Cleaning up my brother's PC ahead of upgrading to Win 10. Updated virus definitions, uninstalled some toolbars and freeware, etc. Malwarebytes and Avira each found several files to quarantine/delete. Still seems to be running slow, particularly at startup and when opening new program windows.
He said he thinks he can find the Windows 7 recovery disc if he looks.
Thanks for your help!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18124 BrowserJavaVersion: 10.9.2
Run by Justin at 22:02:08 on 2016-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4692 [GMT -5:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AMD\CNext\CNext\cnext.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://search.avira.net/#web/result?source=art&q=
uDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
uDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
mStart Page = hxxps://search.avira.net/#web/result?source=art&q=
mSearch Page = hxxps://search.avira.net/#web/result?source=art&q=
mDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
mDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Justin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0685346-E7F7-4412-BC33-22C58325D317} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxps://search.avira.net/#web/result?source=art&q=
x64-mSearch Page = hxxps://search.avira.net/#web/result?source=art&q=
x64-mDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
x64-mDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ws6sgnhz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-3 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-12-4 246272]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-31 466408]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-31 466408]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-5-7 1418560]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 162072]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-11-23 249624]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-5-7 75472]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-7 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 124568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-3 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-22 46136]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-8-3 47672]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-9-17 96256]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-3 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-1-1 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-4-7 948392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-1-1 1135416]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-8-3 226616]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-12-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-1-1 63704]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-6-17 446976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-14 1255736]
.
=============== Created Last 30 ================
.
2016-01-03 07:05:06 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CE05A6A-0E66-4289-AC2B-D6A07C8E7DBB}\offreg.892.dll
2016-01-03 07:03:24 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CE05A6A-0E66-4289-AC2B-D6A07C8E7DBB}\mpengine.dll
2016-01-02 16:00:27 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-01 22:02:41 -------- d-----w- C:\Users\Justin\AppData\Local\ATI
2016-01-01 21:56:12 0 ----a-w- C:\Windows\ativpsrm.bin
2016-01-01 21:52:57 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2016-01-01 21:52:48 -------- d-----w- C:\Users\Justin\AppData\Local\AMD
2016-01-01 21:48:33 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2016-01-01 21:46:23 -------- d-----w- C:\Program Files\AMD
2016-01-01 21:42:40 -------- d-----w- C:\AMD
2016-01-01 21:10:08 -------- d-----w- C:\Users\Justin\AppData\Local\CEF
2016-01-01 21:10:06 -------- d-----w- C:\Users\Justin\AppData\Local\Steam
2016-01-01 20:53:18 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2016-01-01 15:14:36 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-01 15:14:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-01-01 15:14:13 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-01-01 15:14:13 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-01 15:14:13 -------- d-----w- C:\ProgramData\Malwarebytes
2016-01-01 15:14:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-01 15:11:15 -------- d-----w- C:\Users\Justin\AppData\Local\Programs
2016-01-01 14:57:17 -------- d-----w- C:\Users\Justin\AppData\Local\{3EE2DE48-F6AB-485D-9AA5-3302B156B328}
2015-12-30 14:41:27 -------- d-----w- C:\Users\Justin\AppData\Local\{5E673665-D98C-422B-8356-76E7F725422B}
2015-12-29 02:35:04 -------- d-----w- C:\Users\Justin\AppData\Local\{63322F69-12AA-435F-8603-3411A5BA3A16}
2015-12-24 14:00:55 -------- d-----w- C:\Users\Justin\AppData\Local\{0C13BB0E-3267-4A78-B032-D8AE347E00AD}
2015-12-17 10:44:30 -------- d-----w- C:\Users\Justin\AppData\Local\{5DD16C4E-9357-4982-AE05-12A485448986}
2015-12-11 13:15:25 -------- d-----w- C:\Users\Justin\AppData\Local\{BB5C2D43-02C4-4A1B-BE0F-FA9D9634F461}
2015-12-11 01:14:45 -------- d-----w- C:\Users\Justin\AppData\Local\{67CDB0FA-A62B-48F0-9017-9579FBC62BEC}
2015-12-10 08:26:51 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A5A8D69-EF35-48B0-A836-CA8EF07F5F94}\gapaengine.dll
2015-12-09 10:48:57 3211264 ----a-w- C:\Windows\System32\win32k.sys
2015-12-09 10:48:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-12-09 10:48:55 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-12-09 10:48:55 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-12-09 10:48:55 1008640 ----a-w- C:\Windows\System32\user32.dll
2015-12-09 10:48:53 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2015-12-09 10:48:51 17408 ----a-w- C:\Windows\System32\wshrm.dll
2015-12-09 10:48:51 14848 ----a-w- C:\Windows\SysWow64\wshrm.dll
2015-12-09 10:48:51 146944 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2015-12-09 10:48:49 525312 ----a-w- C:\Windows\System32\catsrvut.dll
2015-12-09 10:48:49 1735680 ----a-w- C:\Windows\System32\comsvcs.dll
2015-12-09 10:48:48 487936 ----a-w- C:\Windows\SysWow64\catsrvut.dll
2015-12-09 10:48:48 1242624 ----a-w- C:\Windows\SysWow64\comsvcs.dll
2015-12-05 11:01:02 -------- d-----w- C:\Users\Justin\AppData\Local\{8C12EFED-40B8-4E70-A13F-69BCE9CC5A8D}
.
