Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE & Mozilla browsers hijacked by hao123 and won't go away!

Started by itsdave , Feb 10 2016 01:28 AM

Page 3 of 7
1
2
3
4
5

This topic is locked

#31
itsdave

Posted 18 February 2016 - 12:59 AM

Member

Topic Starter
Member
50 posts

No worries.

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by David on Thu 18/02/2016 at 19:46:30.44.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-02-14-095440.log 25717 bytes

==== System Restore Info ======================

18/02/2016 7:47:14 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\David\AppData\Local\ActiveSync deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\prefs.js:
user_pref("browser.startup.homepage", "http://google.com/");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/02/2016 08:42 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/02/2016 08:42 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
6FE651F6E3025AD51CC1D54913AEEADC - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/02/2016 07:52 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...=IESR02&pc=UE04

==== Reset Google Chrome ======================

Nothing found to reset

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\H6EXI0WX will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\IQXC8DBU will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\K04EGXQ8 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=17 17802530 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\H6EXI0WX" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\IQXC8DBU" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\K04EGXQ8" not found

==== EOF on Thu 18/02/2016 at 19:56:29.12 ======================

#32
dbreeze

Posted 18 February 2016 - 02:20 AM

Trusted Helper

Malware Removal
2,216 posts

Thank you.

If you still run into the problem (the addition to the Firefox shortcuts) please run the following Refresh of Firefox:

https://support.mozi...ns-and-settings

#33
itsdave

Posted 18 February 2016 - 10:55 PM

Member

Topic Starter
Member
50 posts

Still have the same problem.

I just refreshed Firefox so we'll see in a few hours/tomorrow if it's made any difference.. Will get back to you soon.

#34
itsdave

Posted 19 February 2016 - 02:46 PM

Member

Topic Starter
Member
50 posts

Booted up my pc today. Still the same, the string attaches itself to my shortcut (and I still only see 1 browser shortcut)

#35
dbreeze

Posted 19 February 2016 - 03:54 PM

Trusted Helper

Malware Removal
2,216 posts

:headscratch:

Download zoek.exe from here: Zoek.exe at Bleepingcomputer

Close/disable all anti virus and anti malware programs so they do not interfere with the download or running of Zoek.exe
(Here or here you can read manual instructions on how to disable your security applications.)
Double click zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:

standardsearch;
autoruns;
silentrunners;

Close any open browsers.
Make sure the "Scan All Users" button is selected.
Click the "Run script" button and wait patiently.
When finished the log file will be opened in notepad.
If a reboot is needed the log file will be opened after reboot.
The zoek-results.log can also be found on your system drive (typically this is C: drive.).
Please post the log file for further review in your next comment.

#36
itsdave

Posted 19 February 2016 - 09:06 PM

Member

Topic Starter
Member
50 posts

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by David on Sat 20/02/2016 at 15:56:43.89.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-02-14-095440.log   25717 bytes
C:\zoek-results2016-02-18-065629.log   7330 bytes

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\David\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Battle.net\Agent\Agent.4772\Agent.exe
D:\Program Files (x86)\Battle.net\Battle.net.6734\Battle.net.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
D:\Users\user\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8125 MB
CPU Info: Intel® Core™ i5-6600 CPU @ 3.30GHz
CPU Speed: 3314.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970
Monitors: 1x; SyncMaster 206BW(Digital) |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Intel® Ethernet Connection (2) I219-V
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH24NS70
Ports: COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 111.3GB | D: 882.6GB
Hard Disks - Free: C: 64.7GB | D: 640.9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/18/15 | ALASKA - 1072009
Time Zone: New Zealand Standard Time
Motherboard *: ASRock H170 Performance
Country: New Zealand
Language: ENZ

==== System Specs (Software) ======================

Default Browser: Firefox   44.0.2
Internet Explorer Version: 11.103.10586.0
Mozilla Firefox version: 44.0.2 (x86 en-US)
Adobe Reader version: 15.10.20056.167417
Flash Player version: 20.0.0.306

