Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

url mal


  • This topic is locked This topic is locked
2 replies to this topic

#1 toxicfilter

toxicfilter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 09 September 2015 - 10:42 AM

avast web shield has blocked a harmful webpage or file.
 
 object http:// bleepbleep7557.redirectme.net;81/is-ready
infection url:mal
process c:\windows\system32\wscript.exe
 
the process has recently changed from c:\windows\system32\svchost.exe
 
I have tried to copy and paste the results of the otl scan but every time that I do I have to start this post all over so I made a text document instead. If anyone can help me I would really appreciate it. this is a non stop annoyance every time I access the internet
 
 
 
 
 
 
 
 
 
OTL logfile created on: 9/9/2015 9:40:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\david\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 51.21% Memory free
4.58 Gb Paging File | 2.67 Gb Available in Paging File | 58.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.21 Gb Total Space | 33.05 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive D: | 21.05 Gb Total Space | 2.09 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: TOXIC | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2015/09/09 09:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\david\Downloads\OTL.exe
PRC - [2015/09/02 20:09:32 | 006,111,824 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/09/02 20:08:52 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/09/02 20:08:40 | 000,109,008 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2015/08/24 18:57:02 | 001,815,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2015/08/24 18:54:32 | 002,953,936 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2015/08/24 18:53:24 | 000,847,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2015/08/24 18:51:12 | 000,830,160 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\hydra.exe
PRC - [2015/08/20 20:07:23 | 000,294,616 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
PRC - [2015/08/20 20:07:14 | 001,393,880 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
PRC - [2015/06/29 16:53:30 | 000,602,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/01/01 13:05:22 | 000,347,200 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/09/27 14:43:28 | 000,094,720 | ---- | M] (Softex Inc.) -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
PRC - [2014/03/07 03:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/09/02 20:08:56 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/09/02 20:08:54 | 000,102,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/09/02 20:08:52 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/08/24 18:45:00 | 000,261,328 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/09/02 20:08:52 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/09/02 20:08:40 | 000,109,008 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2015/08/20 20:07:23 | 000,294,616 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/18 01:55:01 | 002,178,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/12 23:22:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/08/11 04:21:13 | 000,148,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/08/11 04:07:52 | 000,593,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/08/11 04:05:10 | 000,996,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/08/02 20:24:19 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/07/31 00:22:48 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/07/31 00:22:41 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/07/31 00:22:41 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/07/31 00:22:41 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/07/31 00:22:40 | 000,808,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/07/31 00:22:40 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/07/31 00:15:08 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2015/07/30 22:35:28 | 000,246,472 | ---- | M] (Synaptics Incorporated) [Auto | Running] -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe -- (SynTPEnhService)
SRV:64bit: - [2015/07/30 22:31:57 | 000,328,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2015/07/29 22:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 22:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/29 22:38:27 | 001,420,288 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/07/10 06:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 06:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 06:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 06:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 06:00:38 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/07/10 06:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 06:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 06:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 06:00:09 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/07/10 06:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,289,280 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/07/10 06:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 06:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 06:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 06:00:07 | 002,674,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/07/10 06:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 06:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,512,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 06:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 06:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 06:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 06:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 06:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 06:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 06:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 06:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 06:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 06:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 06:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 06:00:00 | 000,717,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/07/10 06:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 05:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 05:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 05:59:58 | 000,143,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session2)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session2)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session2)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session2)
SRV:64bit: - [2015/07/10 05:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 05:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 05:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 05:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 05:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 05:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 05:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/07/10 05:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 05:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 05:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 05:59:50 | 000,379,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/07/10 05:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 05:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 05:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 05:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 05:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/09/27 14:43:28 | 000,094,720 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/07/01 22:08:48 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/01 22:08:32 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel®
