Possible virus/spyware/malware problem

lubo4444 · Apr 4, 2016

For some reason my internet Activity "sent" and "received" bytes is getting really high without even touching the laptop. I'm not sure if that is a virus/spyware/malware. I did all of the scans from the "--- please read before requesting malware removal help --- post:

1. Adwcleaner found some problems that i cleaned with the program.
2. Junkware removal tool found some problems as well i think and it removed them from what i saw.

My problem with the above two programs is that by mistake i deleted their logs to post on here and now when i try to scan with them again, they dont find anything. Basically they say that my laptop is clean. If there is a way to restore those logs, i'll gladly restore them if some steps are given for that.

3. Malwarebytes Anti-Malware did not find anything.

4. OTL Log:

OTL logfile created on: 4/4/2016 3:20:47 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lyubomir\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.89 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 48.82% Memory free
4.58 Gb Paging File | 2.26 Gb Available in Paging File | 49.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 672.64 Gb Total Space | 324.95 Gb Free Space | 48.31% Space Free | Partition Type: NTFS
Computer Name: LUBO | User Name: Lyubomir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Lyubomir\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\GlassWire\GWIdlMon.exe (SecureMix LLC)
PRC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (SecureMix LLC)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
PRC - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
PRC - C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics CO., LTD.)
PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Samsung Electronics CO., LTD.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\91fd47f23f5fd66ac60406506c0aecf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\a77b133fa0a8dd35c849c7b32cde009f\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\6e5368fe9d3a03444541fea01317c1df\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\59ce4a8772aa06b37c1775f7da2985c2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\3d85036eb044de5b881a58146ffd191b\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\173f95a05f37d0e4ad3fa0991d1f9216\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\84717dbdbd5b20d074c7b41f9cea945e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\35849a60913000fe067eb742f5cabec9\mscorlib.ni.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (USER_ESRV_SVC_WILLAMETTE) -- C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe ()
SRV:64bit: - (ESRV_SVC_WILLAMETTE) -- C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe ()
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SynTPEnhService) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_4e825) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_4e825) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_4e825) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_4e825) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_4e825) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GlassWire) -- C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (SecureMix LLC)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)
SRV - (SystemUsageReportSvc_WILLAMETTE) -- C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe ()
SRV - (SWUpdateService) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung Electronics Co., Ltd.)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Garmin Device Interaction Service) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Garmin Ltd. or its subsidiaries)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Settings Launcher) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Samsung Electronics CO., LTD.)
SRV - (ibtsiva.exe) -- C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (semav6msr64) -- C:\Windows\SysNative\drivers\semav6msr64.sys ()
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (USBPcap) -- C:\Windows\SysNative\drivers\USBPcap.sys (USBPcap)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies, Inc.)