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-02-11 06:52:55   9A4721C52C4746019879D9F8033DCA00   52184   ----a-w-   C:\WINDOWS\avastSS.scr
2016-02-10 08:30:13   95D730526EF81792CD6848D8D10FAA1C   4502352   ----a-w-   C:\WINDOWS\explorer.exe
2016-02-03 06:38:47   6E052C2CBD7C878FEF7505B69B69A258   67584   --s-a-w-   C:\WINDOWS\bootstat.dat
2016-02-03 06:28:20   692CA5EBC9E0CEF0A8D0BE4DF7400CEE   9528   ----a-w-   C:\WINDOWS\diagwrn.xml
2016-02-03 06:28:20   692CA5EBC9E0CEF0A8D0BE4DF7400CEE   9528   ----a-w-   C:\WINDOWS\diagerr.xml
2016-01-22 20:36:17   A8F0B315F67842060906A301108CDAB0   2080472   ----a-r-   C:\WINDOWS\RtlExUpd.dll
====== C:\Users\David\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-02-10 08:30:22   A898C851127646F4F657BBC7CD9DB987   19339776   ----a-w-   C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 08:30:17   0FAFB579F8D0DD97D62EAF87AE552B03   21124344   ----a-w-   C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 08:30:16   8B9DDC7866BD9B1A502D000D39CD40E3   5242496   ----a-w-   C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 08:30:16   01BFC0BC4D4986C7911B5A120E0EAC7B   9918976   ----a-w-   C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 08:30:15   3B0CA32C396D84B4D3984177EA615F07   12125696   ----a-w-   C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 08:30:14   E6EE0236D61AE1B946B9FE7F059C694F   5662208   ----a-w-   C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 08:30:14   8098C092B1C51D918C7FD17A0BC1B93A   18678272   ----a-w-   C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 08:30:12   FCBCED2A237DCD7EF86CED551B731742   4064320   ----a-w-   C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 08:30:12   FBF8BBB141504F661FA7F6864D95C16B   2230784   ----a-w-   C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 08:30:12   F29FE67D93D1EC698D8FE7B0A5BB32F1   1542816   ----a-w-   C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 08:30:12   CBE2DFB96C188DC8913B0CCBFA50C2FF   1824264   ----a-w-   C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 08:30:12   52C8B2C9A9F61F2F1BE133E6015FA288   2919320   ----a-w-   C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 08:30:11   A9EEEFE4CFF7EEA891C77169A4C43D0A   295264   ----a-w-   C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 08:30:11   838A36729CEC0E27D760AFE625104BB6   1557776   ----a-w-   C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 08:30:11   7FCEAC6F67C822B63306D1F6CB8B8A4B   3666432   ----a-w-   C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 08:30:10   6EB3A9117D1849AE452110A2C66CC411   820704   ----a-w-   C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 08:30:10   00ECC00ED8713D7FDE30323237C5CAEF   792064   ----a-w-   C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 08:30:09   F87C928A9C09611670BBF6533281003C   162816   ----a-w-   C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 08:30:09   F7169F42A954DEAD789529859921BD36   81112   ----a-w-   C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 08:30:09   F02A0D9F011212BC96B6DEF4F0E42AE9   1504768   ----a-w-   C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 08:30:08   F7F4D3C8F419097D5219C80B811978A9   203264   ----a-w-   C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 08:30:08   AD18802933E2F0BD9FDE02FF35D8AEC3   118272   ----a-w-   C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 08:30:08   0FC0E3CA4D36EB8A3BC1BA48436C1645   63488   ----a-w-   C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 08:30:08   0B247775E6D85763E490BAE3B7CE0CB9   31232   ----a-w-   C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 08:30:07   EC0F9E1BF64F2162F232C072BB1D6768   45568   ----a-w-   C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 08:30:07   529D8C676C042EC2E6930221F81C1A4A   99840   ----a-w-   C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 08:30:07   3ADA661523773B1A461CCA2BB1E4478B   65536   ----a-w-   C:\WINDOWS\SysWOW64\wininetlui.dll
====== C:\WINDOWS\SysWOW64\drivers =====
2016-01-22 22:59:45   75D6C3469347DE1CDFA3B1B9F1544208   22280   ----a-w-   C:\WINDOWS\SysWOW64\drivers\AsrAutoChkUpdDrv.sys
2016-01-22 20:30:28   EB52FB2FEF40496D9ADA88A9CC0F1284   22352   ----a-w-   C:\WINDOWS\SysWOW64\drivers\AsrSetupDrv.sys
====== C:\WINDOWS\Sysnative =====
2016-02-11 06:52:57   CBE6A51D10DA701BAFF2729EAD1BAC6B   398152   ----a-w-   C:\WINDOWS\Sysnative\aswBoot.exe
2016-02-10 08:30:23   1CA392E9520D8B86CFC484DE04B39F55   22394368   ----a-w-   C:\WINDOWS\Sysnative\edgehtml.dll
2016-02-10 08:30:23   1C772A877B4724F7F56117FB899C740C   3592704   ----a-w-   C:\WINDOWS\Sysnative\win32kfull.sys
2016-02-10 08:30:22   4844C11E00F0ED6100B3375C216BFB49   24603136   ----a-w-   C:\WINDOWS\Sysnative\mshtml.dll
2016-02-10 08:30:20   3D6CDEB19DE3D9FD55533C28ED664EA0   22564328   ----a-w-   C:\WINDOWS\Sysnative\shell32.dll
2016-02-10 08:30:20   3BFD141B784459A10F1DA623B7BE5E6C   6605544   ----a-w-   C:\WINDOWS\Sysnative\windows.storage.dll
2016-02-10 08:30:19   5343CC447AA0BEE71ECADCCDB5670F9A   13382656   ----a-w-   C:\WINDOWS\Sysnative\ieframe.dll
2016-02-10 08:30:18   5CADC12CD7D8C21952AF932EFD1707B7   11545088   ----a-w-   C:\WINDOWS\Sysnative\twinui.dll
2016-02-10 08:30:17   380A4E413E227A6445FDB5244181BAFF   1087488   ----a-w-   C:\WINDOWS\Sysnative\reseteng.dll
2016-02-10 08:30:16   F25D44D09132849746A080D9BAE331D9   7835648   ----a-w-   C:\WINDOWS\Sysnative\Chakra.dll
2016-02-10 08:30:16   E0D72868E01C22B985A9341F8295613B   2757120   ----a-w-   C:\WINDOWS\Sysnative\wininet.dll
2016-02-10 08:30:15   A2001D2C8E6C237B8F01E4375B16AF4E   7476064   ----a-w-   C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-02-10 08:30:13   F23708D1B4C792F35CF40710804D51A4   4894720   ----a-w-   C:\WINDOWS\Sysnative\jscript9.dll
2016-02-10 08:30:13   C2737837E8DE02DCEE93EB9E0492E607   1819720   ----a-w-   C:\WINDOWS\Sysnative\ntdll.dll
2016-02-10 08:30:13   B67BE37DB6E01693A8529DBC4B2A1C88   970752   ----a-w-   C:\WINDOWS\Sysnative\kerberos.dll
2016-02-10 08:30:13   9B98D38675D854AE9D5DC06AE62E5E53   2275328   ----a-w-   C:\WINDOWS\Sysnative\wuaueng.dll
2016-02-10 08:30:13   95F1566DEB77160095EC236964EE506D   1734656   ----a-w-   C:\WINDOWS\Sysnative\urlmon.dll
2016-02-10 08:30:13   80D6AF1D9BE30E386322E9E723F7B6DE   1387520   ----a-w-   C:\WINDOWS\Sysnative\lsasrv.dll
2016-02-10 08:30:12   C402B84B789382748EEEC04284781732   2606824   ----a-w-   C:\WINDOWS\Sysnative\combase.dll
2016-02-10 08:30:11   D02F3E132E6AD02F2CB4F9991FB77B56   1270072   ----a-w-   C:\WINDOWS\Sysnative\WinTypes.dll
2016-02-10 08:30:11   B0AD1A1DCBD8690F11C44708610974B9   1997328   ----a-w-   C:\WINDOWS\Sysnative\KernelBase.dll
2016-02-10 08:30:11   AAD4516753A9EDD1CF93B81E8B5D0CE5   359776   ----a-w-   C:\WINDOWS\Sysnative\msv1_0.dll
2016-02-10 08:30:10   D53F94A3F5DA461209C6128D5337FFF1   304752   ----a-w-   C:\WINDOWS\Sysnative\systemreset.exe
2016-02-10 08:30:10   0319FFA35F366D2FD1C9776DAA98FE96   299008   ----a-w-   C:\WINDOWS\Sysnative\microsoft-windows-system-events.dll
2016-02-10 08:30:09   FAB5054707064EA9881954F98D9150C0   85320   ----a-w-   C:\WINDOWS\Sysnative\OpenWith.exe
2016-02-10 08:30:09   C177128E60700E43109584F33D0430F9   258048   ----a-w-   C:\WINDOWS\Sysnative\iassam.dll
2016-02-10 08:30:09   8A48AEAACC0F44E999BEC15BF017E74B   36864   ----a-w-   C:\WINDOWS\Sysnative\ztrace_maps.dll
2016-02-10 08:30:09   1C375486D1F6D0DD5281B76C750EEFA3   147456   ----a-w-   C:\WINDOWS\Sysnative\mtxoci.dll
2016-02-10 08:30:08   D974EACE921C3B1C78DD29334CC7F861   109056   ----a-w-   C:\WINDOWS\Sysnative\hlink.dll
2016-02-10 08:30:08   BAAB5AE1EC2A970C16FDA670882EEE39   79360   ----a-w-   C:\WINDOWS\Sysnative\cfgbkend.dll
2016-02-10 08:30:08   00FFABBFBEE8A064DF817885187B1D8B   52224   ----a-w-   C:\WINDOWS\Sysnative\jsproxy.dll
2016-02-10 08:30:07   DE4D2583E70B89D027CF9C5ABCD3673B   764928   ----a-w-   C:\WINDOWS\Sysnative\Chakradiag.dll
2016-02-10 08:30:07   DD4C204506488414C8980B925445481C   99328   ----a-w-   C:\WINDOWS\Sysnative\ngckeyenum.dll
2016-02-10 08:30:07   AA94C58A205952A01A58C3D18E4B987F   69632   ----a-w-   C:\WINDOWS\Sysnative\wininetlui.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-02-10 08:30:23   CC0A2F91C231E0D25EE3DBBF11B660D9   1998176   ----a-w-   C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-02-10 08:30:16   299B5570571185DB929194C40A1A0DB0   576352   ----a-w-   C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-02-10 08:30:09   A1105260EEEE3DBD8D38FD054B22BD00   604928   ----a-w-   C:\WINDOWS\Sysnative\drivers\cng.sys
2016-02-10 08:30:08   BF6CA7EA5ECD6CF72D3D76652A9B8280   144384   ----a-w-   C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2016-02-06 01:42:41   318E816717431D3C23DC82779900C744   1089880   ----a-w-   C:\WINDOWS\Sysnative\drivers\http.sys
2016-02-06 01:42:35   F259A45D6B555B14CC8365AA6BC8DC20   67072   ----a-w-   C:\WINDOWS\Sysnative\drivers\usbser.sys
2016-02-04 03:36:13   EFEFC245B884B1BE0401931398DCD707   2152800   ----a-w-   C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-02-04 03:36:13   91D3F2A6253EF83EFBD7903028F58C4D   118624   ----a-w-   C:\WINDOWS\Sysnative\drivers\tdx.sys
2016-02-04 03:36:13   70148EFA9A562E7185B75BBE7D376BF7   578912   ----a-w-   C:\WINDOWS\Sysnative\drivers\afd.sys
2016-02-04 03:36:10   EF536C54AB9281FDC4E83B07279FCFC4   35680   ----a-w-   C:\WINDOWS\Sysnative\drivers\wimmount.sys
2016-02-04 03:36:10   DBBACE77DDE8CCFD85B37B114965C385   147968   ----a-w-   C:\WINDOWS\Sysnative\drivers\rmcast.sys
2016-02-04 03:36:07   DE6D7DC78D956928F59F7415A0F41E13   95072   ----a-w-   C:\WINDOWS\Sysnative\drivers\sdstor.sys
2016-02-04 03:36:07   C24C27FDF93B85A4EFCF25F830253AA2   117248   ----a-w-   C:\WINDOWS\Sysnative\drivers\capimg.sys
2016-02-04 03:36:07   7D8B9214692C4D0F1646215D9984E19A   161632   ----a-w-   C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2016-01-29 07:40:30   0C997B061E3C66BD9E927C1288EB1CC7   24688   ----a-w-   C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2016-01-23 06:05:07   78488AF2AB2111D67B3C4044707A519B   192216   ----a-w-   C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-01-23 06:04:56   CFBC6C6D8A492697CABD1D353EE64933   25816   ----a-w-   C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-01-23 06:04:56   42B3F5C9FBC9B3F0E0BA6B5D7FC8E849   109272   ----a-w-   C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-01-23 06:04:56   08DECFCB9BA97786165A69AB1015BC30   64216   ----a-w-   C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-01-23 05:55:36   2F6ABF6376803BAB4E9F4E7D8E2FF84F   154024   ----a-w-   C:\WINDOWS\Sysnative\drivers\ngvss.sys
2016-01-23 05:55:00   C445C4459ADC7A04E02D4646980515FC   1065720   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswSnx.sys
2016-01-23 05:55:00   9949BBD5BB70C4D317B7549896132579   287016   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswvmm.sys
2016-01-23 05:55:00   7E66DFE6B62C6C34FD6B09DB6169E9F6   37656   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswHwid.sys
2016-01-23 05:55:00   6538FDD733D155F901913D3C09C618CB   463744   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswSP.sys
2016-01-23 05:55:00   259ABA699202DCE45815128D7BEAE41E   107792   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswMonFlt.sys
2016-01-23 05:55:00   219D0E2348629FAE4E6E3478C21B23D6   165344   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswStm.sys
2016-01-23 05:55:00   0AA12ADF5F87B4A70BDBAED77F54B978   74544   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswRvrt.sys
2016-01-23 05:55:00   0866D5FE02D614501B7B4AD5E1BC7B53   103064   ----a-w-   C:\WINDOWS\Sysnative\drivers\aswRdr2.sys
2016-01-22 22:57:55   A556768CC1FA4F36022BEE2F0EDE2566   26880   ----a-w-   C:\WINDOWS\Sysnative\drivers\wdcsam64.sys
2016-01-22 22:50:56   D812362E8AF615B521AD4DF19A93BD5A   205456   ----a-w-   C:\WINDOWS\Sysnative\drivers\nvhda64v.sys
2016-01-22 22:50:56   2C5C31D18A238768346B896DCE154DBF   12426896   ----a-w-   C:\WINDOWS\Sysnative\drivers\nvlddmkm.sys
2016-01-22 22:47:54   64E8275CEAD43D3CA8E3A311B2F4B64A   47760   ----a-w-   C:\WINDOWS\Sysnative\drivers\nvvad64v.sys
2016-01-22 20:41:14   E1AFEE1584C74050DE0DD16DE2A54BF3   17192   ----a-w-   C:\WINDOWS\Sysnative\drivers\AsrAppCharger.sys
2016-01-22 20:40:02   3395BEE2C5CFD2E3DB1206E3AA4F8E2D   494064   ----a-w-   C:\WINDOWS\Sysnative\drivers\e1d65x64.sys
2016-01-22 20:36:23   886CE666A9507E17475C7156B157D181   5804772   ----a-w-   C:\WINDOWS\Sysnative\drivers\rtvienna.dat
2016-01-22 20:36:23   01262E2BE97708F54666E700482027DE   3891800   ----a-w-   C:\WINDOWS\Sysnative\drivers\RTKVHD64.sys
2016-01-22 20:36:22   BDE90D1A068B6FEBD8153627CA49BEBA   853784   ----a-w-   C:\WINDOWS\Sysnative\drivers\RTAIODAT.DAT
2016-01-22 20:12:16   D41D8CD98F00B204E9800998ECF8427E   0   ---ha-w-   C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
====== C:\WINDOWS\Tasks ======
2016-01-23 07:49:51   806CB133D6E01752AC867BB2ECC85806   3816   ----a-w-   C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater
2016-01-23 07:49:51   6A216D56F933DE521E445F58C6A5D5AB   830   ----a-w-   C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-23 06:49:31   9ED3472221F98263A52B1B36921248A3   2954   ----a-w-   C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task
2016-01-23 06:19:43   5E8256AEB5BB7D61DFCAC125A6A04C64   2666   ----a-w-   C:\WINDOWS\Sysnative\Tasks\GyazoUpdateTaskMachineDaily
2016-01-23 06:19:43   24197E61F8CC8C5E344448EF10FE3C11   2526   ----a-w-   C:\WINDOWS\Sysnative\Tasks\GyazoUpdateTaskMachine
2016-01-23 05:55:02   C5E700F961DD689B64759917DF0A3EE6   4006   ----a-w-   C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update
2016-01-22 22:59:45   E216DCA24C07552F6C1F2363AAA8E29B   3038   ----a-w-   C:\WINDOWS\Sysnative\Tasks\AsrAPPShop
2016-01-22 20:58:11   34CED355DDC25BC75E753CBE7B8614B3   4168   ----a-w-   C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{7A2DD860-8018-45B9-8587-1A0C93DE3461}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-02-13 20:38:18   --------   d-----w-   C:\Program Files\OBS
2016-02-06 02:19:23   --------   d---a-w-   C:\Program Files\WinRAR
2016-02-05 23:26:18   --------   d---a-w-   C:\Program Files\HitmanPro
2016-02-05 22:57:55   --------   d-----w-   C:\Program Files\Logitech Gaming Software
2016-02-04 03:34:06   --------   d-----w-   C:\Program Files\Reference Assemblies
2016-02-04 03:34:06   --------   d-----w-   C:\Program Files\MSBuild
2016-02-03 06:38:36   --------   d-----w-   C:\Program Files\NVIDIA Corporation
2016-02-03 06:38:30   --------   d-----w-   C:\Program Files\Realtek
2016-01-23 07:43:10   --------   d-----w-   C:\Program Files\Common Files\INCA Shared
2016-01-22 20:41:13   --------   d-----w-   C:\Program Files\ASRock Utility
2016-01-22 20:31:55   --------   d---a-w-   C:\Program Files\Intel
======= C:\PROGRA~2 =====
2016-02-13 20:38:18   --------   d-----w-   C:\PROGRA~2\OBS
2016-02-04 03:34:06   --------   d-----w-   C:\PROGRA~2\Reference Assemblies
2016-02-04 03:34:06   --------   d-----w-   C:\PROGRA~2\MSBuild
2016-02-03 06:38:44   --------   d--h--w-   C:\PROGRA~2\Uninstall Information
2016-02-03 06:38:36   --------   d-----w-   C:\PROGRA~2\NVIDIA Corporation
2016-01-23 07:27:50   --------   d-----w-   C:\PROGRA~2\COMMON~1\Steam
2016-01-23 06:55:03   --------   d-----w-   C:\PROGRA~2\Deluge
2016-01-23 06:49:23   --------   d---a-w-   C:\PROGRA~2\COMMON~1\Adobe
2016-01-23 06:49:23   --------   d-----w-   C:\PROGRA~2\Adobe
2016-01-23 06:47:30   --------   d-----w-   C:\PROGRA~2\COMMON~1\PX Storage Engine
2016-01-23 06:47:28   --------   d-----w-   C:\PROGRA~2\Winamp
2016-01-23 06:31:42   --------   d-----w-   C:\PROGRA~2\Mozilla Maintenance Service
2016-01-23 06:20:39   --------   d-----w-   C:\PROGRA~2\Dropbox
2016-01-23 06:20:20   --------   d-----w-   C:\PROGRA~2\VideoLAN
2016-01-23 06:19:41   --------   d---a-w-   C:\PROGRA~2\Gyazo
2016-01-23 06:07:46   --------   d---a-w-   C:\PROGRA~2\COMMON~1\Skype
2016-01-23 06:07:45   --------   d-----r-   C:\PROGRA~2\Skype
2016-01-23 05:55:41   --------   d-----w-   C:\PROGRA~2\Google
2016-01-23 05:44:27   --------   d-----w-   C:\PROGRA~2\NCWest
2016-01-22 20:44:09   --------   d-----w-   C:\PROGRA~2\COMMON~1\Intel Corporation
2016-01-22 20:41:20   --------   d-----w-   C:\PROGRA~2\ASRock Utility
2016-01-22 20:38:35   --------   d-----w-   C:\PROGRA~2\Intel
2016-01-22 20:36:18   --------   d--h--w-   C:\PROGRA~2\Temp
2016-01-22 20:36:18   --------   d--h--w-   C:\PROGRA~2\InstallShield Installation Information
2016-01-22 20:36:18   --------   d-----w-   C:\PROGRA~2\Realtek
2016-01-22 20:36:15   --------   d-----w-   C:\PROGRA~2\COMMON~1\InstallShield
======= C: =====
2016-02-10 07:02:38   4AE9BE8A4C891F7AC64FD887D1C97480   521   ----a-w-   C:\DelFix.txt
2016-01-23 07:50:41   A6799D0F42122C0D1E28655C10DB2707   30   ----a-w-   C:\AVScanner.ini
====== C:\Users\David\AppData\Roaming ======
2016-02-18 06:58:49   11A994A67E5B96F58AA6AAD6C953A5FB   1781   ----a-w-   C:\Users\David\AppData\Local\recently-used.xbel
2016-02-18 06:58:26   --------   d-----w-   C:\Users\David\AppData\Local\ActiveSync
2016-02-18 06:56:40   --------   d-----w-   C:\Users\David\AppData\Local\VirtualStore
2016-02-18 06:55:41   --------   d-----w-   C:\Users\David\AppData\Local\Temp
2016-02-13 20:38:19   --------   d-----w-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-02-06 02:19:25   --------   d-----w-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-05 22:58:25   --------   d-----w-   C:\Users\David\AppData\Local\Logitech
2016-02-04 07:40:08   --------   d-----w-   C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing
2016-02-04 03:34:52   --------   d-----w-   C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft
2016-02-03 06:41:41   --------   d-----w-   C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2016-02-03 06:39:17   --------   d-s---r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-02-03 06:39:17   --------   d-----w-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-02-03 06:39:17   --------   d-----w-   C:\Users\David\AppData\Roaming
2016-02-03 06:39:17   --------   d-----w-   C:\Users\David\AppData\Local\Microsoft
2016-02-03 06:39:17   --------   d-----w-   C:\Users\David\AppData\Local
2016-02-03 06:39:17   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-02-03 06:39:17   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-02-03 06:39:17   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-02-03 06:39:17   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-02-03 06:38:44   --------   d-----w-   C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2016-02-03 06:38:21   --------   d-----w-   C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\networkservice\AppData\Local
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp
2016-01-30 04:28:43   8A3BF30E8DC2FF0135C709D0185C775B   724232   ----a-w-   C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2016-01-30 00:39:51   --------   d-----w-   C:\Users\David\AppData\Local\Sony
2016-01-23 11:31:51   --------   d-----w-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-23 09:57:26   --------   d-----w-   C:\Users\David\AppData\Local\ElevatedDiagnostics
2016-01-23 09:56:54   --------   d-----w-   C:\Users\David\AppData\Local\Ubisoft Game Launcher
2016-01-23 07:48:23   --------   d-----w-   C:\Users\David\AppData\Local\CrashDumps
2016-01-23 07:28:39   --------   d-----w-   C:\Users\David\AppData\Local\CEF
2016-01-23 07:28:38   --------   d-----w-   C:\Users\David\AppData\Local\Steam
2016-01-23 07:10:53   --------   d-----w-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-01-23 07:10:51   --------   d-----w-   C:\Users\David\AppData\Local\FluxSoftware
2016-01-23 06:58:13   --------   d-----w-   C:\Users\David\AppData\Local\Comms
2016-01-23 06:31:46   --------   d-----w-   C:\Users\David\AppData\Local\Mozilla
2016-01-23 06:20:38   --------   d-----w-   C:\Users\David\AppData\Local\Dropbox
2016-01-23 05:55:41   --------   d-----w-   C:\Users\David\AppData\Local\Google
2016-01-23 05:48:47   --------   d-----w-   C:\Users\David\AppData\Local\Blizzard Entertainment
2016-01-23 05:48:41   --------   d-----w-   C:\Users\David\AppData\Local\Battle.net
2016-01-22 22:47:21   --------   d-----w-   C:\Users\David\AppData\Local\MicrosoftEdge
2016-01-22 20:57:26   --------   d-s---w-   C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow
2016-01-22 20:51:28   --------   d-----w-   C:\Users\David\AppData\Local\NVIDIA Corporation
2016-01-22 20:51:28   --------   d-----w-   C:\Users\David\AppData\Local\NVIDIA
2016-01-22 20:41:19   --------   d-----w-   C:\Users\David\AppData\Local\Programs
2016-01-22 20:40:15   --------   d-s---w-   C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow
2016-01-22 20:16:47   --------   d-----w-   C:\Users\David\AppData\Local\Publishers
2016-01-22 20:16:43   --------   d-----w-   C:\Users\David\AppData\LocalLow
2016-01-22 20:16:43   --------   d-----w-   C:\Users\David\AppData\Local\TileDataLayer
2016-01-22 20:16:43   --------   d-----w-   C:\Users\David\AppData\Local\Packages
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
====== C:\Users\David ======
2016-02-13 05:47:47   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-06 02:19:25   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-05 23:26:18   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-05 23:24:41   --------   d-----w-   C:\ProgramData\HitmanPro
2016-02-05 22:58:26   --------   d-----w-   C:\ProgramData\LogiShrd
2016-02-05 22:57:58   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-02-03 07:33:58   --------   d-----w-   C:\WINDOWS\serviceprofiles\Localservice\winhttp
2016-02-03 06:42:54   6FC234AD3752E1267B34FB12BCD6718B   20   --sh--w-   C:\Users\David\ntuser.ini
2016-02-03 06:39:17   --------   d--h--w-   C:\Users\David\AppData
2016-02-03 06:38:46   --------   d-----w-   C:\ProgramData\NVIDIA
2016-02-03 06:38:39   --------   d-----w-   C:\ProgramData\NVIDIA Corporation
2016-02-03 06:38:11   --------   d--h--w-   C:\WINDOWS\serviceprofiles\networkservice\AppData
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\networkservice\Saved Games
2016-02-03 06:38:11   --------   d-----w-   C:\WINDOWS\serviceprofiles\Localservice\Saved Games
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Videos
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Pictures
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Music
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Links
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Favorites
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Downloads
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Documents
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\networkservice\Desktop
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Videos
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Pictures
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Music
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Links
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Favorites
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Downloads
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Documents
2016-02-03 06:38:11   --------   d-----r-   C:\WINDOWS\serviceprofiles\Localservice\Desktop
2016-01-29 07:40:26   --------   d-----w-   C:\ProgramData\RogueKiller
2016-01-26 08:03:53   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-01-26 08:01:42   --------   d-----w-   C:\ProgramData\boost_interprocess
2016-01-23 08:29:14   --------   d-----w-   C:\ProgramData\Electronic Arts
2016-01-23 08:12:02   --------   d-----w-   C:\ProgramData\Ubisoft
2016-01-23 07:27:49   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-23 06:55:08   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-01-23 06:52:51   --------   d-----w-   C:\ProgramData\Origin
2016-01-23 06:48:58   --------   d-----w-   C:\ProgramData\Adobe
2016-01-23 06:47:53   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-01-23 06:20:38   --------   d-----w-   C:\ProgramData\Dropbox
2016-01-23 06:20:23   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-23 06:19:41   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-01-23 06:17:13   --------   d-----w-   C:\ProgramData\Riot Games
2016-01-23 06:08:08   --------   d-----w-   C:\Users\David\Tracing
2016-01-23 06:07:46   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-23 06:07:28   --------   d-----w-   C:\ProgramData\Skype
2016-01-23 05:48:41   --------   d-----w-   C:\ProgramData\Blizzard Entertainment
2016-01-23 05:48:38   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-01-23 05:43:53   --------   d-----w-   C:\ProgramData\Battle.net
2016-01-22 22:59:45   --------   d-----w-   C:\ProgramData\ASRock
2016-01-22 20:51:21   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-22 20:41:14   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2016-01-22 20:37:08   --------   d-----w-   C:\ProgramData\Intel
2016-01-22 20:37:08   --------   d-----r-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-01-22 20:37:00   --------   d-----w-   C:\Users\David\Intel
2016-01-22 20:18:00   --------   d-----w-   C:\ProgramData\Microsoft OneDrive
2016-01-22 20:16:43   --------   d--h--r-   C:\Users\Public\AccountPictures
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Videos
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Searches
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Saved Games
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Pictures
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Music
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Links
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Favorites
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Downloads
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Documents
2016-01-22 20:16:43   --------   d-----r-   C:\Users\David\Contacts