SRV - [2015/08/24 19:04:00 | 000,096,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2015/08/24 18:57:02 | 001,815,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2015/08/24 18:53:24 | 000,847,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2015/07/31 00:22:41 | 000,925,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/07/31 00:22:40 | 000,510,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/07/31 00:15:14 | 000,504,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/07/31 00:15:06 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/07/31 00:15:03 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2015/07/30 22:31:58 | 000,290,224 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2015/07/22 17:19:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2015/07/10 06:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 06:00:29 | 002,049,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/07/10 06:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 06:00:23 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/06/29 16:53:30 | 000,602,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/05/19 17:22:06 | 000,099,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2015/01/01 13:05:23 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2015/01/01 13:05:22 | 000,347,200 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/09/09 09:26:35 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/09/02 20:09:29 | 001,048,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/09/02 20:08:57 | 000,447,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/09/02 20:08:57 | 000,274,808 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/09/02 20:08:57 | 000,150,672 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/09/02 20:08:57 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/09/02 20:08:57 | 000,090,968 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/09/02 20:08:57 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/09/02 20:08:57 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/09/02 20:08:45 | 000,028,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/09/02 20:08:40 | 000,454,016 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2015/08/23 21:16:54 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2015/08/20 20:15:40 | 000,886,528 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/08/20 19:54:45 | 000,301,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 22:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 21:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 21:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 21:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/08/02 21:17:45 | 000,516,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/07/31 00:22:41 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/07/31 00:22:41 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/07/31 00:22:40 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/07/31 00:22:40 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/07/30 22:35:28 | 000,614,088 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2015/07/30 22:35:26 | 000,042,696 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2015/07/30 22:31:56 | 003,797,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2015/07/29 22:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 08:14:40 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 08:14:34 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 06:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 06:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 06:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 06:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 06:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 06:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 06:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 06:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 06:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 06:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 06:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 06:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 06:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 06:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 06:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 05:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 05:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 05:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 05:59:56 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/07/10 05:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 05:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 05:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 05:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 05:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 05:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 05:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 05:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 05:59:48 | 000,098,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/07/10 05:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 05:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 05:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 05:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 05:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 05:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 05:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 05:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 05:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 05:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 05:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 05:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 05:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 05:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 05:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 05:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 05:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 05:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 05:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 05:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 05:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 05:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 05:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 05:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 05:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 05:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 05:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 05:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 05:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 05:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 05:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 05:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 05:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 05:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 05:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 05:59:38 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/07/10 05:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 05:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 05:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 05:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 05:59:38 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 05:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 05:59:36 | 003,453,144 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2015/07/10 05:59:36 | 000,276,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 05:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 05:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 05:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 05:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 05:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 05:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 05:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 05:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 05:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 05:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 05:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 05:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/06/26 15:46:16 | 000,050,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2015/06/26 15:46:16 | 000,039,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2015/06/23 21:24:48 | 000,030,384 | ---- | M] (HP Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver64)