DRV:64bit: - (ZAM_Guard) -- C:\Windows\SysNative\drivers\zamguard64.sys (Zemana Ltd.)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\drivers\BthA2DP.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (DFX12) -- C:\Windows\SysNative\drivers\dfx12x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew01.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\ibtfltcoex.sys (Intel Corporation)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (gwdrv) -- C:\Windows\SysNative\drivers\gwdrv.sys (SecureMix LLC)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RadioHIDMini) -- C:\Windows\SysNative\drivers\RadioHIDMini.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SRS_SSCFilter) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys ()
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{29F18086-4A14-4962-8722-6E21C9C98366}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{29F18086-4A14-4962-8722-6E21C9C98366}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = CA 78 30 22 FF 5C D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 48 00 00 00 66 61 43 7A F9 E6 19 EB 2A 44 50 67 FC B3 25 71 69 A0 8F AA CA B6 18 8E B7 6F 56 57 21 9B 45 2F 80 DE 6F 65 D6 8B CD 7B B6 C8 D7 3F 06 25 69 C5 25 28 DC 8F FD 50 19 F3 59 48 23 60 00 C5 43 1A 4B 72 6C FD 50 C4 C0 AD 02 00 00 00 10 00 00 00 58 6F 61 25 32 62 51 55 4E 33 48 55 34 25 33 64 [Binary data over 200 bytes]
IE - HKCU\..\SearchScopes,DefaultScope = {29F18086-4A14-4962-8722-6E21C9C98366}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{29F18086-4A14-4962-8722-6E21C9C98366}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.highlightCount: 4
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.71.2: C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2: C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Lyubomir\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/03/19 16:33:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/03/19 16:33:20 | 000,000,000 | ---D | M]
[2014/01/15 11:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyubomir\AppData\Roaming\mozilla\Extensions
[2016/02/23 21:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyubomir\AppData\Roaming\mozilla\Firefox\Profiles\rdm9em7v.default\extensions
[2015/05/30 02:42:41 | 000,151,374 | ---- | M] () (No name found) -- C:\Users\Lyubomir\AppData\Roaming\mozilla\firefox\profiles\rdm9em7v.default\extensions\[email protected]
[2016/02/23 21:53:01 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Lyubomir\AppData\Roaming\mozilla\firefox\profiles\rdm9em7v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/03/29 05:46:43 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\Lyubomir\AppData\Roaming\mozilla\firefox\profiles\rdm9em7v.default\features\{3af45a19-bca0-4b4b-b679-df957a540f50}\[email protected]
[2016/04/02 01:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/18 16:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun File not found
O4 - HKLM..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe ()
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" File not found
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKCU..\Run: [GlassWire] C:\Program Files (x86)\GlassWire\glasswire.exe (SecureMix LLC)
O4 - HKCU..\Run: [OneDrive] C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [uTorrent] C:\Users\Lyubomir\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lyubomir\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" File not found
O4 - Startup: C:\Users\Lyubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\WINDOWS\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\WINDOWS\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c43845b8-1c95-4624-b518-4162383d4412}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dc6e8e2b-1bd6-11e5-bfc0-c48508ccc4e0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc6e8e2b-1bd6-11e5-bfc0-c48508ccc4e0}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016/04/04 02:45:11 | 001,610,352 | ---- | C] (Malwarebytes) -- C:\Users\Lyubomir\Desktop\JRT.exe
[2016/04/04 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Lyubomir\AppData\Local\GlassWire
[2016/04/04 01:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
[2016/04/04 01:03:27 | 000,033,152 | ---- | C] (SecureMix LLC) -- C:\WINDOWS\SysNative\drivers\gwdrv.sys
[2016/04/04 01:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\GlassWire
[2016/04/04 01:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlassWire
[2016/04/03 00:41:20 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\Intel_OpenCL_ICD64.dll
[2016/04/03 00:41:20 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\Intel_OpenCL_ICD32.dll