====== C: exe-files ==
2016-02-19 08:50:21   EC0F4EF3CF0D035767B445FFB78E6BA6   608008   ----a-w-   C:\Users\David\AppData\Local\NVIDIA\NvBackend\Packages\00008641\CoProc update.20454836.exe
2016-02-19 08:50:18   E4017036065FD4E926FAA23CAC7D2475   7279624   ----a-w-   C:\Users\David\AppData\Local\NVIDIA\NvBackend\Packages\0000864d\DAO.20456327.exe
2016-02-19 05:13:47   4F3FF7A630EE2E90D34FEDDA4A25AE3C   4349928   ----a-w-   C:\ProgramData\Battle.net\Agent\Agent.4772\Agent.exe
2016-02-18 20:20:16   8D7EAADA664E36A68796205F394129C6   630200   ----a-w-   C:\Users\David\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2016-02-18 20:20:12   D9DCA955D2E90C3FC4ECD041569CE436   172984   ----a-w-   C:\Users\David\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2016-02-18 04:41:35   79AFF3B31FF3EF45A60910CE394FE687   4350440   ----a-w-   C:\ProgramData\Battle.net\Agent\Agent.4766\Agent.exe
2016-02-13 20:38:19   8E4E6C9EBE4803ADD60DA47FEDF74A65   57231   ----a-w-   C:\Program Files (x86)\OBS\uninstall.exe
2016-02-13 05:58:29   8B5E74F7CCE361BA42DE2976E183DC2F   20237816   ----a-w-   C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.119\deploy\League of Legends.exe
2016-02-13 05:58:29   0EBD229DB6BC69E560A949EB8ED71D5E   324048   ----a-w-   C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.119\deploy\BsSndRpt.exe
2016-02-13 05:55:55   8B5E74F7CCE361BA42DE2976E183DC2F   20237816   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.60\deploy\League of Legends.exe
2016-02-13 05:51:27   0EBD229DB6BC69E560A949EB8ED71D5E   324048   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.60\deploy\BsSndRpt.exe
2016-02-13 05:50:32   5B93A9C1BB894EFA4D6429EEADA5007C   74752   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\LolClient.exe
2016-02-13 05:48:20   A956F39FF021FA46F46DD4718481FFB3   59392   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
2016-02-13 05:48:06   DFD052BFFE44F6B7CF30B059F54A0420   2711040   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\LoLPatcherUx.exe
2016-02-13 05:48:06   BEF65BE3BD754AF9641AB6966AEB0381   4287488   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\LoLPatcher.exe
2016-02-13 05:48:05   FFD1B1D2ABE351330E470F58925825EE   107008   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\jpatch.exe
2016-02-13 05:48:03   0EBD229DB6BC69E560A949EB8ED71D5E   324048   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\BsSndRpt.exe
2016-02-13 05:47:54   EAA5524E17A8AC82098C1BAAAB7AFF77   2364928   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.10\deploy\LoLLauncher.exe
2016-02-13 05:47:53   FFD1B1D2ABE351330E470F58925825EE   107008   ----a-w-   C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.10\deploy\jpatch.exe
=== C: other files ==
2016-02-19 06:44:45   F4741D13447199718BB610E392A9DECD   1001911   ----a-w-   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2016-02-19 06:44:44   F4741D13447199718BB610E392A9DECD   1001911   ----a-w-   C:\Users\David\AppData\Local\Temp\tmp-wqg.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_USERS\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
@=""

