OTL logfile created on: 16/06/2017 12:52:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teraimateata\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10240.17354) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,73 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 24,66% Memory free 5,59 Gb Paging File | 0,76 Gb Available in Paging File | 13,52% Paging File free Paging file location(s): c:\pagefile.sys 1373 151373 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,27 Gb Total Space | 211,20 Gb Free Space | 45,39% Space Free | Partition Type: NTFS Computer Name: TERAIMATEATA | User Name: teraimateata | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2017/06/16 12:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teraimateata\Downloads\OTL.exe PRC - [2017/06/16 10:03:32 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe PRC - [2017/06/04 15:53:28 | 000,898,040 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe PRC - [2017/05/06 16:53:14 | 000,619,520 | ---- | M] (TestDev) -- C:\Users\teraimateata\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe PRC - [2017/04/28 12:33:03 | 001,060,864 | ---- | M] () -- C:\ProgramData\Voyasollam\Voyasollam.exe PRC - [2017/04/28 12:07:08 | 003,780,096 | ---- | M] () -- C:\ProgramData\Logic Cramble\set.exe PRC - [2017/04/26 18:35:45 | 000,043,520 | ---- | M] () -- C:\ProgramData\PrefsSecure\Nettrans.exe PRC - [2017/01/15 15:45:36 | 000,926,160 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe PRC - [2016/11/29 16:36:10 | 000,100,088 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2017/06/04 15:54:16 | 000,087,024 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2017/04/25 17:39:12 | 000,333,824 | ---- | M] (SHKJD) [Auto | Running] -- C:\Program Files\WinRAR\O6LULJCS8G4A6TSXB1AMWTYOKQYBH4NE1L939W\8u3pGoj-B6.exe -- (Recover) SRV:[b]64bit:[/b] - [2017/03/28 00:35:58 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2017/03/28 00:19:11 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2017/03/28 00:09:12 | 000,807,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:[b]64bit:[/b] - [2017/03/27 23:34:20 | 000,024,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2017/03/27 23:32:13 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:[b]64bit:[/b] - [2017/03/27 21:06:50 | 000,115,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2017/03/11 16:43:28 | 000,219,032 | ---- | M] () [Auto | Running] -- C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll -- (KuaizipUpdateChecker) SRV:[b]64bit:[/b] - [2017/03/03 18:36:42 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2017/03/03 17:55:30 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:[b]64bit:[/b] - [2017/02/02 08:57:55 | 000,184,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\ibtsiva.exe -- (ibtsiva) SRV:[b]64bit:[/b] - [2016/11/18 22:23:01 | 000,748,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2016/11/18 21:12:47 | 000,620,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:[b]64bit:[/b] - [2016/11/03 17:01:04 | 000,373,744 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0) SRV:[b]64bit:[/b] - [2016/10/24 22:54:07 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:[b]64bit:[/b] - [2016/10/24 22:17:40 | 001,643,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:[b]64bit:[/b] - [2016/10/24 21:32:23 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:[b]64bit:[/b] - [2016/10/24 21:16:56 | 000,297,472 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:[b]64bit:[/b] - [2016/10/24 21:02:44 | 000,354,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:[b]64bit:[/b] - [2016/10/24 21:01:35 | 001,169,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:[b]64bit:[/b] - [2016/10/24 20:50:47 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2016/10/24 20:18:35 | 001,016,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:[b]64bit:[/b] - [2016/10/24 19:56:32 | 002,181,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:[b]64bit:[/b] - [2016/10/24 19:44:46 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:[b]64bit:[/b] - [2016/10/24 19:38:14 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2016/09/29 18:01:10 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2016/09/29 17:54:43 | 000,406,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2016/09/29 17:53:11 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:[b]64bit:[/b] - [2016/09/06 18:39:55 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:[b]64bit:[/b] - [2016/09/06 18:35:32 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:[b]64bit:[/b] - [2016/09/06 18:34:41 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:[b]64bit:[/b] - [2016/09/06 18:34:37 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:[b]64bit:[/b] - [2016/09/06 18:29:31 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:[b]64bit:[/b] - [2016/09/06 18:23:10 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:[b]64bit:[/b] - [2016/09/06 18:21:19 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2016/09/06 18:17:25 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:[b]64bit:[/b] - [2016/09/06 18:16:21 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2016/09/06 18:15:30 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:[b]64bit:[/b] - [2016/08/10 