DRV:64bit: - [2015/06/23 21:24:48 | 000,030,384 | ---- | M] (HP Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2015/06/18 08:42:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/06/03 18:04:48 | 000,042,088 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2015/06/03 18:02:50 | 000,044,648 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2015/01/23 09:04:58 | 000,871,640 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/01/27 22:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014/01/17 06:16:06 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/01/15 16:21:46 | 000,088,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:64bit: - [2013/11/12 15:25:22 | 000,091,912 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/10/10 11:44:38 | 000,029,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MBI.sys -- (MBI)
DRV:64bit: - [2013/08/16 13:22:16 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/26 16:10:50 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/05/01 23:23:50 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/09 04:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2015/07/10 05:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 05:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV - [2013/09/12 05:17:00 | 002,945,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rtwlane.sys -- (RTWlanE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{78388BA2-BDB6-41B3-AD1F-601C995FDB1F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{78388BA2-BDB6-41B3-AD1F-601C995FDB1F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstat [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\..\SearchScopes\{78388BA2-BDB6-41B3-AD1F-601C995FDB1F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1954243-2982785932-3877453406-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\firefox@bho.com: C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015/01/23 09:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/09/02 20:09:02 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2015/09/09 09:33:27 | 000,002,112 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                   anchorfree.net
O1 - Hosts: 127.0.0.1                   rss2search.com
O1 - Hosts: 127.0.0.1                   techbrowsing.com
O1 - Hosts: 127.0.0.1                   box.anchorfree.net
O1 - Hosts: 127.0.0.1                   www.mefeedia.com
O1 - Hosts: 127.0.0.3                   www.anchorfree.net
O1 - Hosts: 127.0.0.2                   www.mefeedia.com
O1 - Hosts: 127.0.0.1                   anchorfree.us
O1 - Hosts: 127.0.0.1                   a433.com
O1 - Hosts: 127.0.0.3                   anchorfree.net
O1 - Hosts: 127.0.0.1                   rpt.anchorfree.net
O1 - Hosts: 127.0.0.1                   delivery.anchorfree.us/land.php
O1 - Hosts: 127.0.0.1                   hsselite.com
O1 - Hosts: 127.0.0.1                   www.hsselite.com
O1 - Hosts: 127.0.0.1                   anchorfree.net
O1 - Hosts: 127.0.0.1                   rss2search.com
O1 - Hosts: 127.0.0.1                   techbrowsing.com
O1 - Hosts: 127.0.0.1                   box.anchorfree.net
O1 - Hosts: 127.0.0.1                   www.mefeedia.com
O1 - Hosts: 127.0.0.3                   www.anchorfree.net
O1 - Hosts: 127.0.0.2                   www.mefeedia.com
O1 - Hosts: 127.0.0.1                   anchorfree.us
O1 - Hosts: 127.0.0.1                   a433.com
O1 - Hosts: 127.0.0.3                   anchorfree.net
O1 - Hosts: 127.0.0.1                   rpt.anchorfree.net
O1 - Hosts: 3 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1954243-2982785932-3877453406-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1954243-2982785932-3877453406-1001..\Run: [csrss] wscript.exe //B "C:\Users\david\AppData\Local\Temp\csrss.vbs" File not found
O4 - HKU\S-1-5-21-1954243-2982785932-3877453406-1001..\Run: [uTorrent] C:\Users\david\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1d83ec3b-da85-4b69-b4f2-a3ee683d7a70}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c126814c-ba87-4036-baf4-e7eba16f009b}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BE2B3E-0FBD-43A5-9CFA-8DE985CE3EF8}: DhcpNameServer = 74.120.223.113 74.120.223.115
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{540b5844-407a-11e5-82a8-3863bb95c65a}\Shell - "" = AutoRun
O33 - MountPoints2\{540b5844-407a-11e5-82a8-3863bb95c65a}\Shell\AutoRun\command - "" = "F:\VerizonSWUpgradeAssistantLauncher.exe"
O33 - MountPoints2\{a1ef21de-2834-11e5-827f-3863bb95c65a}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ef21de-2834-11e5-827f-3863bb95c65a}\Shell\AutoRun\command - "" = "F:\VerizonSWUpgradeAssistantLauncher.exe"
O33 - MountPoints2\{b6d8cff6-23c1-11e5-827a-3863bb95c65a}\Shell - "" = AutoRun
O33 - MountPoints2\{b6d8cff6-23c1-11e5-827a-3863bb95c65a}\Shell\AutoRun\command - "" = "F:\VZW_Software_upgrade_assistant.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/09/09 09:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2015/09/09 09:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2015/09/09 09:18:46 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Hotspot Shield
[2015/09/09 09:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2015/09/05 08:46:23 | 021,875,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/09/05 08:46:13 | 018,806,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/09/05 08:46:01 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll
[2015/09/05 08:46:01 | 001,396,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2015/09/05 08:45:57 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2015/09/05 08:45:53 | 000,963,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2015/09/05 08:45:53 | 000,859,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll
[2015/09/05 08:45:51 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2015/09/05 08:45:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2015/09/05 08:45:50 | 008,019,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/09/05 08:45:48 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2015/09/05 08:45:47 | 000,609,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2015/09/05 08:45:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll
[2015/09/05 08:45:46 | 000,373,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2015/09/05 08:45:46 | 000,077,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/09/05 08:45:45 | 001,061,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2015/09/05 08:45:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll
[2015/09/05 08:45:44 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2015/09/05 08:45:43 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll
[2015/09/05 08:45:43 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/09/05 08:45:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnNetsh.dll
[2015/09/05 08:45:39 | 001,234,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2015/09/05 08:45:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll
[2015/09/05 08:45:36 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseModernAppMgmtCSP.dll
[2015/09/05 08:45:35 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll
[2015/09/05 08:45:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll
[2015/09/05 08:45:35 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WcnApi.dll
[2015/09/05 08:45:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll
[2015/09/05 08:45:34 | 002,178,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/09/05 08:45:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWCN.dll
[2015/09/05 08:45:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWCN.dll
