning Programs
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.05% Memory free
7.00 Gb Paging File | 4.82 Gb Available in Paging File | 68.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.35 Gb Total Space | 195.00 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.01 Gb Free Space | 94.08% Space Free | Partition Type: FAT32
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2016/03/04 09:49:54 | 000,016,896 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
PRC - [2016/02/23 05:23:02 | 001,351,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
PRC - [2016/02/10 21:52:35 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016/02/10 20:17:18 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
PRC - [2016/02/10 19:27:45 | 000,551,112 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/02/05 11:48:16 | 000,281,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
PRC - [2016/02/04 01:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Computer Cleaning Programs\OTL.exe
PRC - [2016/02/03 03:18:19 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2016/01/29 01:33:48 | 004,064,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/01/20 22:13:33 | 003,034,624 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\Calculator.exe
PRC - [2016/01/13 17:09:00 | 020,411,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2016/01/04 21:44:14 | 006,082,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2015/12/26 23:39:09 | 007,021,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 20:11:12 | 000,540,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontdrvhost.exe
PRC - [2015/10/30 00:45:06 | 001,358,688 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
PRC - [2015/10/30 00:45:04 | 000,252,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LockAppHost.exe
PRC - [2015/10/30 00:45:03 | 000,036,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ApplicationFrameHost.exe
PRC - [2015/10/30 00:44:55 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sihost.exe
PRC - [2015/10/30 00:44:46 | 000,073,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2015/10/30 00:44:45 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2015/10/30 00:44:40 | 000,071,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostw.exe
PRC - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
PRC - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2015/04/15 08:43:18 | 001,209,344 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2015/01/13 16:41:06 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
========== Modules (No Company Name) ==========
MOD - [2016/03/04 09:49:54 | 013,351,936 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
MOD - [2016/03/04 09:49:54 | 000,180,224 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
MOD - [2016/03/04 09:49:54 | 000,016,896 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
MOD - [2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\Windows\System32\CoreUIComponents.dll
MOD - [2016/02/23 02:48:32 | 000,316,416 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
MOD - [2016/02/10 20:17:17 | 017,891,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_20_0_0_306.dll
MOD - [2016/01/21 22:40:51 | 022,330,368 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2016/01/21 22:40:51 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/01/21 22:40:51 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2016/01/20 22:13:33 | 003,034,624 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\Calculator.exe
MOD - [2016/01/16 00:09:45 | 002,656,768 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
MOD - [2016/01/16 00:06:42 | 002,366,464 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
MOD - [2016/01/04 20:23:28 | 005,340,672 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
MOD - [2016/01/04 20:19:27 | 000,471,552 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
MOD - [2015/12/26 23:39:11 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/12/26 23:39:07 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/12/26 23:39:06 | 000,469,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/12/26 23:39:02 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/12/15 03:13:05 | 000,169,984 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
MOD - [2015/12/06 23:11:10 | 000,070,656 | ---- | M] () -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
MOD - [2015/10/30 00:45:06 | 001,358,688 | ---- | M] () -- C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
MOD - [2015/05/15 15:27:10 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2015/05/15 15:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - [2016/02/23 05:17:21 | 001,174,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/02/23 03:25:27 | 000,722,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblGameSave.dll -- (XblGameSave)
SRV - [2016/02/23 03:21:49 | 000,498,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ngcsvc.dll -- (NgcSvc)
SRV - [2016/02/23 02:49:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NetSetupSvc.dll -- (NetSetupSvc)
SRV - [2016/02/23 02:48:47 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2016/02/23 02:43:24 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2016/02/23 02:43:02 | 000,411,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SmsRouterSvc.dll -- (SmsRouter)
SRV - [2016/02/23 02:42:23 | 000,238,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2016/02/23 02:36:21 | 000,484,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2016/02/23 02:35:10 | 000,538,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XblAuthManager.dll -- (XblAuthManager)
SRV - [2016/02/23 02:29:47 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2016/02/23 02:29:22 | 000,949,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\Unistore.dll -- (UnistoreSvc)
SRV - [2016/02/23 02:20:22 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2016/02/23 02:13:49 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\UserDataService.dll -- (UserDataSvc)
SRV - [2016/02/23 01:56:41 | 001,887,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2016/02/10 21:53:15 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/02/10 20:17:18 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/05 11:47:38 | 000,239,880 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe -- (McComponentHostService)
SRV - [2016/01/16 00:19:43 | 001,552,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2016/01/04 20:41:02 | 000,588,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PhoneService.dll -- (PhoneSvc)
SRV - [2016/01/04 20:35:58 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\usermgr.dll -- (UserManager)
SRV - [2015/12/26 23:39:01 | 000,226,440 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/08 20:11:07 | 000,240,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorService.dll -- (SensorService)
SRV - [2015/12/08 20:11:07 | 000,131,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tetheringservice.dll -- (icssvc)
SRV - [2015/12/08 20:11:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\tzautoupdate.dll -- (tzautoupdate)