==================== Find3M ====================
.
2016-01-02 01:28:32 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-02 01:28:32 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 03:39:31 301728 ------w- C:\Windows\System32\MpSigStub.exe
2015-12-04 17:44:56 10907328 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2015-12-04 17:44:48 8089248 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2015-12-04 17:44:40 9070320 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2015-12-04 17:44:32 9017808 ----a-w- C:\Windows\System32\atiumd6a.dll
2015-12-04 17:44:26 10815664 ----a-w- C:\Windows\System32\atiumd64.dll
2015-12-04 17:41:48 296648 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2015-12-04 17:38:22 23961088 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2015-12-04 17:33:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2015-12-04 17:33:02 49984000 ----a-w- C:\Windows\System32\amdocl64.dll
2015-12-04 17:31:48 41510400 ----a-w- C:\Windows\SysWow64\amdocl.dll
2015-12-04 17:30:42 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2015-12-04 17:30:40 59392 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-12-04 17:29:14 27596288 ----a-w- C:\Windows\System32\amdocl12cl64.dll
2015-12-04 17:29:08 22348288 ----a-w- C:\Windows\SysWow64\amdocl12cl.dll
2015-12-04 17:08:28 677888 ----a-w- C:\Windows\System32\amdlvr64.dll
2015-12-04 17:08:14 562688 ----a-w- C:\Windows\SysWow64\amdlvr32.dll
2015-12-04 17:08:00 127488 ----a-w- C:\Windows\System32\mantle64.dll
2015-12-04 17:07:56 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2015-12-04 17:07:50 6643200 ----a-w- C:\Windows\System32\amdmantle64.dll
2015-12-04 17:03:02 5223936 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2015-12-04 16:59:28 31376896 ----a-w- C:\Windows\System32\atio6axx.dll
2015-12-04 16:59:10 96256 ----a-w- C:\Windows\System32\mantleaxl64.dll
2015-12-04 16:59:06 89088 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2015-12-04 16:57:06 865280 ----a-w- C:\Windows\System32\coinst_15.30.dll
2015-12-04 16:53:42 50688 ----a-w- C:\Windows\System32\amdmmcl6.dll
2015-12-04 16:53:38 39424 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2015-12-04 16:53:36 25840128 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2015-12-04 16:51:46 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2015-12-04 16:51:44 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2015-12-04 16:51:42 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2015-12-04 16:51:40 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2015-12-04 16:51:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2015-12-04 16:51:34 15711744 ----a-w- C:\Windows\System32\aticaldd64.dll
2015-12-04 16:50:44 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2015-12-04 16:47:26 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2015-12-04 16:47:24 223744 ----a-w- C:\Windows\System32\dgtrayicon.exe
2015-12-04 16:47:20 162304 ----a-w- C:\Windows\System32\atieah64.exe
2015-12-04 16:47:20 145408 ----a-w- C:\Windows\SysWow64\atieah32.exe
2015-12-04 16:47:18 204800 ----a-w- C:\Windows\System32\amdgfxinfo64.dll
2015-12-04 16:47:18 189952 ----a-w- C:\Windows\SysWow64\amdgfxinfo32.dll
2015-12-04 16:47:16 31744 ----a-w- C:\Windows\System32\atimuixx.dll
2015-12-04 16:47:14 552448 ----a-w- C:\Windows\System32\atieclxx.exe
2015-12-04 16:47:06 246272 ----a-w- C:\Windows\System32\atiesrxx.exe
2015-12-04 16:46:54 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2015-12-04 16:43:32 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2015-12-04 16:43:30 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2015-12-04 16:43:12 1272832 ----a-w- C:\Windows\System32\atiadlxx.dll
2015-12-04 16:43:10 941568 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2015-12-04 16:43:10 941568 ----a-w- C:\Windows\SysWow64\atiadlxx.dll
2015-12-04 16:43:06 75776 ----a-w- C:\Windows\System32\atig6pxx.dll
2015-12-04 16:43:04 70144 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2015-12-04 16:43:04 70144 ----a-w- C:\Windows\System32\atiglpxx.dll
2015-12-04 16:43:04 157696 ----a-w- C:\Windows\System32\atig6txx.dll
2015-12-04 16:43:00 142336 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2015-12-04 16:42:56 671232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2015-12-04 16:42:32 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2015-12-04 16:41:56 195072 ----a-w- C:\Windows\System32\hsa-thunk64.dll
2015-12-04 16:41:54 174592 ----a-w- C:\Windows\SysWow64\hsa-thunk.dll
2015-12-01 10:30:28 75472 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-12-01 10:30:28 162072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-11-20 18:54:59 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-11-20 18:54:59 3170304 ----a-w- C:\Windows\System32\wucltux.dll