[2015/09/05 08:45:33 | 001,795,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/09/05 08:45:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
[2015/09/05 08:45:32 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultsvc.dll
[2015/09/05 08:45:32 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll
[2015/09/04 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\downloaded programs
[2015/09/04 08:35:06 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/09/04 08:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/09/04 08:33:09 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/09/04 08:33:09 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/09/04 08:33:09 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/04 08:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/09/03 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/03 18:23:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/09/03 18:23:51 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\MFAData
[2015/09/03 18:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/09/03 18:23:51 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\Avg2015
[2015/09/02 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\AVAST Software
[2015/09/02 20:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/09/02 20:09:06 | 001,048,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2015/09/02 20:09:06 | 000,447,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2015/09/02 20:09:06 | 000,274,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2015/09/02 20:09:06 | 000,150,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2015/09/02 20:09:06 | 000,093,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2015/09/02 20:09:06 | 000,090,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2015/09/02 20:09:06 | 000,065,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2015/09/02 20:09:06 | 000,028,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2015/09/02 20:09:06 | 000,028,144 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswKbd.sys
[2015/09/02 20:09:04 | 000,378,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/09/02 20:08:54 | 000,043,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/09/02 20:08:40 | 000,454,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswNdisFlt.sys
[2015/09/02 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/09/02 19:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/09/02 19:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/09/02 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\CrashRpt
[2015/09/01 06:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2015/08/23 21:16:54 | 000,206,080 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudmdm.sys
[2015/08/20 21:02:40 | 016,706,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2015/08/20 21:02:31 | 013,024,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2015/08/20 21:02:26 | 003,527,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2015/08/20 21:02:25 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/08/20 21:02:25 | 002,558,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2015/08/20 21:02:24 | 002,416,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2015/08/20 21:02:23 | 007,523,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/08/20 21:02:22 | 004,048,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/08/20 21:02:22 | 002,093,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2015/08/20 21:02:22 | 001,643,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/08/20 21:02:21 | 002,151,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2015/08/20 21:02:21 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2015/08/20 21:02:19 | 001,916,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2015/08/20 21:02:19 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2015/08/20 21:02:18 | 002,748,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2015/08/20 21:02:18 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2015/08/20 21:02:17 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2015/08/20 21:02:16 | 005,454,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/08/20 21:02:16 | 000,292,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe
[2015/08/20 21:02:15 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/08/20 21:02:15 | 001,334,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2015/08/20 21:02:15 | 000,243,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe
[2015/08/20 21:02:14 | 000,918,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2015/08/20 21:02:14 | 000,893,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll
[2015/08/20 21:02:14 | 000,554,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\directmanipulation.dll
[2015/08/20 21:02:13 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2015/08/20 21:02:13 | 000,593,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll
[2015/08/20 21:02:13 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApi.dll
[2015/08/20 21:02:13 | 000,454,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\directmanipulation.dll
[2015/08/20 21:02:12 | 001,087,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2015/08/20 21:02:12 | 000,993,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2015/08/20 21:02:12 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Notifications.dll
[2015/08/20 21:02:12 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationPermissions.dll
[2015/08/20 21:02:11 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
[2015/08/20 21:02:11 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApi.dll
[2015/08/20 21:02:11 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2015/08/20 21:02:11 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2015/08/20 21:02:11 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll
[2015/08/20 21:02:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringservice.dll
[2015/08/20 21:02:11 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeParserTask.exe
[2015/08/20 21:02:11 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys
[2015/08/20 21:02:10 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationGeofences.dll
[2015/08/20 21:02:10 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2015/08/20 21:02:09 | 000,845,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2015/08/20 21:02:09 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdbui.dll
[2015/08/20 21:02:08 | 002,462,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2015/08/20 21:02:08 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll
[2015/08/20 21:02:08 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2015/08/20 21:02:08 | 000,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2015/08/20 21:02:08 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\syncutil.dll
[2015/08/20 21:02:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll
[2015/08/20 21:02:07 | 000,442,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2015/08/20 21:02:07 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
[2015/08/20 21:02:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll
[2015/08/20 21:02:06 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2015/08/20 21:02:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2015/08/20 21:02:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFrameworkInternalPS.dll
[2015/08/20 21:02:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringclient.dll
[2015/08/20 21:02:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tetheringclient.dll
[2015/08/20 21:02:05 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2015/08/20 21:02:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2015/08/20 21:02:03 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GamePanel.exe
[2015/08/20 21:02:03 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/08/20 21:02:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/08/20 21:02:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2015/08/20 20:16:05 | 000,886,528 | ---- | C] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\rt640x64.sys