SRV - [2015/12/08 20:03:59 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/12/08 20:03:57 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/12/08 20:03:49 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2015/12/06 23:12:17 | 000,820,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV - [2015/12/06 23:00:38 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\moshost.dll -- (MapsBroker)
SRV - [2015/10/30 01:57:35 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2015/10/30 00:45:46 | 000,783,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\RDXService.dll -- (RetailDemo)
SRV - [2015/10/30 00:45:46 | 000,425,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WalletService.dll -- (WalletService)
SRV - [2015/10/30 00:45:46 | 000,387,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2015/10/30 00:45:46 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2015/10/30 00:45:15 | 000,144,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2015/10/30 00:45:13 | 001,401,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2015/10/30 00:45:11 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/30 00:45:07 | 000,900,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SensorDataService.exe -- (SensorDataService)
SRV - [2015/10/30 00:45:07 | 000,612,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2015/10/30 00:45:06 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/10/30 00:44:57 | 000,294,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2015/10/30 00:44:57 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpnservice.dll -- (WpnService)
SRV - [2015/10/30 00:44:55 | 000,380,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\tileobjserver.dll -- (tiledatamodelsvc)
SRV - [2015/10/30 00:44:55 | 000,221,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV - [2015/10/30 00:44:55 | 000,202,752 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV - [2015/10/30 00:44:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DevQueryBroker.dll -- (DevQueryBroker)
SRV - [2015/10/30 00:44:55 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 00:44:55 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\LicenseManagerSvc.dll -- (LicenseManager)
SRV - [2015/10/30 00:44:53 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 00:44:53 | 000,548,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 00:44:53 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\cdpsvc.dll -- (CDPSvc)
SRV - [2015/10/30 00:44:53 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\embeddedmodesvc.dll -- (embeddedmode)
SRV - [2015/10/30 00:44:53 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AJRouter.dll -- (AJRouter)
SRV - [2015/10/30 00:44:51 | 002,885,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2015/10/30 00:44:51 | 000,804,352 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dosvc.dll -- (DoSvc)
SRV - [2015/10/30 00:44:51 | 000,251,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\usocore.dll -- (UsoSvc)
SRV - [2015/10/30 00:44:49 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2015/10/30 00:44:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2015/10/30 00:44:47 | 000,510,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ClipSVC.dll -- (ClipSVC)
SRV - [2015/10/30 00:44:47 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2015/10/30 00:44:47 | 000,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2015/10/30 00:44:46 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV - [2015/10/30 00:44:45 | 000,355,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2015/10/30 00:44:45 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2015/10/30 00:44:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2015/10/30 00:44:43 | 000,272,896 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\APHostService.dll -- (OneSyncSvc)
SRV - [2015/10/30 00:44:43 | 000,256,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TieringEngineService.exe -- (TieringEngineService)
SRV - [2015/10/30 00:44:43 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dcpsvc.dll -- (DcpSvc)
SRV - [2015/10/30 00:44:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2015/10/30 00:44:43 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2015/10/30 00:44:42 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\dssvc.dll -- (DsSvc)
SRV - [2015/10/30 00:44:40 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV - [2015/10/30 00:44:40 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 00:44:40 | 000,047,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dmwappushsvc.dll -- (dmwappushservice)
SRV - [2015/10/30 00:44:38 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\MessagingService.dll -- (MessagingService)
SRV - [2015/10/30 00:44:37 | 000,449,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2015/10/30 00:44:35 | 000,280,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2015/10/30 00:44:35 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2015/10/30 00:44:35 | 000,023,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvmsession)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2015/10/30 00:44:33 | 000,401,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2015/10/30 00:44:27 | 002,718,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/30 00:44:25 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\BthHFSrv.dll -- (BthHFSrv)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/28 08:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/04/15 08:44:32 | 000,128,512 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2015/01/13 16:40:56 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
========== Driver Services (SafeList) ==========
DRV - [2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2016/02/23 03:36:09 | 000,429,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2016/02/23 03:25:15 | 000,201,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xboxgip.sys -- (xboxgip)
DRV - [2016/02/23 03:22:46 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xinputhid.sys -- (xinputhid)
DRV - [2016/01/20 23:46:47 | 000,449,384 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/12/26 23:39:56 | 000,081,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/12/26 23:39:15 | 000,117,712 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/12/26 23:39:14 | 000,209,432 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/12/26 23:39:14 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/12/26 23:39:14 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/12/26 23:39:13 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/12/08 20:11:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\capimg.sys -- (CapImg)
DRV - [2015/12/08 20:11:07 | 000,076,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdstor.sys -- (sdstor)
DRV - [2015/12/08 20:03:48 | 000,130,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2015/10/30 01:57:54 | 000,023,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/10/30 01:57:41 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2015/10/30 00:45:52 | 000,024,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2015/10/30 00:45:11 | 000,043,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2015/10/30 00:45:01 | 000,280,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\clfs.sys -- (CLFS)