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\AsrAPPShop" [C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\GyazoUpdateTaskMachineDaily" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{7A2DD860-8018-45B9-8587-1A0C93DE3461}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175
user_pref("browser.startup.homepage", "http://google.com/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/02/2016 08:42 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/02/2016 08:42 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175
6FE651F6E3025AD51CC1D54913AEEADC   - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll -   Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/02/2016 07:52 PM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...=IESR02&pc=UE04

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [OneDrive] "C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [f.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
   MBAMProtector
     \??\C:\Windows\system32\drivers\mbam.sys
     Malwarebytes Anti-Malware
     (Verified) Malwarebytes Corporation
     0.1.16.0
     c:\windows\system32\drivers\mbam.sys
     12/08/2015 6:35 AM
     VT detection: 1/56
     VT permalink: https://www.virustot...fc12d/analysis/
   MBAMWebAccessControl
     \??\C:\Windows\system32\drivers\mwac.sys
     Malwarebytes Web Access Control
     (Verified) Malwarebytes Corporation
     1.0.6.0
     c:\windows\system32\drivers\mwac.sys
     18/06/2014 3:07 PM
     VT detection: 1/56
     VT permalink: https://www.virustot...96b05/analysis/

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
   _Wow64
     Wow64.dll
     File not found: C:\WINDOWS\SysWOW64\Wow64.dll

   _Wow64cpu
     Wow64cpu.dll
     File not found: C:\WINDOWS\SysWOW64\Wow64cpu.dll

   _Wow64win
     Wow64win.dll
     File not found: C:\WINDOWS\SysWOW64\Wow64win.dll


HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
   Microsoft Windows Media Player
     %SystemRoot%\inf\unregmp2.exe /ShowWMP
     File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
   Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64
     C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"
     File not found: rmdir


==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=17 17802530 bytes)

==== EOF on Sat 20/02/2016 at 16:06:29.01 ======================

#37
dbreeze

Posted 19 February 2016 - 10:13 PM

Trusted Helper

Malware Removal
2,216 posts

If you go to the OneDrive website and view what is stored there, are there any questionable files there? It should only have what you directly set up (usually just Documents and Pictures) but other files can be stored there.

#38
itsdave

Posted 20 February 2016 - 12:08 AM

Member

Topic Starter
Member
50 posts

It's always had me logged in but I've never used OneDrive to store anything. I went ahead and unlinked my account and stopped it from running at startup entirely. From what I could see, there were 1 or 2 .xls files but nothing that seemed suspicious. I hope that unlinking my account cuts off OneDrive from storing anything in my computer in the future.

#39
dbreeze

Posted 20 February 2016 - 01:17 AM

Trusted Helper

Malware Removal
2,216 posts

Unlinking the account will stop OneDrive from syncing with your system (until you link it again).

This may require the manual search for the culprit. By now, I'm sure you know how to remove the hijack link from your Firefox shortcut (Right click > Shortcut > edit the Target line to remove the extra link > Apply > OK). I would like to try and see if a Clean Boot state keeps the link from coming back.

You can read here on how to do a Clean Boot (different and easier that a Safe Mode boot). The first Clean Mode boot you may want to do disconnected from your network as your AV will not be running. If that seems to leave the shortcut unaltered, then start enabling the disabled services one at a time (or at least in related groups - ie. Adobe services, etc.) until we either get all the disabled services enabled or one of the services causes the hijack link to appear.

If all the services are enabled, the startup tasks can be handled in much the same manor but in Windows1 0 this has to be done via the Task Manager > Startup section.

#40
itsdave

Posted 20 February 2016 - 04:10 PM

Member

Topic Starter
Member
50 posts

I'll test the Clean Boot method and get back to you (likely) tomorrow. I've just selected Selective Startup for next bootup and as you may know it does require a few hours/a day before the shortcut hijack puts itself back there again.

Will get back to you soon. Cheers.

#41
dbreeze

Posted 20 February 2016 - 04:35 PM

Trusted Helper

Malware Removal
2,216 posts

I understand and appreciate your patience with this.

#42
itsdave

Posted 21 February 2016 - 11:07 PM

Member

Topic Starter
Member
50 posts

Ok so I just went about the Clean Boot process. Chose the Selective Startup option, Hid all Microsoft services and clicked Disable All. Enabled each one by one while checking the Firefox shortcut target.

Now while I was doing that I noticed a few things:

- When I booted my pc up and checked msconfig (ethernet cable was unplugged), despite clicking Disable all and the boxes were unticked, the Status of most of the processes were still 'Running'. Is this normal? A good portion of them are just NVIDIA so I thought it wasn't a big deal.

- My Firefox shortcut had already been hijacked. I disabled everything (AVAST alone refuses to be disabled despite checking the option several times) so AVAST was the only box still ticked at startup.

- Last night which was when I last booted, I removed the hao123 from shortcut. Before I went to bed I did the Clean Boot process so that I would test it today. My guess is that whatever is hiding in my computer is periodically adding the hao123 string to my shortcut(s)?

What do you think?

#43
dbreeze

Posted 23 February 2016 - 12:06 AM

Trusted Helper

Malware Removal
2,216 posts

Wow, this is really frustrating ...

You started off with a OTL scan; I would like to get a fresh one to compare what is changed in FireFox (if any):

Download OTL to your Desktop
XP users should double click on the OTL icon to run it; all other users should right click on the OTL icon and select Run as Administrator. Make sure all other windows are closed and to let the tool run uninterrupted.
Make sure the following boxes / options are selected:
- Scan All Users
- Include 64bit Scans (if this option is present)
- Use Company-Name WhiteList
- Skip Microsoft Files
- Use No-Company-Name Whitelist
- LOP Check
- Purity Check
- Use Safelist is selected under Extra Registry option box.
Copy the contents of the quote box below and paste them into the Custom Scans/Fixes box at the bottom of OTL's main panel. Do not copy the word Quote.

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Click the Run Scan button. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply. Thank you.

#44
itsdave

Posted 23 February 2016 - 12:48 AM

Member

Topic Starter
Member
50 posts

Yeah this is frustrating for sure..

OTL logfile created on: 23/02/2016 7:39:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\user\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.93 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.67% Memory free
9.18 Gb Paging File | 5.59 Gb Available in Paging File | 60.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.30 Gb Total Space | 63.14 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive D: | 882.58 Gb Total Space | 640.84 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-TTGS3RU | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2016/02/19 18:13:47 | 004,349,928 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.4772\Agent.exe
PRC - [2016/02/16 19:19:02 | 007,139,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/02/13 10:59:15 | 010,898,408 | ---- | M] (Blizzard Entertainment) -- D:\Program Files (x86)\Battle.net\Battle.net.6734\Battle.net.exe
PRC - [2016/02/12 18:05:45 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/02/11 19:52:55 | 000,237,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016/02/10 21:15:06 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
PRC - [2016/02/10 20:15:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\user\Desktop\OTL.exe
PRC - [2016/02/03 20:18:16 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
PRC - [2016/01/19 18:10:36 | 003,586,848 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2016/01/12 17:43:57 | 002,787,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/01/12 17:43:47 | 001,879,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/12/17 03:19:24 | 000,417,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/12/14 20:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/01 20:28:04 | 006,077,192 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe
PRC - [2015/06/03 12:03:42 | 000,322,472 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2015/06/03 12:03:38 | 000,018,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/10/24 11:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2016/02/13 10:59:20 | 000,293,040 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\ortp.dll
MOD - [2016/02/13 10:59:18 | 000,130,048 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\libEGL.dll
MOD - [2016/02/13 10:59:18 | 000,054,272 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2016/02/13 10:59:18 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQuick.2\qtquick2plugin.dll
MOD - [2016/02/13 10:59:18 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQml\Models.2\modelsplugin.dll
MOD - [2016/02/13 10:59:17 | 000,909,312 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\platforms\qwindows.dll
MOD - [2016/02/13 10:59:17 | 000,739,840 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\libGLESv2.dll
MOD - [2016/02/13 10:59:17 | 000,312,832 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qtiff.dll
MOD - [2016/02/13 10:59:17 | 000,225,792 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qmng.dll
MOD - [2016/02/13 10:59:17 | 000,205,312 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qjpeg.dll
MOD - [2016/02/13 10:59:17 | 000,021,504 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qico.dll
MOD - [2016/02/13 10:59:17 | 000,020,992 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qgif.dll
MOD - [2016/02/13 10:59:17 | 000,015,872 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qsvg.dll
MOD - [2016/02/13 10:59:16 | 026,065,408 | ---- | M] () -- D:\Program Files (x86)\Battle.net\Battle.net.6734\libcef.dll
MOD - [2016/02/11 19:52:55 | 000,480,760 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/02/11 19:52:55 | 000,133,768 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016/02/11 19:52:55 | 000,113,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016/02/10 21:15:05 | 017,891,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
MOD - [2016/02/03 20:18:17 | 022,330,368 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
MOD - [2016/02/03 20:18:16 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
MOD - [2016/02/03 20:18:15 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
MOD - [2016/01/23 18:54:57 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/01/12 17:43:57 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 10:36:54 | 000,932,032 | R--- | M] () -- C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
MOD - [2015/07/01 20:28:04 | 006,077,192 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe

========== Services (SafeList) ==========

SRV:64bit: - [2016/02/11 19:52:55 | 000,237,096 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2016/02/11 19:52:52 | 005,570,120 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2016/02/04 16:36:13 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/02/04 16:36:10 | 001,223,168 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016/02/04 16:36:10 | 001,035,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2016/02/04 16:36:10 | 000,912,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2016/02/04 16:36:10 | 000,749,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/02/04 16:36:10 | 000,607,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016/02/04 16:36:10 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/02/04 16:36:10 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016/02/04 16:36:07 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016/02/04 16:36:07 | 000,087,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016/02/04 16:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016/01/16 18:34:59 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/01/16 18:34:33 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/01/16 18:24:56 | 002,057,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016/01/12 17:43:46 | 001,163,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/01/12 17:43:37 | 006,308,288 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/01/12 17:43:37 | 004,812,736 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/01/07 08:49:24 | 000,193,144 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe -- (LogiRegistryService)
SRV:64bit: - [2015/10/30 20:19:28 | 001,073,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/10/30 20:19:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/10/30 20:19:26 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/10/30 20:19:26 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/10/30 20:18:46 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/10/30 20:18:43 | 001,872,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/10/30 20:18:41 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/30 20:18:19 | 001,297,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/10/30 20:18:18 | 000,729,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/10/30 20:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/10/30 20:18:03 | 001,613,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/10/30 20:18:01 | 001,491,456 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/10/30 20:18:01 | 001,130,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/10/30 20:18:01 | 000,649,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/10/30 20:18:01 | 000,587,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/10/30 20:18:01 | 000,490,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/10/30 20:18:01 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/10/30 20:18:01 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/10/30 20:18:01 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/10/30 20:18:01 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/10/30 20:18:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/10/30 20:18:01 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/10/30 20:18:01 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/10/30 20:17:59 | 002,745,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/10/30 20:17:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/10/30 20:17:59 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/10/30 20:17:58 | 000,764,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/10/30 20:17:58 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/10/30 20:17:54 | 003,449,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/10/30 20:17:54 | 001,090,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/10/30 20:17:54 | 000,360,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/10/30 20:17:53 | 000,846,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/10/30 20:17:53 | 000,625,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/10/30 20:17:53 | 000,361,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/10/30 20:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/10/30 20:17:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/10/30 20:17:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/10/30 20:17:52 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/10/30 20:17:51 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/10/30 20:17:50 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/10/30 20:17:50 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_a1627fb)
SRV:64bit: - [2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_a1627fb)
SRV:64bit: - [2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_a1627fb)
SRV:64bit: - [2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_a1627fb)
SRV:64bit: - [2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_a1627fb)
SRV:64bit: - [2015/10/30 20:17:48 | 000,444,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/10/30 20:17:48 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/10/30 20:17:47 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/10/30 20:17:46 | 000,290,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2015/10/30 20:17:46 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/10/30 20:17:46 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/10/30 20:17:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/10/30 20:17:45 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/10/30 20:17:43 | 002,156,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/10/30 20:17:43 | 000,278,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/10/30 20:17:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/10/30 20:17:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2015/10/30 20:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/10/30 20:17:37 | 000,380,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/10/30 20:17:37 | 000,364,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/10/30 20:17:37 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/10/30 20:17:37 | 000,024,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/10/30 20:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/10/30 20:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/10/30 20:17:18 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015/06/03 12:03:38 | 000,018,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2015/05/07 15:00:20 | 000,271,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV - [2016/02/12 18:05:45 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/02/10 21:15:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/05 10:01:46 | 000,835,152 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016/02/04 16:36:10 | 000,948,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/01/12 17:43:47 | 001,879,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/01/10 04:39:00 | 003,916,368 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2015/12/17 03:19:24 | 000,417,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/12/14 20:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/30 20:18:31 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/30 20:18:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/10/30 20:18:29 | 000,461,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/10/30 20:18:23 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/10/30 20:18:21 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/10/30 20:17:21 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/02/11 19:53:02 | 000,287,016 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2016/02/11 19:52:56 | 000,463,744 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2016/02/11 19:52:56 | 000,165,344 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/02/11 19:52:56 | 000,107,792 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2016/02/11 19:52:56 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/02/11 19:52:56 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016/02/11 19:52:56 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/02/11 19:52:54 | 001,065,720 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2016/02/11 19:52:53 | 000,154,024 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\ngvss.sys -- (ngvss)
DRV:64bit: - [2016/02/11 19:52:52 | 000,310,904 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2016/02/04 16:36:07 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016/02/04 16:36:07 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016/02/03 19:56:27 | 000,024,688 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2016/01/23 11:57:55 | 000,026,880 | ---- | M] (Western Digital Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2016/01/16 18:46:08 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016/01/12 17:43:36 | 000,026,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/12/18 19:11:06 | 000,047,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/12/17 05:59:13 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015/11/21 08:45:48 | 000,026,264 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgLowAudio.sys -- (lgLowAudio)
DRV:64bit: - [2015/10/30 22:07:05 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/10/30 22:06:56 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/10/30 20:19:39 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/10/30 20:18:42 | 000,052,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/10/30 20:18:09 | 000,930,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/10/30 20:18:09 | 000,385,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/10/30 20:18:08 | 000,218,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/10/30 20:18:03 | 000,200,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/10/30 20:18:03 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/10/30 20:18:03 | 000,078,848 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/10/30 20:18:03 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/10/30 20:18:03 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/10/30 20:18:03 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/10/30 20:18:03 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/10/30 20:18:01 | 000,154,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/10/30 20:17:57 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/10/30 20:17:52 | 000,254,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/10/30 20:17:52 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/10/30 20:17:52 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/10/30 20:17:52 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/10/30 20:17:51 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/10/30 20:17:51 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/10/30 20:17:51 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/10/30 20:17:51 | 000,074,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/10/30 20:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/10/30 20:17:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/10/30 20:17:46 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/10/30 20:17:46 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/10/30 20:17:42 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/10/30 20:17:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/10/30 20:17:40 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/10/30 20:17:39 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/10/30 20:17:37 | 000,293,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/10/30 20:17:37 | 000,209,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/10/30 20:17:37 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/10/30 20:17:37 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/10/30 20:17:37 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/10/30 20:17:37 | 000,099,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/10/30 20:17:37 | 000,087,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/10/30 20:17:37 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2015/10/30 20:17:37 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/10/30 20:17:37 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/10/30 20:17:37 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/10/30 20:17:26 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/10/30 20:17:25 | 000,046,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/10/30 20:17:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/10/30 20:17:25 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/10/30 20:17:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/10/30 20:17:25 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/10/30 20:17:23 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/10/30 20:17:23 | 000,534,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/30 20:17:23 | 000,532,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/10/30 20:17:23 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/10/30 20:17:23 | 000,378,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/10/30 20:17:23 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/10/30 20:17:23 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/10/30 20:17:23 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/10/30 20:17:23 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/10/30 20:17:23 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/10/30 20:17:23 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/10/30 20:17:23 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/10/30 20:17:23 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/10/30 20:17:23 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/10/30 20:17:23 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/10/30 20:17:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/10/30 20:17:23 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/10/30 20:17:23 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/10/30 20:17:23 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/10/30 20:17:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/10/30 20:17:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/10/30 20:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/10/30 20:17:23 | 000,034,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/10/30 20:17:23 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/10/30 20:17:23 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/10/30 20:17:22 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/10/30 20:17:22 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/10/30 20:17:22 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/10/30 20:17:22 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/10/30 20:17:22 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/10/30 20:17:22 | 000,238,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/10/30 20:17:22 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/10/30 20:17:22 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/10/30 20:17:22 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/10/30 20:17:22 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/10/30 20:17:22 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/10/30 20:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/10/30 20:17:22 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/10/30 20:17:22 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/10/30 20:17:22 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/10/30 20:17:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/10/30 20:17:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/10/30 20:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/10/30 20:17:22 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/10/30 20:17:22 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/10/30 20:17:22 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2015/10/30 20:17:18 | 000,277,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/10/30 20:17:18 | 000,165,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2015/10/30 20:17:18 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/10/30 20:17:18 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/10/30 20:17:18 | 000,081,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2015/10/30 20:17:18 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/10/30 20:17:18 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/10/30 20:17:18 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/10/30 20:17:18 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/10/30 20:17:18 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/10/30 20:17:18 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/10/30 20:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/10/30 20:17:18 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/10/30 20:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/10/30 20:17:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/10/30 20:17:18 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/10/30 20:17:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/06/22 10:13:48 | 000,014,184 | ---- | M] (Logitech) [Kernel | Auto | Running] -- C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys -- (LGCoreTemp)
DRV:64bit: - [2015/06/12 04:54:56 | 000,183,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64)
DRV:64bit: - [2015/06/11 13:33:42 | 000,068,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGJoyXlCore.sys -- (LGJoyXlCore)
DRV:64bit: - [2015/06/11 13:33:42 | 000,026,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2015/06/11 13:33:40 | 000,037,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2015/06/03 12:02:34 | 001,446,824 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2015/05/19 05:45:26 | 000,494,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d65x64.sys -- (e1dexpress)
DRV:64bit: - [2011/11/07 10:13:06 | 000,017,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2016/02/23 17:37:25 | 000,022,280 | ---- | M] (ASRock Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AsrAutoChkUpdDrv.sys -- (AsrAutoChkUpdDrv)
DRV - [2015/10/30 20:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 4D BC EE 51 66 D1 01 [binary data]
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = CD 4B 2D F1 51 66 D1 01 [binary data]
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=IESR02&pc=UE04
IE - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "NZ"
FF - prefs.js..browser.search.region: "NZ"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016/02/11 20:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/02/11 20:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/02/11 20:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/01/23 19:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2016/02/19 19:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175\extensions
[2016/02/19 19:44:45 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tativei2.default-1455857619175\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/02/12 18:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/02/12 18:05:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2016/01/23 20:50:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001..\Run: [f.lux] C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2806489308-2931262457-2236997717-1001..\RunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ec4ef9c0-effe-4a2f-9729-fec32259b33f}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: dosvc - C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
NetSvcs:64bit: DcpSvc - C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: NetSetupSvc - C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
NetSvcs:64bit: RetailDemo - C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
NetSvcs:64bit: dmwappushservice - C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
NetSvcs:64bit: XboxNetApiSvc - C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
NetSvcs:64bit: UsoSvc - C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
NetSvcs:64bit: XblGameSave - C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
NetSvcs:64bit: DmEnrollmentSvc - C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: UserManager - C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
NetSvcs:64bit: XblAuthManager - C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2016/02/23 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Gyazo
[2016/02/18 19:58:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ActiveSync
[2016/02/18 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VirtualStore
[2016/02/18 19:56:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016/02/18 19:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2016/02/18 19:55:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Temp
[2016/02/18 17:43:49 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\FRST-OlderVersion
[2016/02/16 22:57:24 | 004,727,984 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\user\Desktop\tdsskiller.exe
[2016/02/14 22:37:20 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2016/02/14 09:38:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\OBS
[2016/02/14 09:38:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2016/02/14 09:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2016/02/14 09:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2016/02/13 18:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2016/02/12 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/02/11 21:20:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/02/11 21:12:16 | 001,609,032 | ---- | C] (Malwarebytes) -- D:\Users\user\Desktop\JRT.exe
[2016/02/11 19:52:57 | 000,398,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2016/02/11 19:52:55 | 000,052,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2016/02/10 21:10:05 | 000,000,000 | ---D | C] -- C:\FRST
[2016/02/10 21:09:39 | 002,371,072 | ---- | C] (Farbar) -- D:\Users\user\Desktop\FRST64.exe
[2016/02/10 20:15:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\user\Desktop\OTL.exe
[2016/02/06 15:19:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\WinRAR
[2016/02/06 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016/02/06 15:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016/02/06 15:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016/02/06 14:45:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SleepStudy
[2016/02/06 12:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2016/02/06 12:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2016/02/06 12:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2016/02/06 12:15:41 | 011,323,704 | ---- | C] (SurfRight B.V.) -- D:\Users\user\Desktop\HitmanPro_x64.exe
[2016/02/06 11:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2016/02/06 11:58:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Logitech
[2016/02/06 11:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2016/02/06 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2016/02/06 11:57:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Logitech
[2016/02/06 11:57:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Logishrd
[2016/02/05 20:47:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Macromedia
[2016/02/04 16:37:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2016/02/04 16:36:39 | 000,000,000 | ---D | C] -- C:\Windows.old
[2016/02/04 16:36:07 | 000,264,192 | ---- | C] (Nokia) -- C:\WINDOWS\SysNative\NmaDirect.dll
[2016/02/04 16:36:07 | 000,205,824 | ---- | C] (Nokia) -- C:\WINDOWS\SysWow64\NmaDirect.dll
[2016/02/04 16:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Microsoft
[2016/02/04 16:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2016/02/04 16:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2016/02/04 16:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2016/02/04 16:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2016/02/03 19:42:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2016/02/03 19:39:17 | 000,000,000 | --SD | C] -- C:\Users\David\AppData\Roaming\Microsoft
[2016/02/03 19:39:17 | 000,000,000 | R-SD | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2016/02/03 19:39:17 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2016/02/03 19:39:17 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2016/02/03 19:39:17 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Temporary Internet Files
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Templates
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Start Menu
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\SendTo
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Recent
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\PrintHood
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\NetHood
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Videos
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Pictures
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Music
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\My Documents
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Local Settings
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\History
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Cookies
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\Application Data
[2016/02/03 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Application Data
[2016/02/03 19:39:17 | 000,000,000 | -H-D | C] -- C:\Users\David\AppData
[2016/02/03 19:39:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Microsoft
[2016/02/03 19:39:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2016/02/03 19:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2016/02/03 19:38:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2016/02/03 19:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2016/02/03 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2016/02/03 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2016/02/03 19:38:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2016/02/03 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2016/02/03 19:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2016/01/30 14:09:31 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\vegas projects
[2016/01/30 13:54:27 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\obs_vids
[2016/01/30 13:49:44 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\temp_vegas_files
[2016/01/30 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\NVIDIA
[2016/01/30 13:47:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Publish Providers
[2016/01/30 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Sony
[2016/01/30 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Sony
[2016/01/30 13:36:16 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\Sony Vegas Pro 12 Build 726 (64 bit) (patch-keygen-DI) [ChingLiu]
[2016/01/29 20:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2016/01/28 20:16:18 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\League of Legends
[2016/01/26 21:03:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\TS3Client
[2016/01/26 21:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2016/01/26 21:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2016/01/26 21:01:27 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\teamspeak3-server_win64