[2015/08/20 20:16:05 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2015/08/20 20:12:00 | 001,413,776 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRRPTR64.dll
[2015/08/20 20:12:00 | 000,454,288 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRAPO64.dll
[2015/08/20 20:12:00 | 000,369,296 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM64.dll
[2015/08/20 20:12:00 | 000,329,360 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM.dll
[2015/08/20 20:11:59 | 000,734,376 | ---- | C] (DTS, Inc.) -- C:\WINDOWS\SysNative\sltech64.dll
[2015/08/20 20:11:59 | 000,250,536 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\SysNative\slprp64.dll
[2015/08/20 20:11:58 | 001,104,040 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slcnt64.dll
[2015/08/20 20:11:57 | 000,943,784 | ---- | C] (DTS, Inc.) -- C:\WINDOWS\SysNative\sl3apo64.dll
[2015/08/20 20:11:54 | 002,918,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2015/08/20 20:11:54 | 002,702,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2015/08/20 20:11:50 | 000,631,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
[2015/08/20 20:11:49 | 001,310,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2015/08/20 20:11:45 | 002,930,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RltkAPO64.dll
[2015/08/20 20:11:41 | 072,113,152 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2015/08/20 20:11:41 | 001,749,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2015/08/20 20:09:36 | 001,576,976 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\SysNative\CX64APO.dll
[2015/08/20 20:09:32 | 000,560,328 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2015/08/20 19:55:54 | 000,752,856 | ---- | C] (Realsil Semiconductor Corporation) -- C:\WINDOWS\SysNative\drivers\RtsPer.sys
[2015/08/20 19:55:54 | 000,402,136 | ---- | C] (Realsil Semiconductor Corporation) -- C:\WINDOWS\SysNative\drivers\RtsUer.sys
[2015/08/20 19:55:54 | 000,365,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsPStor.sys
[2015/08/20 19:55:53 | 000,313,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsBaStor.sys
[2015/08/20 19:55:53 | 000,301,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsP2Stor.sys
[2015/08/20 19:55:52 | 000,083,160 | ---- | C] (Realtek Semiconductor.) -- C:\WINDOWS\SysNative\RtCRX64.dll
[2015/08/20 19:55:51 | 009,890,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\RsCRIcon.dll
[2015/08/20 19:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win7codecs
[2015/08/20 18:53:18 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\Aiseesoft Studio
[2015/08/20 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\david\Documents\Aiseesoft Studio
[2015/08/20 18:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2015/08/14 14:56:16 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\carbon
[2015/08/14 14:17:19 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2015/08/14 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2015/08/14 13:58:29 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\my phone
[2015/08/13 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\rhonda
[2015/08/13 11:57:32 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudbus.sys
[2015/08/13 11:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2015/08/13 11:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2015/08/13 11:39:22 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\oneClickRoot
[2015/08/13 11:39:21 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\AWSToolkit
[2015/08/13 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AppName
[2015/08/12 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\Kingosoft
[2015/08/11 19:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2015/08/11 19:26:28 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2015/08/11 18:15:42 | 008,613,200 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2015/08/11 18:15:42 | 006,878,256 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2015/08/11 18:15:16 | 003,780,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2015/08/11 18:15:08 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll
[2015/08/11 18:15:07 | 002,415,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015/08/11 18:15:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2015/08/11 18:15:06 | 001,601,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2015/08/11 18:15:06 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2015/08/11 18:15:05 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2015/08/11 18:15:05 | 000,583,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll
[2015/08/11 18:15:03 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2015/08/11 18:15:02 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2015/08/11 18:15:02 | 000,783,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2015/08/11 18:15:02 | 000,644,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2015/08/11 18:15:02 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2015/08/11 18:15:01 | 000,365,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/08/11 18:15:01 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2015/08/11 18:15:00 | 000,801,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2015/08/11 18:15:00 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActionCenter.dll
[2015/08/11 18:14:59 | 000,505,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2015/08/11 18:14:59 | 000,303,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/08/11 18:14:58 | 000,700,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2015/08/11 18:14:58 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdiWiFi.sys
[2015/08/11 18:14:58 | 000,608,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2015/08/11 18:14:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SubscriptionMgr.dll
[2015/08/11 18:14:58 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkStatus.dll
[2015/08/11 18:14:57 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenter.dll
[2015/08/11 18:14:57 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinBioDataModel.dll
[2015/08/11 18:14:56 | 001,274,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wifinetworkmanager.dll
[2015/08/11 18:14:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctfuimanager.dll
[2015/08/11 18:14:53 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationObjFactory.dll
[2015/08/11 18:14:53 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NotificationObjFactory.dll
[2015/08/11 18:14:52 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msctfuimanager.dll
[2015/08/11 18:14:52 | 000,516,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/08/11 18:14:51 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.Desktop.dll
[2015/08/11 18:14:51 | 000,539,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2015/08/11 18:14:50 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\configmanager2.dll
[2015/08/11 18:14:50 | 000,200,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2015/08/11 18:14:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VPNv2CSP.dll
[2015/08/11 18:14:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2015/08/11 18:14:48 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/08/11 18:14:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\coredpus.dll
[2015/08/11 18:14:43 | 000,052,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wpcfltr.sys
[2015/08/11 18:14:42 | 000,046,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys
[2015/08/11 18:14:41 | 000,594,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2015/08/11 18:14:36 | 000,243,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2015/08/11 18:14:35 | 000,393,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2015/08/11 18:14:27 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2015/08/11 18:14:26 | 000,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2015/08/11 18:14:26 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModelShim.dll