DRV - [2015/10/30 00:45:01 | 000,183,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ahcache.sys -- (ahcache)
DRV - [2015/10/30 00:44:58 | 000,086,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV - [2015/10/30 00:44:57 | 000,159,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2015/10/30 00:44:57 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2015/10/30 00:44:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\storqosflt.sys -- (storqosflt)
DRV - [2015/10/30 00:44:57 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmCx.sys -- (UcmCx0101)
DRV - [2015/10/30 00:44:57 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\condrv.sys -- (condrv)
DRV - [2015/10/30 00:44:57 | 000,023,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioqos.sys -- (IoQos)
DRV - [2015/10/30 00:44:52 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mmcss.sys -- (MMCSS)
DRV - [2015/10/30 00:44:48 | 000,033,112 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2015/10/30 00:44:47 | 000,200,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufx01000.sys -- (Ufx01000)
DRV - [2015/10/30 00:44:47 | 000,060,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SpbCx.sys -- (SpbCx)
DRV - [2015/10/30 00:44:47 | 000,042,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urscx01000.sys -- (UrsCx01000)
DRV - [2015/10/30 00:44:46 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2015/10/30 00:44:46 | 000,121,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx2.sys -- (SerCx2)
DRV - [2015/10/30 00:44:46 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2015/10/30 00:44:46 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SerCx.sys -- (SerCx)
DRV - [2015/10/30 00:44:46 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2015/10/30 00:44:44 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV - [2015/10/30 00:44:43 | 000,054,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dam.sys -- (dam)
DRV - [2015/10/30 00:44:42 | 000,173,408 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\wof.sys -- (Wof)
DRV - [2015/10/30 00:44:38 | 000,497,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdiWiFi.sys -- (wdiwifi)
DRV - [2015/10/30 00:44:37 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2015/10/30 00:44:37 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Ndu.sys -- (Ndu)
DRV - [2015/10/30 00:44:37 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mslldp.sys -- (MsLldp)
DRV - [2015/10/30 00:44:36 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2015/10/30 00:44:35 | 000,246,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\WdFilter.sys -- (WdFilter)
DRV - [2015/10/30 00:44:35 | 000,098,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2015/10/30 00:44:35 | 000,037,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WdBoot.sys -- (WdBoot)
DRV - [2015/10/30 00:44:33 | 000,173,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ucx01000.sys -- (Ucx01000)
DRV - [2015/10/30 00:44:33 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpiex.sys -- (acpiex)
DRV - [2015/10/30 00:44:33 | 000,083,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pdc.sys -- (pdc)
DRV - [2015/10/30 00:44:33 | 000,076,288 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\filecrypt.sys -- (FileCrypt)
DRV - [2015/10/30 00:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2015/10/30 00:44:33 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Udecx.sys -- (UdeCx)
DRV - [2015/10/30 00:44:33 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhf.sys -- (vhf)
DRV - [2015/10/30 00:44:29 | 000,036,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2015/10/30 00:44:29 | 000,025,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV - [2015/10/30 00:44:29 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urschipidea.sys -- (UrsChipidea)
DRV - [2015/10/30 00:44:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2015/10/30 00:44:29 | 000,015,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV - [2015/10/30 00:44:28 | 001,038,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\adp80xx.sys -- (ADP80XX)
DRV - [2015/10/30 00:44:28 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2015/10/30 00:44:28 | 000,524,632 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2015/10/30 00:44:28 | 000,494,080 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt640x86.sys -- (rt640x86)
DRV - [2015/10/30 00:44:28 | 000,427,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spaceport.sys -- (spaceport)
DRV - [2015/10/30 00:44:28 | 000,287,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2015/10/30 00:44:28 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2015/10/30 00:44:28 | 000,172,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2015/10/30 00:44:28 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storahci.sys -- (storahci)
DRV - [2015/10/30 00:44:28 | 000,104,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV - [2015/10/30 00:44:28 | 000,088,928 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV - [2015/10/30 00:44:28 | 000,085,856 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\3ware.sys -- (3ware)
DRV - [2015/10/30 00:44:28 | 000,083,288 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV - [2015/10/30 00:44:28 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV - [2015/10/30 00:44:28 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2015/10/30 00:44:28 | 000,065,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\stornvme.sys -- (stornvme)
DRV - [2015/10/30 00:44:28 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2015/10/30 00:44:28 | 000,059,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uaspstor.sys -- (UASPStor)
DRV - [2015/10/30 00:44:28 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\mvumis.sys -- (mvumis)
DRV - [2015/10/30 00:44:28 | 000,051,552 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas3i.sys -- (percsas3i)
DRV - [2015/10/30 00:44:28 | 000,051,040 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\percsas2i.sys -- (percsas2i)
DRV - [2015/10/30 00:44:28 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2015/10/30 00:44:28 | 000,038,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV - [2015/10/30 00:44:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV - [2015/10/30 00:44:28 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BasicRender.sys -- (BasicRender)
DRV - [2015/10/30 00:44:28 | 000,027,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storufs.sys -- (storufs)
DRV - [2015/10/30 00:44:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\buttonconverter.sys -- (buttonconverter)
DRV - [2015/10/30 00:44:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uefi.sys -- (UEFI)
DRV - [2015/10/30 00:44:28 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaiogpio.sys -- (GPIO)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kdnic.sys -- (kdnic)
DRV - [2015/10/30 00:44:28 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\genericusbfn.sys -- (genericusbfn)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpitime.sys -- (acpitime)
DRV - [2015/10/30 00:44:28 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipagr.sys -- (acpipagr)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2015/10/30 00:44:28 | 000,008,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmfn.sys -- (bcmfn)