2015-11-20 18:54:59 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-11-20 18:54:28 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-11-20 18:54:18 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-11-20 18:54:15 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-11-20 18:34:36 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-11-20 18:34:36 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-11-20 18:33:56 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-11-10 00:24:59 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-11-10 00:13:04 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-11-10 00:13:03 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-11-10 00:12:29 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-11-10 00:12:19 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-11-10 00:11:38 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-11-10 00:03:01 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-11-10 00:02:42 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-11-09 23:50:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-11-09 23:46:18 4514816 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-11-09 23:36:09 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-11-09 23:35:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-11-09 23:17:36 2011136 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-11-08 22:33:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-11-08 22:32:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-11-08 22:16:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-11-08 22:15:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-11-08 22:15:31 417792 ----a-w- C:\Windows\System32\html.iec
2015-11-08 22:15:22 571392 ----a-w- C:\Windows\System32\vbscript.dll
2015-11-08 22:14:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-11-08 22:04:46 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-11-08 22:01:25 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-11-08 22:01:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-11-08 22:01:01 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-11-08 21:52:10 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-11-08 21:40:10 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-11-08 21:14:19 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-11-08 21:13:40 2123264 ----a-w- C:\Windows\System32\inetcpl.cpl
.
============= FINISH: 22:03:38.62 ===============
He said he thinks he can find the Windows 7 recovery disc if he looks.
Thanks for your help!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18124 BrowserJavaVersion: 10.9.2
Run by Justin at 22:02:08 on 2016-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4692 [GMT -5:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AMD\CNext\CNext\cnext.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://search.avira.net/#web/result?source=art&q=
uDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
uDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
mStart Page = hxxps://search.avira.net/#web/result?source=art&q=
mSearch Page = hxxps://search.avira.net/#web/result?source=art&q=
mDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
mDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Justin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0685346-E7F7-4412-BC33-22C58325D317} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxps://search.avira.net/#web/result?source=art&q=
x64-mSearch Page = hxxps://search.avira.net/#web/result?source=art&q=
x64-mDefault_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
x64-mDefault_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ws6sgnhz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-3 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-12-4 246272]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-31 466408]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-31 466408]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-5-7 1418560]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 162072]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-11-23 249624]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-5-7 75472]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-7 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 124568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-3 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-22 46136]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-8-3 47672]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-9-17 96256]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-3 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-1-1 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-4-7 948392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-1-1 1135416]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-8-3 226616]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-12-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-1-1 63704]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-6-17 446976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-14 1255736]
.
=============== Created Last 30 ================
.