[2015/08/11 18:14:24 | 001,290,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2015/08/11 18:14:24 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2015/08/11 18:14:23 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tileobjserver.dll
[2015/08/11 18:14:22 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
[2015/08/11 18:14:21 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEEventDispatcher.dll
[2015/08/11 18:14:21 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_UserAccount.dll
[2015/08/11 18:14:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
[2015/08/11 18:14:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEDataLayerHelpers.dll
[2014/07/10 01:16:28 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2015/09/09 09:44:25 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\TOXIC_david_HistoryPrediction.bin
[2015/09/09 09:32:43 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2015/09/09 09:26:35 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/09/09 09:24:20 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/09/09 09:24:11 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/09 09:22:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/09/09 09:22:16 | 608,641,478 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2015/09/09 09:22:16 | 1672,249,344 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/09 08:59:11 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/04 08:34:47 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/04 07:38:56 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/02 20:10:16 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2015/09/02 20:10:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk
[2015/09/02 20:09:29 | 001,048,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2015/09/02 20:08:57 | 000,447,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2015/09/02 20:08:57 | 000,378,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/09/02 20:08:57 | 000,274,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2015/09/02 20:08:57 | 000,150,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2015/09/02 20:08:57 | 000,093,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2015/09/02 20:08:57 | 000,090,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2015/09/02 20:08:57 | 000,065,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2015/09/02 20:08:57 | 000,028,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2015/09/02 20:08:54 | 000,043,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/09/02 20:08:45 | 000,028,144 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswKbd.sys
[2015/09/02 20:08:40 | 000,454,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswNdisFlt.sys
[2015/09/02 19:41:21 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/08/31 03:47:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleFordavid.job
[2015/08/30 19:42:19 | 000,968,010 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/08/30 19:42:19 | 000,804,982 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/08/30 19:42:19 | 000,163,916 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/08/27 16:01:45 | 041,361,164 | ---- | M] () -- C:\Users\david\Desktop\Governor of Poker 2 Premium v2.0.2 Mod [Unlimited Wildcard & Money] - premiumapk.com.apk
[2015/08/23 21:16:54 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudmdm.sys
[2015/08/20 20:15:40 | 000,886,528 | ---- | M] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\rt640x64.sys
[2015/08/20 20:15:40 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2015/08/20 20:07:30 | 001,413,776 | ---- | M] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRRPTR64.dll
[2015/08/20 20:07:30 | 000,454,288 | ---- | M] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRAPO64.dll
[2015/08/20 20:07:30 | 000,369,296 | ---- | M] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM64.dll
[2015/08/20 20:07:30 | 000,329,360 | ---- | M] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM.dll
[2015/08/20 20:07:29 | 000,734,376 | ---- | M] (DTS, Inc.) -- C:\WINDOWS\SysNative\sltech64.dll
[2015/08/20 20:07:29 | 000,250,536 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\SysNative\slprp64.dll
[2015/08/20 20:07:26 | 001,104,040 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slcnt64.dll
[2015/08/20 20:07:26 | 000,943,784 | ---- | M] (DTS, Inc.) -- C:\WINDOWS\SysNative\sl3apo64.dll
[2015/08/20 20:07:24 | 002,918,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2015/08/20 20:07:24 | 002,702,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2015/08/20 20:07:23 | 003,234,520 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
[2015/08/20 20:07:23 | 000,184,688 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
[2015/08/20 20:07:21 | 000,631,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
[2015/08/20 20:07:18 | 001,310,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2015/08/20 20:07:16 | 035,222,128 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2015/08/20 20:07:15 | 072,113,152 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2015/08/20 20:07:15 | 002,930,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RltkAPO64.dll
[2015/08/20 20:07:14 | 001,749,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2015/08/20 20:06:55 | 001,576,976 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\SysNative\CX64APO.dll
[2015/08/20 20:06:54 | 000,560,328 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2015/08/20 20:06:19 | 002,825,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2015/08/20 19:54:45 | 000,752,856 | ---- | M] (Realsil Semiconductor Corporation) -- C:\WINDOWS\SysNative\drivers\RtsPer.sys
[2015/08/20 19:54:45 | 000,402,136 | ---- | M] (Realsil Semiconductor Corporation) -- C:\WINDOWS\SysNative\drivers\RtsUer.sys
[2015/08/20 19:54:45 | 000,365,272 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsPStor.sys
[2015/08/20 19:54:45 | 000,301,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsP2Stor.sys
[2015/08/20 19:54:44 | 009,890,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\RsCRIcon.dll
[2015/08/20 19:54:44 | 000,313,048 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsBaStor.sys
[2015/08/20 19:54:44 | 000,083,160 | ---- | M] (Realtek Semiconductor.) -- C:\WINDOWS\SysNative\RtCRX64.dll
[2015/08/20 01:07:55 | 008,019,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/08/20 01:06:53 | 000,609,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2015/08/20 00:57:13 | 000,077,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/08/20 00:26:23 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2015/08/20 00:21:28 | 021,875,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2015/08/20 00:21:13 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseModernAppMgmtCSP.dll
[2015/08/19 23:31:28 | 018,806,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2015/08/18 02:56:25 | 002,498,808 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2015/08/18 02:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2015/08/18 02:54:30 | 001,396,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2015/08/18 02:27:23 | 001,771,592 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/08/18 02:24:35 | 000,963,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2015/08/18 02:13:10 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2015/08/18 02:13:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2015/08/18 02:12:20 | 000,692,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\NfcCx.dll
[2015/08/18 02:12:18 | 002,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll
[2015/08/18 02:04:20 | 000,859,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll
[2015/08/18 02:04:14 | 001,234,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2015/08/18 01:59:35 | 001,294,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll
[2015/08/18 01:59:02 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll
[2015/08/18 01:58:46 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnNetsh.dll
[2015/08/18 01:58:34 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWCN.dll