DRV - [2015/10/30 00:44:26 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2015/10/30 00:44:25 | 000,552,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2015/10/30 00:44:25 | 000,101,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2015/10/30 00:44:25 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2015/10/30 00:44:25 | 000,066,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iai2c.sys -- (iai2c)
DRV - [2015/10/30 00:44:25 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2015/10/30 00:44:25 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2015/10/30 00:44:25 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\intelpep.sys -- (intelpep)
DRV - [2015/10/30 00:44:25 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2015/10/30 00:44:25 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidi2c.sys -- (hidi2c)
DRV - [2015/10/30 00:44:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2015/10/30 00:44:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_x86_dd1d60cd48926252\CompositeBus.sys -- (CompositeBus)
DRV - [2015/10/30 00:44:25 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2015/10/30 00:44:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2015/10/30 00:44:25 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2015/10/30 00:44:25 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2015/10/30 00:44:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2015/10/30 00:44:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmgencounter.sys -- (gencounter)
DRV - [2015/10/30 00:44:25 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2015/10/05 09:50:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/10/05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/08/07 05:49:26 | 000,041,584 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Thotkey.sys -- (Thotkey)
DRV - [2015/07/25 00:56:24 | 000,035,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2015/01/13 17:40:18 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015/01/13 16:20:36 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C FD 41 AD EB BF D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 7D D2 BE FC F7 74 D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/26 23:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/12/26 23:43:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2015/08/31 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2016/02/21 03:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xxgvph90.default-1456041116048\extensions
[2016/03/06 16:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2016/03/06 16:58:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2016/03/05 12:37:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [OneDrive] C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02c9c4ec-1d2f-48fe-a22b-3449fd9bbc29}: DhcpNameServer = 75.114.81.1 75.114.81.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135b02f8-71a0-4588-804e-c91f793a0a6b}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bdc5887f-4f0a-4e48-861f-68d1dede2733}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell - "" = AutoRun
O33 - MountPoints2\{b2c72520-7bb0-11e5-bfe4-001e33f0b730}\Shell\AutoRun\command - "" = "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016/03/06 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\email pics
[2016/03/06 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2016/03/06 13:50:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\new cd burn
[2016/03/05 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\new scans
[2016/03/04 12:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2016/03/02 01:52:03 | 006,952,088 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/03/02 01:51:57 | 001,626,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
[2016/03/02 01:51:53 | 000,959,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/03/02 01:51:53 | 000,599,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/03/02 01:51:53 | 000,433,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/03/02 01:51:50 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/03/02 01:51:48 | 005,241,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/03/02 01:51:47 | 018,680,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/03/02 01:51:43 | 009,919,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/03/02 01:51:42 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentServer.dll
[2016/03/02 01:51:40 | 005,797,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2016/03/02 01:51:40 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/03/02 01:51:39 | 000,366,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/03/02 01:51:38 | 000,405,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/03/02 01:51:38 | 000,297,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/03/02 01:51:37 | 000,980,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfasfsrcsnk.dll
[2016/03/02 01:51:37 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/03/02 01:51:33 | 002,180,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcore.dll
[2016/03/02 01:51:33 | 000,713,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
[2016/03/02 01:51:32 | 002,977,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/03/02 01:51:32 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
[2016/03/02 01:51:31 | 001,707,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ActiveSyncProvider.dll
[2016/03/02 01:51:30 | 003,666,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2016/03/02 01:51:29 | 002,186,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2016/03/02 01:51:29 | 002,061,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFMediaEngine.dll
[2016/03/02 01:51:28 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UserDataService.dll
[2016/03/02 01:51:27 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
[2016/03/02 01:51:26 | 002,793,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2016/03/02 01:51:26 | 002,604,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CertEnroll.dll
[2016/03/02 01:51:25 | 001,154,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kbase.sys
[2016/03/02 01:51:24 | 004,412,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ExplorerFrame.dll
[2016/03/02 01:51:24 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.AccountsControl.dll
[2016/03/02 01:51:23 | 000,882,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmp4srcsnk.dll
[2016/03/02 01:51:23 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\deviceaccess.dll
[2016/03/02 01:51:22 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Shell.dll
[2016/03/02 01:51:22 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\modernexecserver.dll
[2016/03/02 01:51:21 | 000,722,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XblGameSave.dll
[2016/03/02 01:51:20 | 000,895,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsrcsnk.dll
[2016/03/02 01:51:20 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XblAuthManager.dll
[2016/03/02 01:51:20 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.dll
[2016/03/02 01:51:19 | 001,944,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/03/02 01:51:19 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unistore.dll