2016-01-03 07:05:06 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CE05A6A-0E66-4289-AC2B-D6A07C8E7DBB}\offreg.892.dll
2016-01-03 07:03:24 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CE05A6A-0E66-4289-AC2B-D6A07C8E7DBB}\mpengine.dll
2016-01-02 16:00:27 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-01 22:02:41 -------- d-----w- C:\Users\Justin\AppData\Local\ATI
2016-01-01 21:56:12 0 ----a-w- C:\Windows\ativpsrm.bin
2016-01-01 21:52:57 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2016-01-01 21:52:48 -------- d-----w- C:\Users\Justin\AppData\Local\AMD
2016-01-01 21:48:33 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2016-01-01 21:46:23 -------- d-----w- C:\Program Files\AMD
2016-01-01 21:42:40 -------- d-----w- C:\AMD
2016-01-01 21:10:08 -------- d-----w- C:\Users\Justin\AppData\Local\CEF
2016-01-01 21:10:06 -------- d-----w- C:\Users\Justin\AppData\Local\Steam
2016-01-01 20:53:18 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2016-01-01 15:14:36 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-01 15:14:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-01-01 15:14:13 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-01-01 15:14:13 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-01 15:14:13 -------- d-----w- C:\ProgramData\Malwarebytes
2016-01-01 15:14:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-01 15:11:15 -------- d-----w- C:\Users\Justin\AppData\Local\Programs
2016-01-01 14:57:17 -------- d-----w- C:\Users\Justin\AppData\Local\{3EE2DE48-F6AB-485D-9AA5-3302B156B328}
2015-12-30 14:41:27 -------- d-----w- C:\Users\Justin\AppData\Local\{5E673665-D98C-422B-8356-76E7F725422B}
2015-12-29 02:35:04 -------- d-----w- C:\Users\Justin\AppData\Local\{63322F69-12AA-435F-8603-3411A5BA3A16}
2015-12-24 14:00:55 -------- d-----w- C:\Users\Justin\AppData\Local\{0C13BB0E-3267-4A78-B032-D8AE347E00AD}
2015-12-17 10:44:30 -------- d-----w- C:\Users\Justin\AppData\Local\{5DD16C4E-9357-4982-AE05-12A485448986}
2015-12-11 13:15:25 -------- d-----w- C:\Users\Justin\AppData\Local\{BB5C2D43-02C4-4A1B-BE0F-FA9D9634F461}
2015-12-11 01:14:45 -------- d-----w- C:\Users\Justin\AppData\Local\{67CDB0FA-A62B-48F0-9017-9579FBC62BEC}
2015-12-10 08:26:51 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A5A8D69-EF35-48B0-A836-CA8EF07F5F94}\gapaengine.dll
2015-12-09 10:48:57 3211264 ----a-w- C:\Windows\System32\win32k.sys
2015-12-09 10:48:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-12-09 10:48:55 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-12-09 10:48:55 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-12-09 10:48:55 1008640 ----a-w- C:\Windows\System32\user32.dll
2015-12-09 10:48:53 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2015-12-09 10:48:51 17408 ----a-w- C:\Windows\System32\wshrm.dll
2015-12-09 10:48:51 14848 ----a-w- C:\Windows\SysWow64\wshrm.dll
2015-12-09 10:48:51 146944 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2015-12-09 10:48:49 525312 ----a-w- C:\Windows\System32\catsrvut.dll
2015-12-09 10:48:49 1735680 ----a-w- C:\Windows\System32\comsvcs.dll
2015-12-09 10:48:48 487936 ----a-w- C:\Windows\SysWow64\catsrvut.dll
2015-12-09 10:48:48 1242624 ----a-w- C:\Windows\SysWow64\comsvcs.dll
2015-12-05 11:01:02 -------- d-----w- C:\Users\Justin\AppData\Local\{8C12EFED-40B8-4E70-A13F-69BCE9CC5A8D}
.
==================== Find3M ====================
.
2016-01-02 01:28:32 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-02 01:28:32 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 03:39:31 301728 ------w- C:\Windows\System32\MpSigStub.exe
2015-12-04 17:44:56 10907328 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2015-12-04 17:44:48 8089248 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2015-12-04 17:44:40 9070320 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2015-12-04 17:44:32 9017808 ----a-w- C:\Windows\System32\atiumd6a.dll
2015-12-04 17:44:26 10815664 ----a-w- C:\Windows\System32\atiumd64.dll
2015-12-04 17:41:48 296648 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2015-12-04 17:38:22 23961088 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2015-12-04 17:33:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2015-12-04 17:33:02 49984000 ----a-w- C:\Windows\System32\amdocl64.dll
2015-12-04 17:31:48 41510400 ----a-w- C:\Windows\SysWow64\amdocl.dll
2015-12-04 17:30:42 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2015-12-04 17:30:40 59392 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-12-04 17:29:14 27596288 ----a-w- C:\Windows\System32\amdocl12cl64.dll
2015-12-04 17:29:08 22348288 ----a-w- C:\Windows\SysWow64\amdocl12cl.dll
2015-12-04 17:08:28 677888 ----a-w- C:\Windows\System32\amdlvr64.dll
2015-12-04 17:08:14 562688 ----a-w- C:\Windows\SysWow64\amdlvr32.dll
2015-12-04 17:08:00 127488 ----a-w- C:\Windows\System32\mantle64.dll
2015-12-04 17:07:56 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2015-12-04 17:07:50 6643200 ----a-w- C:\Windows\System32\amdmantle64.dll
2015-12-04 17:03:02 5223936 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2015-12-04 16:59:28 31376896 ----a-w- C:\Windows\System32\atio6axx.dll
2015-12-04 16:59:10 96256 ----a-w- C:\Windows\System32\mantleaxl64.dll