[2015/08/18 01:58:31 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWCN.dll
[2015/08/18 01:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll
[2015/08/18 01:57:54 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll
[2015/08/18 01:56:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll
[2015/08/18 01:55:01 | 002,178,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2015/08/18 01:54:11 | 000,247,296 | ---- | M] () -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2015/08/18 01:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultsvc.dll
[2015/08/18 01:52:26 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2015/08/18 01:50:04 | 001,795,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2015/08/18 01:49:52 | 001,061,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2015/08/18 01:49:20 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll
[2015/08/18 01:49:03 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2015/08/18 01:36:08 | 001,226,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll
[2015/08/18 01:35:49 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WcnApi.dll
[2015/08/18 01:34:44 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll
[2015/08/18 01:29:11 | 001,593,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2015/08/18 01:26:08 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
[2015/08/17 23:44:12 | 000,008,847 | ---- | M] () -- C:\WINDOWS\SysNative\ResPriHMImageList
[2015/08/16 10:01:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\My Product Name
[2015/08/16 10:01:12 | 000,000,000 | ---- | M] () -- C:\60ec1ae5a31f2b718c
[2015/08/16 10:01:12 | 000,000,000 | ---- | M] () -- C:\46b53957d35a58cadaea23f52d64d9
[2015/08/16 10:01:12 | 000,000,000 | ---- | M] () -- C:\3c21ee33f0db8de8be0413fff6
[2015/08/16 10:01:12 | 000,000,000 | ---- | M] () -- C:\26845ee945d6873f5dfd17875d9d11
[2015/08/13 03:34:19 | 000,219,344 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/08/12 23:22:26 | 002,093,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2015/08/12 23:20:39 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2015/08/12 22:53:21 | 000,311,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2015/08/12 03:19:30 | 000,015,227 | ---- | M] () -- C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.vbs
[2015/08/11 05:04:24 | 002,462,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2015/08/11 05:04:23 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/08/11 05:04:15 | 001,087,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2015/08/11 05:03:09 | 000,442,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2015/08/11 05:02:57 | 000,554,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\directmanipulation.dll
[2015/08/11 05:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys
[2015/08/11 05:02:49 | 000,292,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe
[2015/08/11 04:52:49 | 000,993,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2015/08/11 04:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/08/11 04:40:22 | 004,048,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/08/11 04:40:12 | 000,918,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2015/08/11 04:40:08 | 002,151,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2015/08/11 04:38:22 | 000,454,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\directmanipulation.dll
[2015/08/11 04:37:48 | 000,243,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe
[2015/08/11 04:26:03 | 000,845,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2015/08/11 04:23:59 | 016,706,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2015/08/11 04:21:13 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringservice.dll
[2015/08/11 04:21:04 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringclient.dll
[2015/08/11 04:20:02 | 000,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll
[2015/08/11 04:19:45 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Notifications.dll
[2015/08/11 04:18:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2015/08/11 04:16:32 | 002,416,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2015/08/11 04:14:02 | 000,404,480 | ---- | M] () -- C:\WINDOWS\SysNative\diagtrack_wininternal.dll
[2015/08/11 04:13:42 | 000,413,184 | ---- | M] () -- C:\WINDOWS\SysNative\diagtrack_win.dll
[2015/08/11 04:11:40 | 002,446,336 | ---- | M] () -- C:\WINDOWS\SysNative\InputService.dll
[2015/08/11 04:11:18 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2015/08/11 04:10:47 | 000,293,376 | ---- | M] () -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2015/08/11 04:10:12 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/08/11 04:10:06 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2015/08/11 04:09:55 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll
[2015/08/11 04:08:04 | 000,893,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll
[2015/08/11 04:08:04 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApi.dll
[2015/08/11 04:07:52 | 000,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll
[2015/08/11 04:07:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeParserTask.exe
[2015/08/11 04:06:19 | 007,523,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2015/08/11 04:05:48 | 000,342,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationGeofences.dll
[2015/08/11 04:05:27 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll
[2015/08/11 04:05:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFrameworkInternalPS.dll
[2015/08/11 04:05:20 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationPermissions.dll
[2015/08/11 04:05:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2015/08/11 04:05:07 | 003,527,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2015/08/11 04:03:09 | 002,558,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2015/08/11 04:02:53 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll
[2015/08/11 04:02:15 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2015/08/11 04:02:08 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2015/08/11 04:01:38 | 001,334,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2015/08/11 04:00:45 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2015/08/11 04:00:06 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\syncutil.dll
[2015/08/11 03:59:51 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2015/08/11 03:59:33 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tetheringclient.dll
[2015/08/11 03:59:27 | 000,642,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdbui.dll
[2015/08/11 03:58:11 | 000,372,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
[2015/08/11 03:57:51 | 013,024,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2015/08/11 03:57:31 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\WpdMtpDr.dll
[2015/08/11 03:57:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2015/08/11 03:51:35 | 001,916,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2015/08/11 03:51:33 | 001,823,232 | ---- | M] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/11 03:50:59 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2015/08/11 03:50:58 | 000,200,704 | ---- | M] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/11 03:50:47 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GamePanel.exe
[2015/08/11 03:49:50 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2015/08/11 03:49:30 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/08/11 03:48:25 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
[2015/08/11 03:47:09 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApi.dll
[2015/08/11 03:43:39 | 002,748,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2015/08/11 03:42:33 | 005,454,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2015/08/11 03:40:32 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2015/08/11 03:40:12 | 001,112,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2015/08/11 03:38:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
 