[2016/03/02 01:51:19 | 000,709,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/03/02 01:51:19 | 000,502,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupEngine.dll
[2016/03/02 01:51:19 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\QuickActionsDataModel.dll
[2016/03/02 01:51:18 | 001,105,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.Audio.dll
[2016/03/02 01:51:18 | 001,051,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.efi
[2016/03/02 01:51:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceEnroller.exe
[2016/03/02 01:51:17 | 001,174,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diagtrack.dll
[2016/03/02 01:51:17 | 000,875,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.efi
[2016/03/02 01:51:17 | 000,572,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskschd.dll
[2016/03/02 01:51:17 | 000,539,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wer.dll
[2016/03/02 01:51:17 | 000,450,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCaptureEngine.dll
[2016/03/02 01:51:16 | 000,926,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.exe
[2016/03/02 01:51:16 | 000,771,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.exe
[2016/03/02 01:51:16 | 000,754,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSyncCore.dll
[2016/03/02 01:51:15 | 001,498,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMPDMC.exe
[2016/03/02 01:51:15 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupShim.dll
[2016/03/02 01:51:15 | 000,287,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
[2016/03/02 01:51:15 | 000,153,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dumpsd.sys
[2016/03/02 01:51:14 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSync.dll
[2016/03/02 01:51:14 | 000,221,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqmapi.dll
[2016/03/02 01:51:13 | 000,639,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\generaltel.dll
[2016/03/02 01:51:13 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ngcsvc.dll
[2016/03/02 01:51:13 | 000,420,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvproc.dll
[2016/03/02 01:51:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerServer.dll
[2016/03/02 01:51:12 | 000,484,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/03/02 01:51:12 | 000,379,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmkvsrcsnk.dll
[2016/03/02 01:51:11 | 001,028,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/03/02 01:51:11 | 000,694,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uDWM.dll
[2016/03/02 01:51:10 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultsvc.dll
[2016/03/02 01:51:10 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/03/02 01:51:09 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wcmsvc.dll
[2016/03/02 01:51:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xinputhid.sys
[2016/03/02 01:51:08 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bisrv.dll
[2016/03/02 01:51:08 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MDEServer.exe
[2016/03/02 01:51:08 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xboxgip.sys
[2016/03/02 01:51:08 | 000,187,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppxAllUserStore.dll
[2016/03/02 01:51:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InstallAgent.exe
[2016/03/02 01:51:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MCRecvSrc.dll
[2016/03/02 01:51:06 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SharedStartModel.dll
[2016/03/02 01:51:06 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\configurationclient.dll
[2016/03/02 01:51:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sharemediacpl.dll
[2016/03/02 01:51:06 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiDisplay.dll
[2016/03/02 01:51:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\flvprophandler.dll
[2016/03/02 01:51:05 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SyncController.dll
[2016/03/02 01:51:05 | 000,306,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/03/02 01:51:05 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFlacDecoder.dll
[2016/03/02 01:51:04 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MBMediaManager.dll
[2016/03/02 01:51:04 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wifiprofilessettinghandler.dll
[2016/03/02 01:51:04 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
[2016/03/02 01:51:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupSvc.dll
[2016/03/02 01:51:03 | 000,856,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecConfig.efi
[2016/03/02 01:51:03 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuuhext.dll
[2016/03/02 01:51:01 | 000,354,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\halmacpi.dll
[2016/03/02 01:51:01 | 000,354,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2016/03/02 01:51:01 | 000,335,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms1.sys
[2016/03/02 01:51:01 | 000,141,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wermgr.exe
[2016/03/02 01:51:01 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceCensus.exe
[2016/03/02 01:51:00 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/03/02 01:51:00 | 000,429,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBHUB3.SYS
[2016/03/02 01:50:59 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PsmServiceExtHost.dll
[2016/03/02 01:50:59 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/03/02 01:50:59 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psmsrv.dll
[2016/03/02 01:50:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MDMAppInstaller.exe
[2016/03/02 01:50:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/03/02 01:50:58 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultcli.dll
[2016/03/02 01:50:58 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accountaccessor.dll
[2016/03/02 01:50:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
[2016/03/02 01:50:57 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/03/02 01:50:57 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\provpackageapidll.dll
[2016/03/02 01:50:56 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srpapi.dll
[2016/03/02 01:50:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ngckeyenum.dll
[2016/03/02 01:50:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininetlui.dll
[2016/03/02 01:50:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2016/03/02 01:50:54 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scapi.dll
[2016/03/02 01:50:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/03/02 01:50:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wfdprov.dll
[2016/03/02 01:50:53 | 000,394,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\werui.dll
[2016/03/02 01:50:53 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanmsm.dll
[2016/03/02 01:50:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansvcpal.dll
[2016/03/02 01:50:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansec.dll
[2016/03/02 01:50:52 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bcastdvr.exe
[2016/03/02 01:50:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\InputLocaleManager.dll