[2016/04/03 00:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IntelDLM
[2016/04/03 00:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
[2016/04/03 00:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Driver Update Utility
[2016/04/02 01:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2016/04/02 01:48:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2016/04/02 01:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2016/03/31 09:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lyubomir\AppData\Roaming\Wireshark
[2016/03/31 08:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\USBPcap
[2016/03/31 08:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2016/03/31 08:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2016/03/31 08:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2016/03/19 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/03/16 09:21:48 | 000,000,000 | ---D | C] -- C:\Users\Lyubomir\Cisco Packet Tracer 6.3
[2016/03/15 21:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
[2016/03/15 21:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 6.3
[2013/05/01 00:21:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2016/04/04 03:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/04/04 02:51:00 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/04 02:45:59 | 001,610,352 | ---- | M] (Malwarebytes) -- C:\Users\Lyubomir\Desktop\JRT.exe
[2016/04/04 02:40:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Xerox PhotoCafe Communicator.job
[2016/04/04 02:16:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/04/04 02:13:59 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/04/04 02:13:57 | 1670,823,936 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/04 01:03:39 | 000,001,994 | ---- | M] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\GlassWire 1.2.lnk
[2016/04/04 01:03:39 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\GlassWire.lnk
[2016/04/03 17:32:08 | 000,000,574 | ---- | M] () -- C:\Users\Lyubomir\.packettracer
[2016/04/03 00:50:44 | 000,016,586 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2016/04/03 00:48:46 | 000,000,451 | ---- | M] () -- C:\WINDOWS\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2016/04/03 00:44:45 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
[2016/04/03 00:33:01 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.4.lnk
[2016/04/02 23:47:59 | 000,007,602 | ---- | M] () -- C:\Users\Lyubomir\AppData\Local\Resmon.ResmonCfg
[2016/04/02 01:48:30 | 000,002,640 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2016/04/01 23:21:03 | 000,195,696 | ---- | M] () -- C:\Users\Lyubomir\Desktop\Capture.JPG
[2016/03/31 09:50:54 | 000,008,192 | ---- | M] () -- C:\WINDOWS\SysWow64\WDPABKP.dat
[2016/03/31 08:23:33 | 000,001,839 | ---- | M] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2016/03/31 08:23:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2016/03/31 08:21:32 | 000,001,587 | ---- | M] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark Legacy.lnk
[2016/03/31 08:21:32 | 000,001,563 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark Legacy.lnk
[2016/03/30 21:25:03 | 000,881,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/03/30 21:25:03 | 000,745,616 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/03/30 21:25:03 | 000,139,704 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/03/21 23:45:51 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/03/20 14:05:43 | 000,057,881 | ---- | M] () -- C:\Users\Lyubomir\Desktop\The.5th.Wave.2016.HDRip.XviD.AC3-EVO.srt
[2016/03/15 21:23:33 | 000,001,302 | ---- | M] () -- C:\Users\Lyubomir\Desktop\Cisco Packet Tracer.lnk
[2016/03/10 19:58:48 | 000,341,488 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/03/10 14:09:10 | 000,065,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2016/03/10 14:08:58 | 000,140,672 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2016/03/09 20:43:14 | 000,021,984 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\semav6msr64.sys
[2016/03/05 20:45:36 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Update.lnk
[2016/03/05 20:44:32 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Online Support(S Service).lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2016/04/04 01:03:39 | 000,001,994 | ---- | C] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\GlassWire 1.2.lnk
[2016/04/04 01:03:39 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\GlassWire.lnk