========== Files Created - No Company Name ==========
 
[2015/09/09 09:44:25 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\TOXIC_david_HistoryPrediction.bin
[2015/09/09 09:22:16 | 608,641,478 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2015/09/09 09:20:22 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2015/09/05 08:46:02 | 002,498,808 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2015/09/05 08:45:57 | 001,771,592 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015/09/05 08:45:47 | 000,247,296 | ---- | C] () -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2015/09/05 08:45:47 | 000,008,847 | ---- | C] () -- C:\WINDOWS\SysNative\ResPriHMImageList
[2015/09/04 08:34:47 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/03 18:22:58 | 000,015,227 | ---- | C] () -- C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.vbs
[2015/09/02 20:10:16 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2015/09/02 20:10:16 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk
[2015/09/02 19:41:21 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/08/30 16:28:50 | 041,361,164 | ---- | C] () -- C:\Users\david\Desktop\Governor of Poker 2 Premium v2.0.2 Mod [Unlimited Wildcard & Money] - premiumapk.com.apk
[2015/08/20 21:02:19 | 002,446,336 | ---- | C] () -- C:\WINDOWS\SysNative\InputService.dll
[2015/08/20 21:02:14 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll
[2015/08/20 21:02:14 | 000,404,480 | ---- | C] () -- C:\WINDOWS\SysNative\diagtrack_wininternal.dll
[2015/08/20 21:02:13 | 000,413,184 | ---- | C] () -- C:\WINDOWS\SysNative\diagtrack_win.dll
[2015/08/20 21:02:12 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2015/08/20 21:02:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2015/08/20 20:11:46 | 035,222,128 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2015/08/16 10:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\My Product Name
[2015/08/16 10:01:12 | 000,000,000 | ---- | C] () -- C:\60ec1ae5a31f2b718c
[2015/08/16 10:01:12 | 000,000,000 | ---- | C] () -- C:\46b53957d35a58cadaea23f52d64d9
[2015/08/16 10:01:12 | 000,000,000 | ---- | C] () -- C:\3c21ee33f0db8de8be0413fff6
[2015/08/16 10:01:12 | 000,000,000 | ---- | C] () -- C:\26845ee945d6873f5dfd17875d9d11
[2015/08/09 18:57:14 | 000,000,006 | RHS- | C] () -- C:\ProgramData\06a973d5f0a4aca017313ac393ea61770040c0e8
[2015/08/01 22:30:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/07/30 22:31:56 | 000,194,560 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2015/07/30 22:31:56 | 000,152,576 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2015/07/30 21:40:29 | 000,925,184 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/07/10 07:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/07/10 06:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/07/10 06:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/07/10 06:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/07/10 06:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/07/10 06:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/07/10 06:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015/07/10 06:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/07/10 06:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2015/07/10 06:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2015/07/10 06:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll
[2015/07/10 06:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2015/07/10 06:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/07/10 06:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/07/10 06:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/07/10 06:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/07/10 06:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 05:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/01/28 05:47:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2014/08/26 18:33:41 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2015/08/01 22:58:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/07/31 00:22:40 | 006,488,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/07/31 00:22:40 | 005,118,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 05:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 06:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 05:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\david\OneDrive:ms-properties
 
< End of report >

Edited by xXToffeeXx, 09 September 2015 - 11:21 AM.
Moved from AII due to OTL log posted~


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 10 September 2015 - 12:54 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 16 September 2015 - 08:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users