[2016/03/02 01:50:52 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AppCapture.dll
[2016/03/02 01:50:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerClient.dll
[2016/03/02 01:50:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiConfigSP.dll
[2016/03/02 01:50:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LaunchWinApp.exe
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Payroll 5
[2016/02/28 20:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mictusoft Solutions
[2016/02/27 20:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Orange County Listings
[2016/02/26 21:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/02/26 02:14:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Payment Methods
[2016/02/26 00:32:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Chacons Eviction
[2016/02/26 00:32:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Brooks Evictions
[2016/02/11 21:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/02/10 19:41:31 | 005,662,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Chakra.dll
[2016/02/10 19:41:22 | 004,064,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/02/10 19:41:20 | 001,824,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\combase.dll
[2016/02/10 19:41:14 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft-windows-system-events.dll
[2016/02/10 19:41:13 | 000,820,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinTypes.dll
[2016/02/10 19:41:11 | 000,279,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systemreset.exe
[2016/02/10 19:41:10 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorcl32.dll
[2016/02/10 19:41:10 | 000,081,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OpenWith.exe
[2016/02/10 19:41:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztrace_maps.dll
[2016/02/10 19:41:09 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
[2016/02/10 19:41:09 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iassam.dll
[2016/02/10 19:41:09 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlink.dll
[2016/02/10 19:41:09 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2016/02/08 20:18:38 | 000,000,000 | ---D | C] -- C:\_OTL
========== Files - Modified Within 30 Days ==========
[2016/03/06 22:23:01 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/03/06 22:20:43 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2016/03/06 22:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/03/06 22:14:48 | 000,192,306 | ---- | M] () -- C:\Users\User\Desktop\lambo.jpg
[2016/03/06 20:46:54 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/06 16:59:01 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/03/06 13:44:09 | 2816,860,160 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/06 07:38:57 | 000,189,344 | ---- | M] () -- C:\Users\User\Desktop\ad.jpg
[2016/03/05 21:51:02 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForUser.job
[2016/03/05 20:39:46 | 000,823,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/03/05 20:39:46 | 000,166,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/03/05 19:04:36 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/03/05 19:03:25 | 438,609,650 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2016/03/05 19:03:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/03/05 12:37:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2016/03/04 19:06:24 | 000,033,535 | ---- | M] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:31 | 000,249,240 | ---- | M] () -- C:\Users\User\Desktop\order.jpg
[2016/03/03 20:57:48 | 003,886,226 | ---- | M] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 14:52:04 | 000,812,720 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2016/03/02 14:43:23 | 000,369,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2016/02/28 20:26:26 | 000,001,050 | ---- | M] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:17 | 000,317,340 | ---- | M] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/26 21:46:24 | 000,002,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/02/24 01:51:11 | 000,051,480 | ---- | M] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/23 05:37:01 | 000,875,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.efi
[2016/02/23 05:37:01 | 000,771,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winresume.exe
[2016/02/23 05:34:42 | 005,797,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2016/02/23 05:34:38 | 001,051,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.efi
[2016/02/23 05:34:38 | 000,926,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winload.exe
[2016/02/23 05:34:27 | 001,859,960 | ---- | M] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/23 05:33:01 | 000,354,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\halmacpi.dll
[2016/02/23 05:33:01 | 000,354,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2016/02/23 05:31:15 | 000,599,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\invagent.dll
[2016/02/23 05:29:43 | 000,959,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\aeinv.dll
[2016/02/23 05:22:50 | 000,572,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskschd.dll
[2016/02/23 05:22:49 | 000,433,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\devinv.dll
[2016/02/23 05:17:21 | 001,174,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diagtrack.dll
[2016/02/23 05:16:12 | 000,856,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SecConfig.efi
[2016/02/23 04:40:05 | 000,306,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/02/23 04:39:55 | 000,502,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupEngine.dll
[2016/02/23 04:39:26 | 000,297,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiodg.exe
[2016/02/23 04:38:56 | 000,709,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsvr.dll
[2016/02/23 04:38:54 | 002,180,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcore.dll
[2016/02/23 04:38:45 | 006,952,088 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
[2016/02/23 04:38:45 | 000,420,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvproc.dll
[2016/02/23 04:38:24 | 000,450,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCaptureEngine.dll
[2016/02/23 04:38:18 | 000,980,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfasfsrcsnk.dll
[2016/02/23 04:38:14 | 000,882,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmp4srcsnk.dll
[2016/02/23 04:38:10 | 000,895,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfsrcsnk.dll
[2016/02/23 04:37:41 | 000,713,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
[2016/02/23 04:37:37 | 000,405,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioSes.dll
[2016/02/23 04:37:30 | 000,366,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AUDIOKSE.dll
[2016/02/23 04:26:51 | 005,241,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windows.storage.dll
[2016/02/23 03:58:42 | 000,187,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppxAllUserStore.dll
[2016/02/23 03:56:01 | 002,186,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2016/02/23 03:55:40 | 000,221,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqmapi.dll
[2016/02/23 03:55:29 | 000,484,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms2.sys