========== Files - Modified Within 30 Days ==========

[2016/02/23 19:15:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/02/23 17:37:25 | 000,022,280 | ---- | M] (ASRock Incorporation) -- C:\WINDOWS\SysWow64\drivers\AsrAutoChkUpdDrv.sys
[2016/02/23 17:35:26 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/02/23 17:35:03 | 3407,495,168 | -HS- | M] () -- C:\hiberfil.sys
[2016/02/23 17:35:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/02/22 18:09:21 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/02/18 20:02:21 | 000,881,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/02/18 20:02:21 | 000,748,458 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/02/18 20:02:21 | 000,143,390 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/02/18 19:58:49 | 000,001,781 | ---- | M] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2016/02/18 19:56:20 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2016/02/18 17:43:49 | 002,371,072 | ---- | M] (Farbar) -- D:\Users\user\Desktop\FRST64.exe
[2016/02/17 17:46:32 | 004,727,984 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\user\Desktop\tdsskiller.exe
[2016/02/14 22:37:17 | 001,309,184 | ---- | M] () -- D:\Users\user\Desktop\zoek.exe
[2016/02/11 21:20:00 | 001,508,352 | ---- | M] () -- D:\Users\user\Desktop\AdwCleaner.exe
[2016/02/11 21:14:05 | 001,609,032 | ---- | M] (Malwarebytes) -- D:\Users\user\Desktop\JRT.exe
[2016/02/11 19:53:02 | 000,287,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswvmm.sys
[2016/02/11 19:52:56 | 000,463,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2016/02/11 19:52:56 | 000,398,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2016/02/11 19:52:56 | 000,165,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2016/02/11 19:52:56 | 000,107,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2016/02/11 19:52:56 | 000,103,064 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2016/02/11 19:52:56 | 000,074,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2016/02/11 19:52:56 | 000,037,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2016/02/11 19:52:55 | 000,052,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2016/02/11 19:52:54 | 001,065,720 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2016/02/11 19:52:53 | 000,154,024 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\ngvss.sys
[2016/02/10 20:15:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\user\Desktop\OTL.exe
[2016/02/06 15:49:56 | 000,000,221 | ---- | M] () -- D:\Users\user\Desktop\Fallout New Vegas.url
[2016/02/06 15:48:32 | 000,000,221 | ---- | M] () -- D:\Users\user\Desktop\The Elder Scrolls V Skyrim.url
[2016/02/06 15:47:48 | 000,000,221 | ---- | M] () -- D:\Users\user\Desktop\Borderlands 2.url
[2016/02/06 12:36:15 | 000,189,264 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/02/06 12:31:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2016/02/06 12:26:18 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2016/02/06 12:24:37 | 011,323,704 | ---- | M] (SurfRight B.V.) -- D:\Users\user\Desktop\HitmanPro_x64.exe
[2016/02/04 16:36:07 | 002,653,816 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2016/02/04 16:36:07 | 001,859,448 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/02/04 16:36:07 | 000,264,192 | ---- | M] (Nokia) -- C:\WINDOWS\SysNative\NmaDirect.dll
[2016/02/04 16:36:07 | 000,205,824 | ---- | M] (Nokia) -- C:\WINDOWS\SysWow64\NmaDirect.dll
[2016/02/03 19:56:27 | 000,024,688 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2016/02/03 19:42:16 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2016/02/03 19:42:16 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2016/02/03 19:41:38 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2016/01/26 21:03:53 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

========== Files Created - No Company Name ==========

[2016/02/18 19:58:49 | 000,001,781 | ---- | C] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2016/02/14 21:36:37 | 001,309,184 | ---- | C] () -- D:\Users\user\Desktop\zoek.exe
[2016/02/11 21:12:50 | 001,508,352 | ---- | C] () -- D:\Users\user\Desktop\AdwCleaner.exe
[2016/02/06 15:49:56 | 000,000,221 | ---- | C] () -- D:\Users\user\Desktop\Fallout New Vegas.url
[2016/02/06 15:48:32 | 000,000,221 | ---- | C] () -- D:\Users\user\Desktop\The Elder Scrolls V Skyrim.url
[2016/02/06 15:47:48 | 000,000,221 | ---- | C] () -- D:\Users\user\Desktop\Borderlands 2.url
[2016/02/06 14:42:42 | 000,260,608 | ---- | C] () -- C:\WINDOWS\SysNative\MTFServer.dll
[2016/02/06 14:42:41 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
[2016/02/06 14:42:41 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2016/02/06 12:31:46 | 000,000,408 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2016/02/06 12:26:18 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2016/02/05 20:46:00 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/02/04 16:37:44 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
[2016/02/04 16:37:44 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
[2016/02/04 16:36:07 | 002,653,816 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2016/02/04 16:36:07 | 001,859,448 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/02/03 19:41:38 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2016/02/03 19:40:58 | 3407,495,168 | -HS- | C] () -- C:\hiberfil.sys
[2016/02/03 19:40:24 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2016/02/03 19:39:17 | 000,000,352 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2016/02/03 19:39:17 | 000,000,334 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2016/02/03 19:38:47 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/02/03 19:38:45 | 006,090,019 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2016/02/03 19:38:09 | 000,189,264 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/02/03 19:28:20 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2016/02/03 19:28:20 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2016/01/29 20:40:30 | 000,024,688 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2016/01/26 21:03:53 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2016/01/23 11:50:55 | 037,608,568 | ---- | C] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016/01/23 09:37:09 | 000,838,760 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015/10/30 20:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015/10/30 20:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015/10/30 20:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015/10/30 20:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015/10/30 20:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/10/30 20:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015/10/30 20:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 20:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015/10/30 20:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015/10/30 20:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015/10/30 20:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 20:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 20:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 20:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/01/27 18:45:05 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/01/27 18:55:59 | 005,242,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 20:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 20:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 20:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/01/23 18:55:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVAST Software
[2016/01/23 20:46:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Awesomium
[2016/02/18 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Battle.net
[2016/02/05 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\deluge
[2016/01/23 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2016/02/06 13:45:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Gyazo
[2016/01/23 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient
[2016/02/16 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OBS
[2016/01/30 13:47:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Publish Providers
[2016/02/13 18:47:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Riot Games
[2016/02/01 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2015/12/11 09:28:16 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Steam
[2016/02/13 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TS3Client

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
No service found with a name of AeLookupSvc
SRV:64bit: - [2015/10/30 20:17:52 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2015/10/30 20:17:43 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2015/10/30 20:17:43 | 001,144,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2015/10/30 20:18:01 | 000,794,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2015/10/30 20:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2015/10/30 20:18:26 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/10/30 20:17:51 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2015/10/30 20:18:25 | 000,345,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2015/10/30 20:18:43 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2015/10/30 20:17:52 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2015/10/30 20:17:51 | 000,904,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2015/10/30 20:18:03 | 000,355,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2015/10/30 20:18:31 | 000,293,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2015/10/30 20:18:03 | 000,284,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2015/10/30 20:17:41 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2015/10/30 20:17:51 | 000,036,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2015/10/30 20:18:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2016/01/16 18:25:21 | 000,457,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2015/10/30 20:17:41 | 000,390,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2015/10/30 20:17:46 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
SRV:64bit: - [2015/10/30 20:17:43 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2015/10/30 20:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/10/30 20:19:25 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2015/10/30 20:18:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2015/10/30 20:17:48 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2015/10/30 20:18:09 | 000,755,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2016/01/16 18:40:12 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2015/10/30 20:17:40 | 000,696,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2015/10/30 20:17:51 | 000,904,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2015/10/30 20:17:52 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2015/10/30 20:18:03 | 000,057,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2016/01/16 18:37:43 | 000,190,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2015/10/30 20:17:53 | 000,283,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2015/10/30 20:18:16 | 000,608,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2015/10/30 20:18:38 | 000,559,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2015/10/30 20:17:43 | 001,012,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2015/10/30 20:18:10 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2015/10/30 20:18:36 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2015/10/30 20:18:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2015/10/30 20:17:53 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2015/10/30 20:17:49 | 001,465,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2016/01/16 18:30:06 | 001,053,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2016/01/16 18:34:33 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/10/30 20:19:25 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2015/10/30 20:17:37 | 000,024,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/10/30 20:17:45 | 001,743,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2015/10/30 20:17:59 | 000,870,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2015/10/30 20:19:28 | 000,643,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2015/10/30 20:17:43 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/10/30 20:18:21 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2015/10/30 20:17:45 | 000,225,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2016/01/27 17:39:38 | 002,275,328 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2015/10/30 20:17:39 | 000,264,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2015/10/30 20:17:41 | 002,295,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2015/10/30 20:17:53 | 000,274,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is SSD
Volume Serial Number is 8038-C94C
Directory of C:\
11/07/2015 01:21 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
03/02/2016 07:42 PM    <JUNCTION>     Application Data [C:\ProgramData]
03/02/2016 07:42 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
03/02/2016 07:42 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
03/02/2016 07:42 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/02/2016 07:42 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
30/10/2015 09:09 PM    <SYMLINKD>     All Users [C:\ProgramData]
30/10/2015 09:09 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
03/02/2016 07:42 PM    <JUNCTION>     Application Data [C:\ProgramData]
03/02/2016 07:42 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
03/02/2016 07:42 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
03/02/2016 07:42 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/02/2016 07:42 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\David
03/02/2016 07:39 PM    <JUNCTION>     Application Data [C:\Users\David\AppData\Roaming]
03/02/2016 07:39 PM    <JUNCTION>     Cookies [C:\Users\David\AppData\Local\Microsoft\Windows\INetCookies]
03/02/2016 07:39 PM    <JUNCTION>     Local Settings [C:\Users\David\AppData\Local]
03/02/2016 07:39 PM    <JUNCTION>     My Documents [C:\Users\David\Documents]
03/02/2016 07:39 PM    <JUNCTION>     NetHood [C:\Users\David\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/02/2016 07:39 PM    <JUNCTION>     PrintHood [C:\Users\David\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/02/2016 07:39 PM    <JUNCTION>     Recent [C:\Users\David\AppData\Roaming\Microsoft\Windows\Recent]
03/02/2016 07:39 PM    <JUNCTION>     SendTo [C:\Users\David\AppData\Roaming\Microsoft\Windows\SendTo]
03/02/2016 07:39 PM    <JUNCTION>     Start Menu [C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu]
03/02/2016 07:39 PM    <JUNCTION>     Templates [C:\Users\David\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\David\AppData\Local
03/02/2016 07:39 PM    <JUNCTION>     Application Data [C:\Users\David\AppData\Local]
03/02/2016 07:39 PM    <JUNCTION>     History [C:\Users\David\AppData\Local\Microsoft\Windows\History]
03/02/2016 07:39 PM    <JUNCTION>     Temporary Internet Files [C:\Users\David\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Users\David\AppData\Local\Microsoft\Windows
03/02/2016 07:39 PM    <JUNCTION>     Temporary Internet Files [C:\Users\David\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Users\David\Documents
03/02/2016 07:39 PM    <JUNCTION>     My Music [C:\Users\David\Music]
03/02/2016 07:39 PM    <JUNCTION>     My Pictures [C:\Users\David\Pictures]
03/02/2016 07:39 PM    <JUNCTION>     My Videos [C:\Users\David\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Default
03/02/2016 07:42 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
03/02/2016 07:42 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
03/02/2016 07:42 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
03/02/2016 07:42 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
03/02/2016 07:42 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/02/2016 07:42 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/02/2016 07:42 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
03/02/2016 07:42 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
03/02/2016 07:42 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
03/02/2016 07:42 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
03/02/2016 07:42 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
03/02/2016 07:42 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
03/02/2016 07:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
03/02/2016 07:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
03/02/2016 07:42 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
03/02/2016 07:42 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
03/02/2016 07:42 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Default.migrated\AppData\Local\Microsoft\Windows
11/07/2015 01:21 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Users\Default.migrated\Documents
11/07/2015 01:21 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/07/2015 01:21 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/07/2015 01:21 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
11/07/2015 01:21 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
11/07/2015 01:21 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
11/07/2015 01:21 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
Directory of C:\Windows.old\ProgramData
11/07/2015 01:21 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/07/2015 01:21 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/07/2015 01:21 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/07/2015 01:21 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/07/2015 01:21 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users
11/07/2015 01:21 AM    <SYMLINKD>     All Users [C:\ProgramData]
11/07/2015 01:21 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\All Users
03/02/2016 07:42 PM    <JUNCTION>     Application Data [C:\ProgramData]
03/02/2016 07:42 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
03/02/2016 07:42 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
03/02/2016 07:42 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/02/2016 07:42 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\David
23/01/2016 09:16 AM    <JUNCTION>     Application Data [C:\Users\David\AppData\Roaming]
23/01/2016 09:16 AM    <JUNCTION>     Cookies [C:\Users\David\AppData\Local\Microsoft\Windows\INetCookies]
23/01/2016 09:16 AM    <JUNCTION>     Local Settings [C:\Users\David\AppData\Local]
23/01/2016 09:16 AM    <JUNCTION>     My Documents [C:\Users\David\Documents]
23/01/2016 09:16 AM    <JUNCTION>     NetHood [C:\Users\David\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
23/01/2016 09:16 AM    <JUNCTION>     PrintHood [C:\Users\David\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
23/01/2016 09:16 AM    <JUNCTION>     Recent [C:\Users\David\AppData\Roaming\Microsoft\Windows\Recent]
23/01/2016 09:16 AM    <JUNCTION>     SendTo [C:\Users\David\AppData\Roaming\Microsoft\Windows\SendTo]
23/01/2016 09:16 AM    <JUNCTION>     Start Menu [C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu]
23/01/2016 09:16 AM    <JUNCTION>     Templates [C:\Users\David\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\David\AppData\Local
23/01/2016 09:16 AM    <JUNCTION>     Application Data [C:\Users\David\AppData\Local]
23/01/2016 09:16 AM    <JUNCTION>     History [C:\Users\David\AppData\Local\Microsoft\Windows\History]
23/01/2016 09:16 AM    <JUNCTION>     Temporary Internet Files [C:\Users\David\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\David\AppData\Local\Microsoft\Windows
23/01/2016 09:16 AM    <JUNCTION>     Temporary Internet Files [C:\Users\David\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\David\AppData\Local\Microsoft\Windows\INetCache
23/01/2016 09:16 AM    <JUNCTION>     Content.IE5 [C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\David\Documents
23/01/2016 09:16 AM    <JUNCTION>     My Music [C:\Users\David\Music]
23/01/2016 09:16 AM    <JUNCTION>     My Pictures [C:\Users\David\Pictures]
23/01/2016 09:16 AM    <JUNCTION>     My Videos [C:\Users\David\Videos]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\Default
11/07/2015 01:21 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
11/07/2015 01:21 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
11/07/2015 01:21 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
11/07/2015 01:21 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
11/07/2015 01:21 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/07/2015 01:21 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/07/2015 01:21 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/07/2015 01:21 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/07/2015 01:21 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/07/2015 01:21 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local
11/07/2015 01:21 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
11/07/2015 01:21 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/07/2015 01:21 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows
11/07/2015 01:21 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Users\Default\Documents
11/07/2015 01:21 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/07/2015 01:21 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/07/2015 01:21 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
23/01/2016 09:16 AM    <JUNCTION>     Content.IE5 [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE]
               0 File(s)              0 bytes
Directory of C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
23/01/2016 06:55 PM    <JUNCTION>     Content.IE5 [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             103 Dir(s) 67,743,838,208 bytes free