[2016/04/04 01:03:27 | 000,008,392 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\gwdrv.cat
[2016/04/04 01:03:27 | 000,003,102 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\gwdrv.inf
[2016/04/03 00:41:28 | 000,190,868 | ---- | C] () -- C:\WINDOWS\SysNative\resTHA.cui
[2016/04/03 00:41:28 | 000,183,476 | ---- | C] () -- C:\WINDOWS\SysNative\resELL.cui
[2016/04/03 00:41:28 | 000,179,252 | ---- | C] () -- C:\WINDOWS\SysNative\resRUS.cui
[2016/04/03 00:41:28 | 000,164,932 | ---- | C] () -- C:\WINDOWS\SysNative\resARA.cui
[2016/04/03 00:41:28 | 000,164,404 | ---- | C] () -- C:\WINDOWS\SysNative\resJPN.cui
[2016/04/03 00:41:28 | 000,164,356 | ---- | C] () -- C:\WINDOWS\SysNative\resHEB.cui
[2016/04/03 00:41:28 | 000,159,732 | ---- | C] () -- C:\WINDOWS\SysNative\resHUN.cui
[2016/04/03 00:41:28 | 000,159,716 | ---- | C] () -- C:\WINDOWS\SysNative\resFRA.cui
[2016/04/03 00:41:28 | 000,158,004 | ---- | C] () -- C:\WINDOWS\SysNative\resKOR.cui
[2016/04/03 00:41:28 | 000,157,892 | ---- | C] () -- C:\WINDOWS\SysNative\resDEU.cui
[2016/04/03 00:41:28 | 000,157,860 | ---- | C] () -- C:\WINDOWS\SysNative\resITA.cui
[2016/04/03 00:41:28 | 000,157,668 | ---- | C] () -- C:\WINDOWS\SysNative\resROM.cui
[2016/04/03 00:41:28 | 000,157,572 | ---- | C] () -- C:\WINDOWS\SysNative\resESN.cui
[2016/04/03 00:41:28 | 000,157,140 | ---- | C] () -- C:\WINDOWS\SysNative\resPLK.cui
[2016/04/03 00:41:28 | 000,157,012 | ---- | C] () -- C:\WINDOWS\SysNative\resSKY.cui
[2016/04/03 00:41:28 | 000,156,836 | ---- | C] () -- C:\WINDOWS\SysNative\resNLD.cui
[2016/04/03 00:41:28 | 000,156,228 | ---- | C] () -- C:\WINDOWS\SysNative\resPTB.cui
[2016/04/03 00:41:28 | 000,156,132 | ---- | C] () -- C:\WINDOWS\SysNative\resCSY.cui
[2016/04/03 00:41:28 | 000,156,116 | ---- | C] () -- C:\WINDOWS\SysNative\resTRK.cui
[2016/04/03 00:41:28 | 000,155,940 | ---- | C] () -- C:\WINDOWS\SysNative\resPTG.cui
[2016/04/03 00:41:28 | 000,155,460 | ---- | C] () -- C:\WINDOWS\SysNative\resFIN.cui
[2016/04/03 00:41:28 | 000,155,060 | ---- | C] () -- C:\WINDOWS\SysNative\resHRV.cui
[2016/04/03 00:41:28 | 000,154,628 | ---- | C] () -- C:\WINDOWS\SysNative\resSVE.cui
[2016/04/03 00:41:28 | 000,154,484 | ---- | C] () -- C:\WINDOWS\SysNative\resSLV.cui
[2016/04/03 00:41:28 | 000,153,508 | ---- | C] () -- C:\WINDOWS\SysNative\resNOR.cui
[2016/04/03 00:41:28 | 000,153,028 | ---- | C] () -- C:\WINDOWS\SysNative\resDAN.cui
[2016/04/03 00:41:28 | 000,151,684 | ---- | C] () -- C:\WINDOWS\SysNative\resENU.cui
[2016/04/03 00:41:28 | 000,149,924 | ---- | C] () -- C:\WINDOWS\SysNative\resCHT.cui
[2016/04/03 00:41:28 | 000,149,060 | ---- | C] () -- C:\WINDOWS\SysNative\resCHS.cui
[2016/04/03 00:41:17 | 000,002,582 | ---- | C] () -- C:\WINDOWS\SysNative\iglhxs64.vp
[2016/04/03 00:41:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxEMLibv2_0.dll
[2016/04/03 00:41:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxEMLib.dll
[2016/04/03 00:41:16 | 000,005,120 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxLHMLibv2_0.dll
[2016/04/03 00:41:16 | 000,005,120 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxLHMLib.dll
[2016/04/03 00:41:15 | 000,086,528 | ---- | C] () -- C:\WINDOWS\SysNative\igfxCUIServicePS.dll
[2016/04/03 00:41:15 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxDHLibv2_0.dll
[2016/04/03 00:41:15 | 000,059,904 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxDHLib.dll
[2016/04/03 00:41:15 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxDILibv2_0.dll
[2016/04/03 00:41:15 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\SysNative\igfxDILib.dll
[2016/04/03 00:41:14 | 000,255,488 | ---- | C] () -- C:\WINDOWS\SysNative\igfxCPL.cpl
[2016/04/03 00:41:10 | 000,221,184 | ---- | C] () -- C:\WINDOWS\SysNative\igdde64.dll
[2016/04/03 00:41:10 | 000,182,784 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2016/04/03 00:41:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysNative\igdail64.dll
[2016/04/03 00:41:09 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2016/04/03 00:41:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SysNative\IccLibDll_x64.dll
[2016/04/03 00:33:01 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.4.lnk
[2016/04/03 00:32:53 | 000,021,984 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\semav6msr64.sys
[2016/04/02 01:48:30 | 000,002,640 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2016/04/01 23:21:03 | 000,195,696 | ---- | C] () -- C:\Users\Lyubomir\Desktop\Capture.JPG