[2016/02/23 03:55:29 | 000,335,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms1.sys
[2016/02/23 03:54:10 | 000,539,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wer.dll
[2016/02/23 03:54:02 | 000,141,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wermgr.exe
[2016/02/23 03:43:21 | 000,639,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\generaltel.dll
[2016/02/23 03:38:02 | 000,287,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
[2016/02/23 03:36:09 | 000,429,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBHUB3.SYS
[2016/02/23 03:25:27 | 000,722,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XblGameSave.dll
[2016/02/23 03:25:15 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xboxgip.sys
[2016/02/23 03:22:46 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xinputhid.sys
[2016/02/23 03:21:49 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ngcsvc.dll
[2016/02/23 03:18:19 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\provpackageapidll.dll
[2016/02/23 03:16:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiConfigSP.dll
[2016/02/23 03:14:36 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LaunchWinApp.exe
[2016/02/23 03:14:06 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansvcpal.dll
[2016/02/23 03:13:41 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\flvprophandler.dll
[2016/02/23 03:07:44 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wfdprov.dll
[2016/02/23 03:07:31 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
[2016/02/23 03:06:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininetlui.dll
[2016/02/23 03:06:09 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2016/02/23 03:05:39 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InstallAgent.exe
[2016/02/23 03:01:44 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ngckeyenum.dll
[2016/02/23 03:01:36 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srpapi.dll
[2016/02/23 03:01:22 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MDMAppInstaller.exe
[2016/02/23 02:59:12 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceCensus.exe
[2016/02/23 02:57:46 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppCapture.dll
[2016/02/23 02:57:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerClient.dll
[2016/02/23 02:51:17 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSRouter.dll
[2016/02/23 02:50:47 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\psmsrv.dll
[2016/02/23 02:50:06 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFlacDecoder.dll
[2016/02/23 02:49:21 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupSvc.dll
[2016/02/23 02:49:13 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DisplayManager.dll
[2016/02/23 02:48:47 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\StorSvc.dll
[2016/02/23 02:48:32 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\QuickActionsDataModel.dll
[2016/02/23 02:47:00 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WiFiDisplay.dll
[2016/02/23 02:46:31 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wifiprofilessettinghandler.dll
[2016/02/23 02:45:46 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MBMediaManager.dll
[2016/02/23 02:45:10 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bcastdvr.exe
[2016/02/23 02:44:40 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlansec.dll
[2016/02/23 02:43:24 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultsvc.dll
[2016/02/23 02:43:02 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SmsRouterSvc.dll
[2016/02/23 02:42:29 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scapi.dll
[2016/02/23 02:42:23 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[2016/02/23 02:40:42 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MDEServer.exe
[2016/02/23 02:40:01 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
[2016/02/23 02:39:56 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vaultcli.dll
[2016/02/23 02:38:24 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanmsm.dll
[2016/02/23 02:38:05 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MCRecvSrc.dll
[2016/02/23 02:37:41 | 000,394,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\werui.dll
[2016/02/23 02:36:32 | 000,379,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfmkvsrcsnk.dll
[2016/02/23 02:36:25 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/02/23 02:36:21 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wcmsvc.dll
[2016/02/23 02:35:10 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XblAuthManager.dll
[2016/02/23 02:34:43 | 000,447,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PsmServiceExtHost.dll
[2016/02/23 02:31:48 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.AccountsControl.dll
[2016/02/23 02:31:17 | 000,525,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\configurationclient.dll
[2016/02/23 02:31:10 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\deviceaccess.dll
[2016/02/23 02:30:29 | 000,646,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
[2016/02/23 02:29:47 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bisrv.dll
[2016/02/23 02:29:22 | 000,949,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Unistore.dll
[2016/02/23 02:29:15 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NetSetupShim.dll
[2016/02/23 02:28:15 | 000,689,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\modernexecserver.dll
[2016/02/23 02:28:13 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kbase.sys
[2016/02/23 02:28:07 | 000,739,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SharedStartModel.dll
[2016/02/23 02:26:05 | 001,498,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMPDMC.exe
[2016/02/23 02:24:42 | 000,291,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuuhext.dll
[2016/02/23 02:24:33 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.dll
[2016/02/23 02:24:27 | 001,105,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.Audio.dll
[2016/02/23 02:23:21 | 001,028,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wifinetworkmanager.dll
[2016/02/23 02:22:38 | 001,944,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InputService.dll
[2016/02/23 02:21:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TextInputFramework.dll
[2016/02/23 02:21:02 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
[2016/02/23 02:20:45 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\InputLocaleManager.dll
[2016/02/23 02:20:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TimeBrokerServer.dll
[2016/02/23 02:19:28 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sharemediacpl.dll
[2016/02/23 02:14:02 | 000,694,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uDWM.dll
[2016/02/23 02:13:49 | 001,184,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UserDataService.dll
[2016/02/23 02:08:08 | 002,977,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32kfull.sys
[2016/02/23 02:05:36 | 000,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSync.dll
[2016/02/23 02:00:04 | 001,524,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
[2016/02/23 01:58:41 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SyncController.dll