2015-12-04 16:59:06 89088 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2015-12-04 16:57:06 865280 ----a-w- C:\Windows\System32\coinst_15.30.dll
2015-12-04 16:53:42 50688 ----a-w- C:\Windows\System32\amdmmcl6.dll
2015-12-04 16:53:38 39424 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2015-12-04 16:53:36 25840128 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2015-12-04 16:51:46 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2015-12-04 16:51:44 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2015-12-04 16:51:42 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2015-12-04 16:51:40 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2015-12-04 16:51:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2015-12-04 16:51:34 15711744 ----a-w- C:\Windows\System32\aticaldd64.dll
2015-12-04 16:50:44 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2015-12-04 16:47:26 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2015-12-04 16:47:24 223744 ----a-w- C:\Windows\System32\dgtrayicon.exe
2015-12-04 16:47:20 162304 ----a-w- C:\Windows\System32\atieah64.exe
2015-12-04 16:47:20 145408 ----a-w- C:\Windows\SysWow64\atieah32.exe
2015-12-04 16:47:18 204800 ----a-w- C:\Windows\System32\amdgfxinfo64.dll
2015-12-04 16:47:18 189952 ----a-w- C:\Windows\SysWow64\amdgfxinfo32.dll
2015-12-04 16:47:16 31744 ----a-w- C:\Windows\System32\atimuixx.dll
2015-12-04 16:47:14 552448 ----a-w- C:\Windows\System32\atieclxx.exe
2015-12-04 16:47:06 246272 ----a-w- C:\Windows\System32\atiesrxx.exe
2015-12-04 16:46:54 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2015-12-04 16:43:32 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2015-12-04 16:43:30 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2015-12-04 16:43:12 1272832 ----a-w- C:\Windows\System32\atiadlxx.dll
2015-12-04 16:43:10 941568 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2015-12-04 16:43:10 941568 ----a-w- C:\Windows\SysWow64\atiadlxx.dll
2015-12-04 16:43:06 75776 ----a-w- C:\Windows\System32\atig6pxx.dll
2015-12-04 16:43:04 70144 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2015-12-04 16:43:04 70144 ----a-w- C:\Windows\System32\atiglpxx.dll
2015-12-04 16:43:04 157696 ----a-w- C:\Windows\System32\atig6txx.dll
2015-12-04 16:43:00 142336 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2015-12-04 16:42:56 671232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2015-12-04 16:42:32 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2015-12-04 16:41:56 195072 ----a-w- C:\Windows\System32\hsa-thunk64.dll
2015-12-04 16:41:54 174592 ----a-w- C:\Windows\SysWow64\hsa-thunk.dll
2015-12-01 10:30:28 75472 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-12-01 10:30:28 162072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-11-20 18:54:59 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-11-20 18:54:59 3170304 ----a-w- C:\Windows\System32\wucltux.dll
2015-11-20 18:54:59 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-11-20 18:54:28 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-11-20 18:54:18 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-11-20 18:54:15 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-11-20 18:34:36 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-11-20 18:34:36 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-11-20 18:33:56 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-11-10 00:24:59 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-11-10 00:13:04 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-11-10 00:13:03 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-11-10 00:12:29 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-11-10 00:12:19 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-11-10 00:11:38 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-11-10 00:03:01 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-11-10 00:02:42 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-11-09 23:50:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-11-09 23:46:18 4514816 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-11-09 23:36:09 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-11-09 23:35:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-11-09 23:17:36 2011136 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-11-08 22:33:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-11-08 22:32:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-11-08 22:16:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-11-08 22:15:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-11-08 22:15:31 417792 ----a-w- C:\Windows\System32\html.iec
2015-11-08 22:15:22 571392 ----a-w- C:\Windows\System32\vbscript.dll
2015-11-08 22:14:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-11-08 22:04:46 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-11-08 22:01:25 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-11-08 22:01:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-11-08 22:01:01 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-11-08 21:52:10 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-11-08 21:40:10 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-11-08 21:14:19 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-11-08 21:13:40 2123264 ----a-w- C:\Windows\System32\inetcpl.cpl
.
============= FINISH: 22:03:38.62 ===============