[2016/03/31 10:01:48 | 000,007,602 | ---- | C] () -- C:\Users\Lyubomir\AppData\Local\Resmon.ResmonCfg
[2016/03/31 08:23:33 | 000,001,839 | ---- | C] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2016/03/31 08:23:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2016/03/31 08:23:32 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2016/03/31 08:21:32 | 000,001,587 | ---- | C] () -- C:\Users\Lyubomir\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark Legacy.lnk
[2016/03/31 08:21:32 | 000,001,575 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
[2016/03/31 08:21:32 | 000,001,563 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark Legacy.lnk
[2016/03/27 06:26:07 | 000,057,881 | ---- | C] () -- C:\Users\Lyubomir\Desktop\The.5th.Wave.2016.HDRip.XviD.AC3-EVO.srt
[2016/03/15 21:23:33 | 000,001,302 | ---- | C] () -- C:\Users\Lyubomir\Desktop\Cisco Packet Tracer.lnk
[2016/03/06 23:15:39 | 000,064,310 | ---- | C] () -- C:\Users\Lyubomir\Desktop\whinv.srt
[2016/03/05 19:23:32 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update.lnk
[2016/03/01 23:05:02 | 001,859,960 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/01/28 22:01:15 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/11/16 12:44:32 | 000,000,258 | RHS- | C] () -- C:\Users\Lyubomir\ntuser.pol
[2015/11/16 11:55:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/11/16 11:51:09 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/10/30 03:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/10/30 03:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/10/30 03:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/10/30 03:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/10/30 03:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/10/30 03:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015/10/30 03:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 03:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/10/30 03:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/10/30 03:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/10/30 03:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 03:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 03:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 03:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/06/17 13:33:03 | 000,610,304 | ---- | C] () -- C:\WINDOWS\SysWow64\dfxg115.dll
[2015/03/26 13:02:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\WDPABKP.dat
[2015/01/18 12:51:19 | 000,000,574 | ---- | C] () -- C:\Users\Lyubomir\.packettracer
[2014/09/16 01:25:10 | 000,898,352 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/05/01 00:21:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013/04/30 22:33:53 | 000,002,783 | ---- | C] () -- C:\Users\Lyubomir\AppData\Roaming\AbsoluteReminder.xml
========== ZeroAccess Check ==========
[2016/02/02 22:20:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/02/24 04:46:25 | 006,607,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/02/24 04:06:39 | 005,242,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 03:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 03:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 03:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/01/09 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\BSplayer Pro
[2013/08/21 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Canon
[2014/05/18 07:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\DAEMON Tools Lite
[2015/10/18 18:19:14 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Garmin
[2015/12/02 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Oracle
[2013/09/08 16:10:04 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Photodex
[2016/03/05 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Samsung
[2013/04/30 22:34:40 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Synaptics
[2016/04/03 05:20:54 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\uTorrent
[2013/08/19 13:07:04 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Video DVD Maker FREE
[2013/05/23 12:07:18 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\WebApp
[2016/03/31 09:02:58 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Wireshark
[2013/08/18 13:54:46 | 000,000,000 | ---D | M] -- C:\Users\Lyubomir\AppData\Roaming\Wondershare
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 237 bytes -> C:\Users\Lyubomir\OneDrive:ms-properties