[2016/02/23 01:58:06 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accountaccessor.dll
[2016/02/23 01:56:41 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\AppXDeploymentServer.dll
[2016/02/23 01:56:08 | 004,412,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ExplorerFrame.dll
[2016/02/23 01:55:49 | 001,707,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ActiveSyncProvider.dll
[2016/02/23 01:51:25 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SettingSyncCore.dll
[2016/02/23 01:50:03 | 009,919,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2016/02/23 01:47:05 | 001,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.UI.Shell.dll
[2016/02/23 01:36:51 | 018,680,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\edgehtml.dll
[2016/02/23 01:36:28 | 003,666,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2016/02/23 01:33:20 | 002,604,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CertEnroll.dll
[2016/02/23 01:32:57 | 002,793,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2016/02/23 01:30:30 | 002,061,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFMediaEngine.dll
[2016/02/21 01:34:52 | 000,520,428 | ---- | M] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2016/02/08 23:14:46 | 000,153,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dumpsd.sys
[2016/02/08 22:23:56 | 000,464,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\enterprisecsps.dll
[2016/02/08 22:09:47 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DeviceEnroller.exe
[2016/02/08 22:07:16 | 001,626,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmcore.dll
========== Files Created - No Company Name ==========
[2016/03/06 22:14:47 | 000,192,306 | ---- | C] () -- C:\Users\User\Desktop\lambo.jpg
[2016/03/06 16:59:01 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2016/03/06 16:59:01 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/03/06 07:38:56 | 000,189,344 | ---- | C] () -- C:\Users\User\Desktop\ad.jpg
[2016/03/04 18:47:50 | 000,033,535 | ---- | C] () -- C:\Users\User\Desktop\park dimensions.jpg
[2016/03/04 13:10:30 | 000,249,240 | ---- | C] () -- C:\Users\User\Desktop\order.jpg
[2016/03/04 13:00:06 | 004,559,583 | ---- | C] () -- C:\Users\User\Desktop\#1 Stunna.wma
[2016/03/03 20:57:36 | 003,886,226 | ---- | C] () -- C:\Users\User\Desktop\fountain.jpg
[2016/03/02 01:51:45 | 001,859,960 | ---- | C] () -- C:\WINDOWS\System32\CoreUIComponents.dll
[2016/02/28 20:26:26 | 000,001,050 | ---- | C] () -- C:\Users\User\Desktop\Payroll 5.lnk
[2016/02/28 20:23:07 | 000,317,340 | ---- | C] () -- C:\Users\User\Desktop\Payroll5.zip
[2016/02/24 01:48:58 | 000,051,480 | ---- | C] () -- C:\Users\User\Desktop\paint.jpg
[2016/02/21 01:34:51 | 000,520,428 | ---- | C] () -- C:\Users\User\Desktop\sheriff.jpg
[2016/02/17 12:54:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2016/01/27 23:22:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\MTFServer.dll
[2016/01/27 23:22:13 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\MTF.dll
[2015/12/25 01:01:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/12/25 00:33:30 | 000,000,013 | ---- | C] () -- C:\Users\User\.pluto.tv
[2015/12/13 19:22:03 | 000,000,135 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/12/08 17:46:01 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/12/08 17:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015/12/08 17:22:41 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/12/08 17:20:57 | 000,369,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015/11/17 00:30:50 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2015/11/17 00:26:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\Settings.ini
[2015/10/30 00:49:53 | 000,823,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2015/10/30 00:49:53 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2015/10/30 00:49:53 | 000,166,542 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2015/10/30 00:49:53 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2015/10/30 00:48:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2015/10/30 00:48:48 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2015/10/30 00:48:48 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\AutoWorkplace.exe.config
[2015/10/30 00:45:11 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2015/10/30 00:45:11 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2015/10/30 00:45:10 | 000,164,224 | ---- | C] () -- C:\WINDOWS\System32\weretw.dll
[2015/10/30 00:45:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2015/10/30 00:45:04 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2015/10/30 00:45:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\GamePanelExternalHook.dll
[2015/10/30 00:44:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\System32\chs_singlechar_pinyin.dat
[2015/10/30 00:44:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\ism32k.dll
[2015/10/30 00:44:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\Windows.Perception.Stub.dll
[2015/10/30 00:44:52 | 004,227,116 | ---- | C] () -- C:\WINDOWS\System32\DefaultHrtfs.bin
[2015/10/30 00:44:52 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\HrtfApo.dll
[2015/10/30 00:44:52 | 000,149,044 | ---- | C] () -- C:\WINDOWS\System32\LargeRoom.bin
[2015/10/30 00:44:52 | 000,110,024 | ---- | C] () -- C:\WINDOWS\System32\MediumRoom.bin
[2015/10/30 00:44:52 | 000,069,776 | ---- | C] () -- C:\WINDOWS\System32\SmallRoom.bin
[2015/10/30 00:44:52 | 000,046,908 | ---- | C] () -- C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[2015/10/30 00:44:48 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\EditionUpgradeHelper.dll
[2015/10/30 00:44:48 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\efsext.dll
[2015/10/30 00:44:43 | 000,056,119 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2015/10/30 00:44:41 | 000,002,269 | ---- | C] () -- C:\WINDOWS\System32\WimBootCompress.ini
[2015/10/30 00:44:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2015/10/30 00:44:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2015/10/30 00:44:38 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/09/26 08:57:45 | 001,101,824 | ---- | C] () -- C:\ProgramData\TrezaaSetupx30039.msi
[2015/09/25 08:04:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\wsusnative32.exe
[2015/09/01 05:52:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015/08/30 20:03:48 | 000,007,625 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2015/01/13 16:49:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\amdverag.dll
[2015/01/13 16:22:32 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat
[2015/01/13 16:22:32 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat
========== ZeroAccess Check ==========
[2015/12/25 18:35:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/02/23 04:26:51 | 005,241,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 00:44:40 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2015/10/30 00:44:39 | 000,409,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

My latest malware, adware scans...

Member

Member

Member

Member

Member

Administrator

Member

Member

Member

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Member