< MD5 for: EXPLORER.EXE >
[2015/11/25 18:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) MD5=4EEB94F7E1ABAB5503EEFEA7F2394370 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2015/11/25 18:12:23 | 004,047,288 | ---- | M] (Microsoft Corporation) MD5=4EEB94F7E1ABAB5503EEFEA7F2394370 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10240.16603_none_640d784b48c6fd34\explorer.exe
[2016/02/12 20:01:20 | 000,299,846 | ---- | M] () MD5=4F7BFBD0D637D5B163D45D56196DA27E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10586.0_none_de3a3f6b2413a1f0\explorer.exe
[2015/10/30 20:18:36 | 004,064,320 | ---- | M] (Microsoft Corporation) MD5=7F46BC4C9DBAAA549629D6C677E417D6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10586.0_none_e88ee9bd587463eb\explorer.exe
[2016/01/29 20:17:31 | 000,376,885 | ---- | M] () MD5=81259A220FE62805C18560247FEF0FBF -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10240.16384_none_59b518c11469b963\explorer.exe
[2016/01/29 19:57:09 | 004,502,352 | ---- | M] (Microsoft Corporation) MD5=95D730526EF81792CD6848D8D10FAA1C -- C:\Windows\explorer.exe
[2016/01/29 19:57:09 | 004,502,352 | ---- | M] (Microsoft Corporation) MD5=95D730526EF81792CD6848D8D10FAA1C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10586.104_none_beea9f69d8a18cd7\explorer.exe
[2016/01/29 20:30:05 | 000,273,045 | ---- | M] () MD5=C8C6F29B7B3E2B7919AC25436F938F4A -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10240.16384_none_6409c31348ca7b5e\explorer.exe
[2015/11/25 18:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) MD5=D2EAEC106F183572317AF7D68E381063 -- C:\Windows.old\Windows\explorer.exe
[2015/11/25 18:42:36 | 004,532,304 | ---- | M] (Microsoft Corporation) MD5=D2EAEC106F183572317AF7D68E381063 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10240.16603_none_59b8cdf914663b39\explorer.exe
[2016/01/29 19:33:48 | 004,064,320 | ---- | M] (Microsoft Corporation) MD5=FCBCED2A237DCD7EF86CED551B731742 -- C:\Windows\SysWOW64\explorer.exe
[2016/01/29 19:33:48 | 004,064,320 | ---- | M] (Microsoft Corporation) MD5=FCBCED2A237DCD7EF86CED551B731742 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.10586.104_none_c93f49bc0d024ed2\explorer.exe

< MD5 for: RPCSS.DLL >
[2015/07/10 23:59:59 | 000,873,984 | ---- | M] (Microsoft Corporation) MD5=5E57B9FBB4E9C43EE5B69BEE01A1819F -- C:\Windows.old\Windows\System32\rpcss.dll
[2015/07/10 23:59:59 | 000,873,984 | ---- | M] (Microsoft Corporation) MD5=5E57B9FBB4E9C43EE5B69BEE01A1819F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_10.0.10240.16384_none_71cb4daad88d48e0\rpcss.dll
[2015/10/30 20:17:51 | 000,904,704 | ---- | M] (Microsoft Corporation) MD5=B339861C6A2A86FBCA67C2006B461473 -- C:\WINDOWS\SysNative\rpcss.dll
[2015/10/30 20:17:51 | 000,904,704 | ---- | M] (Microsoft Corporation) MD5=B339861C6A2A86FBCA67C2006B461473 -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_10.0.10586.0_none_f6507454e837316d\rpcss.dll

< MD5 for: SERVICES >
[2015/10/30 21:06:50 | 000,003,998 | ---- | M] () MD5=4003750B22628735A6B5BB80C30B56E6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.10586.0_none_c1c535cf0f692563\services
[2015/07/11 01:53:20 | 000,003,998 | ---- | M] () MD5=4214F6EA0397C9B269EF1E50E50DE090 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.10240.16384_none_3d400f24ffbf3cd6\services

< MD5 for: SERVICES.EXE >
[2016/02/07 14:50:34 | 000,010,022 | ---- | M] () MD5=38D627F01523A713F4B7F6D5668D7580 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.10586.17_none_c30685d4ad71cc3e\services.exe
[2016/01/16 19:08:56 | 000,440,152 | ---- | M] (Microsoft Corporation) MD5=6FF8248F3A9D69A095C7F3F42BC29CB2 -- C:\WINDOWS\SysNative\services.exe
[2016/01/16 19:08:56 | 000,440,152 | ---- | M] (Microsoft Corporation) MD5=6FF8248F3A9D69A095C7F3F42BC29CB2 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.10586.71_none_c34770c0ad411382\services.exe
[2015/07/11 00:00:09 | 000,446,336 | ---- | M] (Microsoft Corporation) MD5=BB3D8E1C108F7244613FF3993291A922 -- C:\Windows.old\Windows\System32\services.exe
[2015/07/11 00:00:09 | 000,446,336 | ---- | M] (Microsoft Corporation) MD5=BB3D8E1C108F7244613FF3993291A922 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.10240.16384_none_4719371d97508a19\services.exe
[2016/02/07 14:50:33 | 000,059,777 | ---- | M] () MD5=FBD38EC55427C024E156DF84FD5DEE44 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.10586.0_none_cb9e5dc7a6fa72a6\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2015/07/11 02:11:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=47ADE7537CF99D482FE316F2E59FA4CA -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2015/07/11 02:11:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=47ADE7537CF99D482FE316F2E59FA4CA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.10240.16384_en-us_71fdb8c5c0a27865\services.exe.mui
[2015/10/30 22:01:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=64E7086A0C9E9CC7F2D35793876D48B0 -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2015/10/30 22:01:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=64E7086A0C9E9CC7F2D35793876D48B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.10586.0_en-us_f682df6fd04c60f2\services.exe.mui

< MD5 for: SERVICES.LNK >
[2015/10/30 20:17:45 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2015/10/30 20:17:45 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2015/07/10 23:59:55 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2015/10/30 20:17:45 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2015/07/10 23:59:55 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10240.16384_none_d7645452e0682f87\services.lnk
[2015/10/30 20:17:45 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10586.0_none_5be97afcf0121814\services.lnk

< MD5 for: SERVICES.MOF >
[2015/07/11 00:00:13 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2015/07/11 00:00:13 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.10240.16384_none_d760321667f64bae\services.mof
[2015/10/30 20:18:09 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2015/10/30 20:18:09 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.10586.0_none_5be558c077a0343b\services.mof

< MD5 for: SERVICES.MSC >
[2015/07/11 02:11:05 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2015/07/10 23:59:55 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\System32\services.msc
[2015/07/11 02:11:12 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2015/07/11 00:00:23 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2015/07/11 02:11:05 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.10240.16384_en-us_ac3f88b1970c1258\services.msc
[2015/07/10 23:59:55 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10240.16384_none_d7645452e0682f87\services.msc
[2015/07/11 00:00:23 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10240.16384_none_e1b8fea514c8f182\services.msc
[2015/07/11 02:11:12 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.10240.16384_en-us_5020ed2ddeaea122\services.msc
[2015/10/30 22:01:46 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2015/10/30 20:17:45 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2015/10/30 22:01:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2015/10/30 20:18:21 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2015/10/30 22:01:46 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.10586.0_en-us_30c4af5ba6b5fae5\services.msc
[2015/10/30 20:17:45 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10586.0_none_5be97afcf0121814\services.msc
[2015/10/30 20:18:21 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.10586.0_none_663e254f2472da0f\services.msc
[2015/10/30 22:01:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.10586.0_en-us_d4a613d7ee5889af\services.msc