< End of report >

johnb35 · Apr 4, 2016

If I'm seeing that right, you are running the original version of windows 8 which isn't supported anymore. You should have updated to 8.1.

The Adwcleaner log is stored under C:\Program Files (x86)/AdwCleaner and JRT logs are stored on the desktop once completed.

lubo4444 · Apr 4, 2016

Hey John,

I bought the laptop with Windows 8. I did update it to 8.1 and up to 10. I'm running Windows 10 at the moment. I never had to reinstall the operating system so far.

I did find the AdwCleaner log in the folder mentioned above and i'll post it below. However, the JRT log i did delete it by mistake from my desktop. If its stored somewhere else, i'll be glad to show it to you. This is the AdwCleaner log below:

# AdwCleaner v5.108 - Logfile created 03/04/2016 at 18:52:57
# Updated 30/03/2016 by Xplode
# Database : 2016-04-03.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Lyubomir - LUBO
# Running from : C:\Users\Lyubomir\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKCU\Software\Conduit
[-] Value Deleted : HKU\S-1-5-21-3214703091-3445229301-533389535-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]
[-] Value Deleted : HKU\S-1-5-21-3214703091-3445229301-533389535-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1128 bytes] - [03/04/2016 18:52:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1012 bytes] - [24/09/2015 18:01:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [686 bytes] - [24/09/2015 18:11:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [1036 bytes] - [04/10/2015 22:12:54]
C:\AdwCleaner\AdwCleaner[C5].txt - [686 bytes] - [04/10/2015 22:42:42]
C:\AdwCleaner\AdwCleaner[C6].txt - [1497 bytes] - [19/10/2015 19:02:24]
C:\AdwCleaner\AdwCleaner[C7].txt - [686 bytes] - [19/10/2015 19:18:24]
C:\AdwCleaner\AdwCleaner[C8].txt - [1453 bytes] - [17/11/2015 02:53:49]
C:\AdwCleaner\AdwCleaner[C9].txt - [782 bytes] - [24/11/2015 17:55:11]
C:\AdwCleaner\AdwCleaner[R0].txt - [2853 bytes] - [20/03/2015 19:58:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [2727 bytes] - [20/03/2015 20:10:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [2551 bytes] - [03/04/2016 18:50:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [914 bytes] - [24/09/2015 17:52:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [622 bytes] - [24/09/2015 18:10:42]
C:\AdwCleaner\AdwCleaner[S4].txt - [938 bytes] - [04/10/2015 22:05:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [622 bytes] - [04/10/2015 22:36:28]
C:\AdwCleaner\AdwCleaner[S6].txt - [1369 bytes] - [19/10/2015 19:00:28]
C:\AdwCleaner\AdwCleaner[S7].txt - [622 bytes] - [19/10/2015 19:16:37]
C:\AdwCleaner\AdwCleaner[S8].txt - [1313 bytes] - [17/11/2015 02:52:12]
C:\AdwCleaner\AdwCleaner[S9].txt - [684 bytes] - [24/11/2015 17:53:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2578 bytes] ##########

johnb35 · Apr 4, 2016

For some reason OTL is reporting the wrong version of windows. It's saying you are running original version of 8. Don't see anything that would cause data to be sent/received in the adwcleaner log.

It could have been windows 10 downloading updates. Have you opened task manager to see if any process was running high or possibly high disk usage?

lubo4444 · Apr 4, 2016

I'm running Windows 10 at this moment. Probably OTL reported it wrong for some reason.

Windows 10 is not downloading any updates from what i'm looking at because i checked if any updates are available and none are. Nothing really is running high in task manager and my disk usage is low as well.

johnb35 · Apr 4, 2016

lubo4444 said:
I'm running Windows 10 at this moment. Probably OTL reported it wrong for some reason.

Windows 10 is not downloading any updates from what i'm looking at because i checked if any updates are available and none are. Nothing really is running high in task manager and my disk usage is low as well.

How much data is being transferred? Is it receiving or transmitting?

lubo4444 · Apr 6, 2016

Hey John,

Sorry for the late reply, didnt have internet in the past few days. The internet provider had some issues and so far everything seems to work fine so far. I'm not sure what was wrong with the internet though. I'll keep an eye on the internet connection to see how it works. Just to ask, did my logs show any sign of any virus/spyware/malware? Thank you!

johnb35 · Apr 6, 2016

Nothing that I saw.

Agent Smith · Apr 6, 2016

In the future try this utility. http://www.nirsoft.net/utils/cports.html

lubo4444 · Apr 6, 2016

Thank you John!

I'll give it a try Agent Smith. Thank you!

Possible virus/spyware/malware problem

lubo4444

Active Member

johnb35

Administrator

lubo4444

Active Member

johnb35

Administrator

lubo4444

Active Member

johnb35

Administrator

lubo4444

Active Member

johnb35

Administrator

Agent Smith

Well-Known Member

lubo4444

Active Member