00:48:51 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:29 | 000,712,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:[b]64bit:[/b] - [2016/08/10 00:48:29 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:28 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2016/08/10 00:48:27 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:27 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:22 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:22 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:[b]64bit:[/b] - [2016/08/10 00:48:22 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:[b]64bit:[/b] - [2016/08/10 00:48:21 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:[b]64bit:[/b] - [2016/08/10 00:48:16 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:[b]64bit:[/b] - [2015/07/10 06:41:37 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2015/07/10 01:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:[b]64bit:[/b] - [2015/07/10 01:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:[b]64bit:[/b] - [2015/07/10 01:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:[b]64bit:[/b] - [2015/07/10 01:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:[b]64bit:[/b] - [2015/07/10 01:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:[b]64bit:[/b] - [2015/07/10 01:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:[b]64bit:[/b] - [2015/07/10 01:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:[b]64bit:[/b] - [2015/07/10 01:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2015/07/10 01:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2015/07/10 01:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2015/07/10 01:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:[b]64bit:[/b] - [2015/07/10 00:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc) SRV:[b]64bit:[/b] - [2015/07/10 00:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session6) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session3) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session19) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session6) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session3) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session19) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session6) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session3) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session19) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session6) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session3) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session19) SRV:[b]64bit:[/b] - [2015/07/10 00:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1) SRV:[b]64bit:[/b] - [2015/07/10 00:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2015/07/10 00:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:[b]64bit:[/b] - [2015/07/10 00:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2015/07/10 00:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2015/07/10 00:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:[b]64bit:[/b] - [2015/07/10 00:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2015/07/10 00:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:[b]64bit:[/b] - [2015/06/11 13:24:40 | 003,831,200 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2015/06/11 13:24:28 | 000,268,192 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2015/06/11 13:24:12 | 000,640,928 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2015/06/11 13:23:48 | 000,157,088 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2015/05/29 05:07:40 | 000,240,296 | ---- | M] (Synaptics Incorporated) [On_Demand | Stopped] -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe -- (SynTPEnhService) SRV:[b]64bit:[/b] - [2013/12/03 20:44:08 | 000,200,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:[b]64bit:[/b] - [2013/05/11 05:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013/05/11 05:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2017/04/28 12:33:03 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\ProgramData\Voyasollam\Voyasollam.exe -- (Voyasollam) SRV - [2017/04/28 12:07:08 | 003,780,096 | ---- | M] () [Auto | Running] -- C:\ProgramData\Logic Cramble\set.exe -- (backlh) SRV - [2017/04/26 18:35:45 | 000,043,520 | ---- | M] () [Auto | Running] -- C:\ProgramData\PrefsSecure\Nettrans.exe -- (Nettrans) SRV - [2017/03/28 00:35:58 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2017/03/27 18:52:50 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2016/11/29 16:36:10 | 000,100,088 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2016/11/03 17:01:04 | 000,301,552 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2016/09/06 17:57:26 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2016/08/10 00:48:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2016/08/10 00:48:28 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2016/05/03 22:46:42 | 000,035,272 | ---- | M] (SHAREit Technologies Co.Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.Service.exe -- (ShareItSvc) SRV - [2015/07/10 01:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc) SRV - [2015/07/10 01:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2013/09/03 19:53:48 | 000,390,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013/09/03 19:53:44 | 000,131,544 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013/09/03 19:53:42 | 000,169,432 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2017/03/27 20:29:51 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2017/03/11 16:43:29 | 000,092,832 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KuaiZipDrive.sys -- (KuaiZipDrive) DRV:[b]64bit:[/b] - [2017/03/02 16:35:46 | 000,193,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cryptfd.sys -- (cryptfd) DRV:[b]64bit:[/b] - [2017/02/02 08:57:55 | 000,230,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb) DRV:[b]64bit:[/b] - [2017/01/18 11:27:11 | 000,049,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WirelessKeyboardFilter.sys -- (WirelessKeyboardFilter) DRV:[b]64bit:[/b] - [2016/12/24 22:39:14 | 000,026,880 | ---- | M] (Western Digital Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2016/12/04 18:56:10 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:[b]64bit:[/b] - [2016/11/19 00:21:29 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2016/11/18 10:11:33 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2016/11/11 12:09:29 | 000,020,160 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUSBootStartup.sys -- (GUSBootStartup) DRV:[b]64bit:[/b] - [2016/11/03 17:01:01 | 007,966,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2016/10/27 14:36:24 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2016/10/05 15:12:02 | 000,020,160 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup) DRV:[b]64bit:[/b] - [2016/09/29 18:05:03 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn) DRV:[b]64bit:[/b] - [2016/09/29 18:04:58 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2016/09/06 18:26:06 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:[b]64bit:[/b] - [2016/09/06 18:22:07 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:[b]64bit:[/b] - [2016/08/10 00:48:51 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2016/08/10 00:48:30 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:[b]64bit:[/b] - [2016/08/10 00:48:29 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:[b]64bit:[/b] - [2016/08/10 00:48:29 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2016/08/10 00:48:29 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:[b]64bit:[/b] - [2016/08/10 00:48:19 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,238,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,122,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi) DRV:[b]64bit:[/b] - [2016/08/10 00:48:15 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter) DRV:[b]64bit:[/b] - [2016/05/24 13:06:56 | 000,137,280 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2016/05/12 05:32:26 | 000,481,768 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2015/12/09 14:19:58 | 000,095,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:[b]64bit:[/b] - [2015/07/29 07:20:50 | 000,042,328 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:[b]64bit:[/b] - [2015/07/10 06:41:51 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2015/07/10 06:41:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:[b]64bit:[/b] - [2015/07/10 06:41:37 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2015/07/10 01:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2015/07/10 01:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:[b]64bit:[/b] - [2015/07/10 01:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:[b]64bit:[/b] - [2015/07/10 01:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2015/07/10 01:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos) DRV:[b]64bit:[/b] - [2015/07/10 01:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:[b]64bit:[/b] - [2015/07/10 01:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:[b]64bit:[/b] - [2015/07/10 00:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:[b]64bit:[/b] - [2015/07/10 00:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2015/07/10 00:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2015/07/10 00:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2015/07/10 00:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2015/07/10 00:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:[b]64bit:[/b] - [2015/07/10 00:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:[b]64bit:[/b] - [2015/07/10 00:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:[b]64bit:[/b] - [2015/07/10 00:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:[b]64bit:[/b] - [2015/07/10 00:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2015/07/10 00:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:[b]64bit:[/b] - [2015/07/10 00:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:[b]64bit:[/b] - [2015/07/10 00:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2015/07/10 00:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,587,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad) DRV:[b]64bit:[/b] - [2015/07/10 00:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2015/07/10 00:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthHfAud.sys -- (BthHFAud) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2015/07/10 00:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2015/06/21 11:16:56 | 003,776,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwbw02.sys -- (NETwNb64) DRV:[b]64bit:[/b] - [2015/06/17 17:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2015/05/31 23:37:44 | 000,604,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2015/05/29 05:07:28 | 000,033,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2013/11/08 13:57:54 | 008,876,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:[b]64bit:[/b] - [2013/09/03 19:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2013/08/13 04:02:12 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:[b]64bit:[/b] - [2013/08/13 04:02:12 | 000,021,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:[b]64bit:[/b] - [2013/08/13 04:02:10 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON) DRV:[b]64bit:[/b] - [2013/08/13 04:02:08 | 000,021,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:[b]64bit:[/b] - [2013/06/21 05:35:14 | 000,816,344 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV - [2016/11/03 21:16:36 | 000,037,688 | ---- | M] (GlarySoft Ltd) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys -- (GUMHFilters) DRV - [2015/07/10 00:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum) DRV - [2015/07/10 00:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {ielnksrch} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\ielnksrch: "URL" = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM2-4FSmLhFyoGDmqf8MMLMoqi-3LtpKOj47bXLcg0xJLy7UtzhPVXhfaY-7qLmSwa-2JfH3Tfy5zsS1PcEF5qsl_kieQ,,&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM2-4FSmLhFyoGDmqf8MMLMoqi-3LtpKOj47bXLcg0xJLy7UtzhPVXhfaY-7qLmSwa-2JfH3Tfy5zsS1PcEF5qsl_kieQ,,&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM2-4FSmLhFyoGDmqf8MMLMoqi-3LtpKOj47bXLcg0xJLy7UtzhPVXhfaY-7qLmSwa-2JfH3Tfy5zsS1PcEF5qsl_kieQ,,&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM6Fftwh1lcLCt6ydBHu_bfZdiGMq6nrfVb7ZWo3RBn5-4todJ5iPrQYsiQ3mRP5hd6FhjcvwXt_XC0BHZpM0OKgOPHhQ,, IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 E9 A5 64 7A 1F D2 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM2-4FSmLhFyoGDmqf8MMLMoqi-3LtpKOj47bXLcg0xJLy7UtzhPVXhfaY-7qLmSwa-2JfH3Tfy5zsS1PcEF5qsl_kieQ,,&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\..\SearchScopes\{ielnksrch}: "URL" = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldlmiGPA8pIoKFUeCaCv-5ZNUs763XOlVG4_ZEdrRmDhNi7IGlo4JEnsPOqc9Yg24_6kaDRV-KFxZM2-4FSmLhFyoGDmqf8MMLMoqi-3LtpKOj47bXLcg0xJLy7UtzhPVXhfaY-7qLmSwa-2JfH3Tfy5zsS1PcEF5qsl_kieQ,,&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.121.2: C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2: C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\SkypePlugin: C:\Users\teraimateata\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll (Skype Technologies S.A.) FF - HKCU\Software\MozillaPlugins\SkypePlugin64: C:\Users\teraimateata\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll (Skype Technologies S.A.) [2016/10/19 09:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teraimateata\AppData\Roaming\mozilla\Extensions [2016/10/19 09:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teraimateata\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2016/03/15 06:23:44 | 000,039,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\teraimateata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5917.424.0.6_0\ O1 HOSTS File: ([2017/04/25 19:00:37 | 000,001,123 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 cpm.paneladmin.pro O1 - Hosts: 127.0.0.1 publisher.hmdiadmingate.xyz O1 - Hosts: 127.0.0.1 distribution.hmdiadmingate.xyz O1 - Hosts: 127.0.0.1 hmdicrewtracksystem.xyz O1 - Hosts: 127.0.0.1 linkmate.space O1 - Hosts: 127.0.0.1 space1.adminpressure.space O1 - Hosts: 127.0.0.1 trackpressure.website O1 - Hosts: 127.0.0.1 doctorlink.space O1 - Hosts: 127.0.0.1 beautifllink.xyz O2:[b]64bit:[/b] - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Nuance PDF Toolbar Helper) - {940361F8-7F16-4498-AB43-2EFFE0235AFA} - C:\Program Files (x86)\Nuance\Power PDF\bin\SZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (PlusIEEventHelper Class) - {9D137966-2E29-45C5-9B12-29D5427F8F66} - C:\Program Files (x86)\Nuance\Power PDF\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF\bin\SZeonIEFavClient.dll (Zeon Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [vnlgp] C:\Users\teraimateata\AppData\Roaming\vnlgp\vnlgp.exe () O4:[b]64bit:[/b] - HKLM..\RunOnce: [OMEWPRODUCT_Q89R2] C:\Program Files (x86)\BestZiper\NU3V9Y0YYIYCO8V.exe () O4 - HKCU..\RunOnce: [Uninstall C:\Users\teraimateata\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\teraimateata\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" File not found O4 - Startup: C:\Users\teraimateata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk = File not found O4 - Startup: C:\Users\teraimateata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\produpd.lnk = C:\Users\teraimateata\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe (TestDev) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 File not found O8:[b]64bit:[/b] - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Ouvrir avec l'Assistant Convert - C:\Program Files (x86)\Nuance\Power PDF\cnvres_fre.dll (Nuance Communications, Inc.) O8:[b]64bit:[/b] - Extra context menu item: Ouvrir avec Power PDF - C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Ouvrir avec l'Assistant Convert - C:\Program Files (x86)\Nuance\Power PDF\cnvres_fre.