< MD5 for: SERVICES.XCONFIG >
[2015/11/16 09:38:34 | 000,006,000 | ---- | M] () MD5=A5C1DD927ECC046F040F2AD2D3827938 -- C:\FRST\Quarantine\C\Program Files (x86)\OBS\services.xconfig
[2015/11/16 09:38:34 | 000,006,000 | ---- | M] () MD5=A5C1DD927ECC046F040F2AD2D3827938 -- C:\FRST\Quarantine\C\Program Files\OBS\services.xconfig
[2015/11/16 09:38:34 | 000,006,000 | ---- | M] () MD5=A5C1DD927ECC046F040F2AD2D3827938 -- C:\Program Files (x86)\OBS\services.xconfig
[2015/11/16 09:38:34 | 000,006,000 | ---- | M] () MD5=A5C1DD927ECC046F040F2AD2D3827938 -- C:\Program Files\OBS\services.xconfig

< MD5 for: SVCHOST.EXE >
[2015/10/30 20:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation) MD5=6A1212077C0559029CDFB9C39580C835 -- C:\Windows\SysWOW64\svchost.exe
[2015/10/30 20:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation) MD5=6A1212077C0559029CDFB9C39580C835 -- C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.10586.0_none_4c959c4be405b311\svchost.exe
[2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) MD5=8497852ED44AFF902D502015792D315D -- C:\WINDOWS\SysNative\svchost.exe
[2015/10/30 20:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) MD5=8497852ED44AFF902D502015792D315D -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.10586.0_none_4240f1f9afa4f116\svchost.exe
[2015/07/10 23:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) MD5=A1AEAFC58DF7803B8AA2B09EA93C722F -- C:\Windows.old\Windows\System32\svchost.exe
[2015/07/10 23:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) MD5=A1AEAFC58DF7803B8AA2B09EA93C722F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.10240.16384_none_bdbbcb4f9ffb0889\svchost.exe
[2015/07/11 00:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) MD5=A412DEDAC6A1FF7BA06FEB3B6725495E -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2015/07/11 00:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) MD5=A412DEDAC6A1FF7BA06FEB3B6725495E -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.10240.16384_none_c81075a1d45bca84\svchost.exe
[2015/10/05 09:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: USERINIT.EXE >
[2015/07/11 00:00:01 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=5F6D4F12EA33BFC0F0F8CEEAC332AB2B -- C:\Windows.old\Windows\System32\userinit.exe
[2015/07/11 00:00:01 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=5F6D4F12EA33BFC0F0F8CEEAC332AB2B -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.10240.16384_none_e4292bc46c5d42af\userinit.exe
[2015/10/30 20:17:53 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=8F3ECCB5DC878FA14887B43CD148CBA9 -- C:\WINDOWS\SysNative\userinit.exe
[2015/10/30 20:17:53 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=8F3ECCB5DC878FA14887B43CD148CBA9 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.10586.0_none_68ae526e7c072b3c\userinit.exe
[2015/10/30 20:18:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A878CF325C93723B5017642E6FDB80E8 -- C:\Windows\SysWOW64\userinit.exe
[2015/10/30 20:18:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A878CF325C93723B5017642E6FDB80E8 -- C:\Windows\WinSxS\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.10586.0_none_7302fcc0b067ed37\userinit.exe
[2015/07/11 00:00:27 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A89C18F5E6D8981D5E937B325290915A -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2015/07/11 00:00:27 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A89C18F5E6D8981D5E937B325290915A -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.10240.16384_none_ee7dd616a0be04aa\userinit.exe

< MD5 for: WINLOGON.EXE >
[2016/01/29 20:24:24 | 000,072,366 | ---- | M] () MD5=02A659BAED794D9D7F8776004C5A0C77 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.10240.16384_none_77c372c56f9ec699\winlogon.exe
[2016/02/07 14:52:56 | 000,060,910 | ---- | M] () MD5=154F8CC29254A229379C06E4727F0D83 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.10586.0_none_fc48996f7f48af26\winlogon.exe
[2016/02/04 16:36:10 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=7B24B823404D53DA4748F21AD2BF04C9 -- C:\WINDOWS\SysNative\winlogon.exe
[2016/02/04 16:36:10 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=7B24B823404D53DA4748F21AD2BF04C9 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.10586.63_none_f3dc0aaa859f8abd\winlogon.exe
[2016/01/05 14:57:35 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=DA32F9BFA7851AD4247353EA03755DE6 -- C:\Windows.old\Windows\System32\winlogon.exe
[2016/01/05 14:57:35 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=DA32F9BFA7851AD4247353EA03755DE6 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.10240.16644_none_77c6cec36f9bac1a\winlogon.exe
[2015/10/05 09:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< c:\windows\system32\*.dll /lockedfiles >

< c:\windows\system32\drivers\*.sys /lockedfiles >

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 23/02/2016 7:39:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\user\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.93 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.67% Memory free
9.18 Gb Paging File | 5.59 Gb Available in Paging File | 60.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.30 Gb Total Space | 63.14 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive D: | 882.58 Gb Total Space | 640.84 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-TTGS3RU | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 55 D7 D5 05 4E 5E D1 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0197863F-DDF9-4B95-A1BE-7BD0AD28CFB4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{176CD09C-5FBF-46DF-87AA-4856BFCAB35D}" = dir=out | name=sway |
"{2BAC7693-6772-4C7D-BB34-BF76D7418D91}" = dir=in | name=xbox |
"{2CE81C12-5C0F-4E1A-B78C-6B8624004908}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{38E78BF4-9CE1-4387-A4F9-909ED2D6090C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6568.46051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{8D290EEF-E05B-4285-BC77-259A35EF0929}" = dir=out | name=xbox |
"{8E95F655-02EF-473D-A56C-A1EC70C8B7DF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\bin\steamwebhelper.exe |
"{BB1A826A-DA74-4F13-AE78-68462842E6E9}" = protocol=58 | dir=out | [email protected],-503 |
"{BE2C5C0F-6081-4A6B-8DCD-512E05D6850C}" = dir=in | name=onenote |
"{BF74FFA0-0B08-4EB1-BB7C-0110D52E2152}" = protocol=58 | dir=in | app=system |
"{C05DA0BF-DB50-4015-82EE-9CB95F45DBA2}" = dir=in | name=sway |
"{C88A28D7-ED4D-491F-AE0D-091EA1607127}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6568.46051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{D9B6C53D-6995-4738-969E-F3D16E6FE711}" = dir=out | name=onenote |
"{E39A921C-C396-4C7F-96A0-61B14CD78D3D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\bin\steamwebhelper.exe |
"TCP Query User{409C67C3-C626-42FB-9C74-BAE99DBA256C}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"TCP Query User{61CDE68F-F3AD-4544-B88C-4B3D5A26750C}D:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{63C519F4-AB74-4270-B771-7ED005A24998}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{86805270-93BD-480B-99EF-7208087E68A7}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{9A649DD6-F8F4-4EC7-90C1-0A042AE91015}C:\program files\logitech gaming software\lcore.exe" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"TCP Query User{D4E62BA2-1021-41E6-BDBF-5D42D3116797}C:\program files\logitech gaming software\lcore.exe" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"TCP Query User{F406CFBD-08BD-4578-8652-2184820C6232}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{FF268B2E-5895-4B90-96DC-5D679870317C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0F6A8987-7A45-4635-9835-0F3F1B4FAE3D}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{238908FA-A5EC-424F-9A2E-BF917F523607}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{2E14D374-6E9F-4B31-BEB9-610D90DCEC8F}D:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{5274D8B1-1D84-4AD8-AA11-0389F4D27EB4}C:\program files\logitech gaming software\lcore.exe" = protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"UDP Query User{A2A73FB0-CB46-4D25-B86B-E42B3E00A0CB}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"UDP Query User{CE2ADA4C-5BE1-4806-8861-98043DF3754E}C:\program files\logitech gaming software\lcore.exe" = protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"UDP Query User{DE54A93F-D630-4D59-908A-249239F87D1C}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{ECDD11FB-F58F-44F0-BB49-5542207B03F9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel® Management Engine Components
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{5CA7FC9B-8508-4494-B365-6FBCBAEB8E89}" = Intel® Chipset Device Software
"{638A518B-0D2E-4143-ACF8-F3D83D822E85}" = Intel® Network Connections 20.2.3001.0
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6B00F0E1-2680-11E3-95F5-F04DA23A5C58}" = MSVCRT Redists
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D9531C8-A4CD-4093-AB6E-78FB5F4E02BC}" = Intel® Rapid Storage Technology
"{89EFA9AF-743B-4924-8FB8-9D4AE1DC081A}" = Intel® ME UninstallLegacy
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 361.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 361.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 361.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.9.1.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.9.1.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.9.1.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.34
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FF951317-3D80-49BF-8223-3AAE230A567F}" = Intel® Management Engine Components
"ASRock App Charger_is1" = ASRock App Charger v1.0.6
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Logitech Gaming Software" = Logitech Gaming Software 8.78
"PROSetDX" = Intel® Network Connections 20.2.3001.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.31 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{216B0AF1-3137-4E03-9C02-F5132550A268}" = League of Legends
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 3.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1" = APP Shop v1.0.20
"{98f335cd-0a32-4b3f-b74c-ef9480e834f0}" = Intel® Chipset Device Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.18
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Avast" = Avast Free Antivirus
"Battle.net" = Battle.net
"Deluge" = Deluge 1.3.12
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 44.0.2 (x86 en-US)" = Mozilla Firefox 44.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"Steam" = Steam
"Steam App 22380" = Fallout: New Vegas
"Steam App 23310" = The Last Remnant
"Steam App 49520" = Borderlands 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2806489308-2931262457-2236997717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/02/2016 12:56:41 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error - 22/02/2016 1:00:58 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 22/02/2016 1:01:15 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 22/02/2016 1:01:17 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 22/02/2016 1:15:31 AM | Computer Name = DESKTOP-TTGS3RU | Source = Perflib | ID = 1008
Description =

Error - 23/02/2016 12:37:25 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error - 23/02/2016 12:38:38 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 23/02/2016 12:38:51 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 23/02/2016 12:38:56 AM | Computer Name = DESKTOP-TTGS3RU | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line
arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 23/02/2016 2:40:49 AM | Computer Name = DESKTOP-TTGS3RU | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.

[ System Events ]
Error - 22/02/2016 6:02:42 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5

Error - 22/02/2016 6:02:42 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5

Error - 22/02/2016 6:02:45 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5

Error - 22/02/2016 6:02:45 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5

Error - 22/02/2016 6:02:53 AM | Computer Name = DESKTOP-TTGS3RU | Source = DCOM | ID = 10016
Description =

Error - 22/02/2016 6:02:53 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7031
Description = The Sync Host_81b98b0 service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 22/02/2016 6:02:53 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7031
Description = The Contact Data_81b98b0 service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 22/02/2016 6:02:53 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7031
Description = The User Data Storage_81b98b0 service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 22/02/2016 6:02:53 AM | Computer Name = DESKTOP-TTGS3RU | Source = Service Control Manager | ID = 7031
Description = The User Data Access_81b98b0 service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 23/02/2016 12:57:59 AM | Computer Name = DESKTOP-TTGS3RU | Source = DCOM | ID = 10016
Description =

< End of report >

#45
dbreeze

Posted 23 February 2016 - 01:53 AM

Trusted Helper

Malware Removal
2,216 posts

We tried this search a while back but I think we were a little restrictive.

Right click on FRST64.exe on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
Type *hao* into the Search Box.
Press the Search Files button.
It will produce a log called search.txt in the same directory the tool is run from.
Please copy and paste log back here.

(Oh, I am going over the OTL logs with the fine tooth comb in the mean time.)