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Ouvrir avec Power PDF - C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll (Zeon Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4a7c05f0-0066-4d71-8dda-82f245aca60e}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e6b39ab8-10af-42bc-8ae7-cdd97aefcb70}: DhcpNameServer = 192.168.1.254 O18:[b]64bit:[/b] - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\ProgramData\Voyasollam\LotNix.dll) - C:\ProgramData\Voyasollam\LotNix.dll () O20 - AppInit_DLLs: (C:\ProgramData\Voyasollam\Subtough.dll) - C:\ProgramData\Voyasollam\Subtough.dll () O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {8EC17E1E-2365-11E7-96A5-64006A5CFC23} - C:\Users\teraimateata\AppData\Roaming\Aticiy\Ghemetionckikatain.dll () O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {9B944808-2BBB-11E7-925B-64006A5CFC23} - C:\Users\teraimateata\AppData\Roaming\Phobaght\Bitertionphemisy.dll () O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = "D:\SETUP.EXE" O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2017/06/16 10:07:54 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\Windows_x64_nheqminer-5c [2017/06/16 10:07:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2017/06/15 12:59:09 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\sglzcrli0fx [2017/06/15 09:45:01 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\Desktop\Nouveau dossier (2) [2017/06/15 09:39:42 | 000,000,000 | -H-D | C] -- C:\$GlaryQuarantine [2017/06/10 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\Desktop\PAROLESSSS [2017/06/10 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\4qchm3ck2rk [2017/06/09 21:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\PRW1Q1DS3D [2017/06/09 21:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\9EYWSTEFA5 [2017/06/09 21:12:06 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\hlqdfya4qss [2017/06/09 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\rfcecs4bgat [2017/06/09 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\0ZPULXIB4D [2017/06/09 20:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\GGTEXMIWJ6 [2017/06/09 20:33:48 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\mrboqqnc4kn [2017/06/09 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\dkpoy123sqv [2017/06/09 19:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\KJ9YZE0RMF [2017/06/09 19:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\RWUYA6MRYO [2017/06/09 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\5fu2mwko5hq [2017/06/09 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\do2tkwpa1pg [2017/06/09 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\82R2A5ZHRY [2017/06/09 19:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\UEQYPJRMXF [2017/06/09 19:18:58 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\qhtyvhfxc4x [2017/06/09 19:17:00 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\rohzje4j4vr [2017/06/09 19:11:27 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\qoy42vkqexx [2017/06/08 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\091LW7B1NZ [2017/06/08 15:50:29 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\paw1lwew3wx [2017/06/07 19:02:40 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\x0yuuarecb2 [2017/06/07 18:57:42 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\l3wsrpryrl2 [2017/06/07 17:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\VGCFHIGYC0 [2017/06/07 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\eyojqhx3w1e [2017/06/07 17:26:15 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\qvavme4u4lz [2017/06/07 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\GLTEEQR7XT [2017/06/07 17:23:13 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\1evyp3whijc [2017/06/01 14:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\W2BNFCJZZL [2017/06/01 14:27:03 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\pecmetkovxs [2017/05/30 20:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\SRJAVID2R8 [2017/05/30 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\vxwi0an0d2c [2017/05/29 18:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\5QNAM9M9Z9 [2017/05/29 18:14:08 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\fmreo5rw2il [2017/05/27 16:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\THS64J6NAP [2017/05/27 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\teraimateata\AppData\Roaming\04c0oca4atn [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2017/06/16 12:43:29 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\TERAIMATEATA_teraimateata_HistoryPrediction.bin [2017/06/16 12:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017/06/16 10:05:52 | 000,002,354 | ---- | M] () -- C:\Users\teraimateata\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2017/06/16 10:05:45 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017/06/16 10:05:24 | 004,180,386 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2017/06/16 10:05:24 | 001,702,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2017/06/16 10:05:24 | 001,206,840 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2017/06/16 10:05:24 | 001,067,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2017/06/16 10:05:24 | 000,005,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2017/06/16 09:58:49 | 000,000,180 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [2017/06/16 09:58:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2017/06/16 09:58:28 | 1602,371,584 | -HS- | M] () -- C:\hiberfil.sys [2017/06/15 09:04:07 | 000,001,173 | ---- | M] () -- C:\Users\teraimateata\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk [2017/06/15 09:04:07 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk [2017/06/09 18:53:15 | 000,001,221 | ---- | M] () -- C:\Users\teraimateata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2017/06/07 19:03:17 | 000,015,610 | ---- | M] () -- C:\Windows\SysWow64\findit.xml [2017/06/07 17:56:07 | 000,063,626 | ---- | M] () -- C:\Users\teraimateata\Desktop\ESTA TAURA TEATO.html [color=#E56717]========== Files Created - No Company Name ==========[/color] [2017/06/16 12:43:29 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\TERAIMATEATA_teraimateata_HistoryPrediction.bin [2017/06/16 10:05:45 | 000,002,354 | ---- | C] () -- C:\Users\teraimateata\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2017/06/16 10:05:45 | 000,002,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2017/06/16 10:05:45 | 000,002,330 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017/06/07 17:56:04 | 000,063,626 | ---- | C] () -- C:\Users\teraimateata\Desktop\ESTA TAURA TEATO.html [2017/04/28 12:37:04 | 001,895,382 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Keytone.bin [2017/04/28 12:35:15 | 000,126,464 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\noah.dat [2017/04/28 12:35:15 | 000,070,800 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Config.xml [2017/04/28 12:35:15 | 000,018,432 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Main.dat [2017/04/28 12:35:15 | 000,005,568 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\md.xml [2017/04/28 12:35:14 | 007,290,368 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\agent.dat [2017/04/28 12:35:14 | 001,894,851 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Freshlux.tst [2017/04/28 12:33:37 | 001,060,864 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Freshlux.exe [2017/04/28 12:33:35 | 000,278,508 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\TrueDamzap.bin [2017/04/28 12:00:43 | 000,140,288 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\Installer.dat [2017/04/28 12:00:43 | 000,016,176 | ---- | C] () -- C:\Users\teraimateata\AppData\Roaming\InstallationConfiguration.xml [2017/04/17 11:33:56 | 001,766,496 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll [2017/03/15 17:35:47 | 001,823,232 | ---- | C] () -- C:\Windows\SysWow64\InputService.dll [2017/02/16 10:35:18 | 000,146,377 | ---- | C] () -- C:\Users\teraimateata\roadnav.ini [2016/10/04 05:03:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2016/10/04 03:17:29 | 000,004,608 | ---- | C] () -- C:\Windows\SECOH-QAD.exe [2016/10/04 03:17:29 | 000,003,584 | ---- | C] () -- C:\Windows\SECOH-QAD.dll [2016/08/10 00:48:21 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TextInputFramework.dll [2015/07/10 02:20:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2015/07/10 01:04:39 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2015/07/10 01:04:38 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2015/07/10 01:00:35 | 000,161,632 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll [2015/07/10 01:00:33 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2015/07/10 01:00:32 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2015/07/10 01:00:31 | 000,156,672 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll [2015/07/10 01:00:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe [2015/07/10 01:00:29 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\InputLocaleManager.dll [2015/07/10 01:00:29 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EditBufferTestHook.dll [2015/07/10 01:00:29 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\WpKbdLayout.dll [2015/07/10 01:00:29 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\WordBreakers.dll [2015/07/10 01:00:28 | 000,270,848 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll [2015/07/10 01:00:27 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2015/07/10 01:00:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll [2015/07/10 01:00:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2015/07/10 01:00:24 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat [2015/07/10 00:59:51 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2017/04/25 17:37:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2017/03/03 21:53:09 | 006,488,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2017/03/03 20:31:20 | 005,118,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 00:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 01:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/09/06 18:15:44 | 000,516,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:F9CFE070 < End of report >