Help removing bloatware/adware

Hi,

Having a few issues with bloatware after using restoring my Windows 7 back to the state it was when it was first bought.

The first thing i noticed was a start up item named offers.exe, i don't remember having this item before restoring my OS and would ideally like to get rid of it if it is bloatware. Only about a week or so ago i received a pop up in the corner advertising something, i don't quite remember what, i think it was possibly Norton AV and i'm assuming offers.exe was behind the pop up.

I've also noticed a fair few shortcuts in various places that seem to be bloatware too, please see attachments. I deleted various shortcuts on the desktop that were initially there straight after the recovery and also deleted some others in another folder but as you can see from the attachment there are more hidden away and i'd like to get rid of them all in a more comprehensive manner if that's possible. There seems to be a fair bit of bloatware in a folder named 'Dockbar' too, but i'm not sure it's all bloatware in that folder, so i'm unsure of what to delete and what to leave. Dockbar is a start up item too but i've disabled it.

Also, i installed winzip which in turn installed 'bing powered search' and changed my homepage to Bing. I've since uninstalled Winzip and changed my homepage back to what it was but 'bing powered search' is still one of the search options in the search bar in Mozilla, and i'm pretty sure it was not before. I've checked in add/remove programs and no traces of bing are there.

I've run Malwarebytes, MSE and Adaware, none of which have detected the bloatware or Bing.

All help would be much appreciated.

Thank you.


------------------------------


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18427 BrowserJavaVersion: 11.101.2
Run by Steve at 0:08:27 on 2016-08-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5593 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2b0cdb98
mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2b0cdb98
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [Offers] C:\Program Files (x86)\TTG\Offers\Offers.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Recovery Backup Wizard] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
mRun: [LedIndicatorKeyboardDriver] "C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" showhide
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{04B4B090-9975-4758-BF22-6D97A4372D34} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2b0cdb98
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pns92rxq.new\
FF - prefs.js: browser.search.selectedEngine - Bing Powered Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-8-4 246784]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-8-4 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-8-4 1136608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-31 2656536]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2016-6-30 114424]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-31 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-8-4 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-8-4 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-8-4 64896]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-11-13 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-8-31 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-8-9 114688]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2016-8-20 38536]
S3 semav6msr64;semav6msr64;C:\Windows\System32\drivers\semav6msr64.sys [2016-8-4 21984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-8-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2016-08-22 16:52:49 -------- d-----w- C:\Users\Steve\AppData\Roaming\MediaInfo
2016-08-22 16:52:28 -------- d-----w- C:\Program Files\MediaInfo
2016-08-22 11:15:18 11847048 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EA85163-7AF8-437A-8ED7-F6F400877843}\mpengine.dll
2016-08-21 09:35:03 11847048 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-08-20 22:46:54 -------- d-----w- C:\Users\Steve\AppData\Local\CEF
2016-08-19 23:20:24 38536 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys
2016-08-19 22:27:15 -------- d-----w- C:\LiveUpdate_Temp
2016-08-18 18:15:13 -------- d-----w- C:\Users\Steve\AppData\Local\Microsoft Help
2016-08-17 20:38:34 -------- d-----w- C:\ProgramData\HitmanPro
2016-08-17 19:30:39 -------- d-----w- C:\AdwCleaner
2016-08-17 19:24:25 -------- d-----w- C:\ProgramData\UniqueId
2016-08-17 17:58:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-08-17 17:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-08-17 12:00:52 -------- d-----w- C:\Users\Steve\AppData\Local\Apps
2016-08-14 16:07:38 -------- d-----w- C:\Users\Steve\AppData\Local\CrashDumps
2016-08-13 11:40:38 -------- d-----w- C:\Users\Steve\AppData\Local\Macromedia
2016-08-10 22:47:00 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8628A761-7C8D-413D-B6BB-6F0BB9E75F4A}\gapaengine.dll
2016-08-10 10:09:38 -------- d-----w- C:\Users\Steve\AppData\Roaming\AMD
2016-08-09 19:42:26 3218944 ----a-w- C:\Windows\System32\win32k.sys
2016-08-05 11:27:10 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-08-05 10:41:16 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2016-08-05 10:12:29 -------- d-----w- C:\Users\Steve\dwhelper
2016-08-04 21:32:51 -------- d-----w- C:\ProgramData\VirtualizedApplications
2016-08-04 18:07:55 -------- d-----w- C:\Users\Steve\.oracle_jre_usage
2016-08-04 18:07:50 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-04 18:07:37 -------- d-----w- C:\ProgramData\Oracle
2016-08-04 18:01:41 -------- d-----w- C:\Users\Steve\AppData\Local\Diagnostics
2016-08-04 15:00:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-04 13:07:32 -------- d-----w- C:\Users\Steve\AppData\Roaming\SoftGrid Client
2016-08-04 13:07:32 -------- d-----w- C:\Users\Steve\AppData\Local\SoftGrid Client
2016-08-04 13:06:56 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2016-08-04 13:06:42 -------- d-----w- C:\Users\Steve\AppData\Roaming\TP
2016-08-04 13:02:55 129024 ----a-w- C:\Windows\SysWow64\AVERM.dll
2016-08-04 13:02:54 28672 ----a-w- C:\Windows\SysWow64\AVEQT.dll
2016-08-04 13:02:53 -------- d-----w- C:\Program Files (x86)\Ultra Video Splitter
2016-08-04 12:55:49 -------- d-----w- C:\Program Files (x86)\VideoLAN
2016-08-04 12:08:47 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-08-04 12:08:24 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-08-04 12:08:24 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-08-04 12:08:24 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-08-04 12:08:24 -------- d-----w- C:\ProgramData\Malwarebytes
2016-08-04 12:08:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-04 12:08:00 -------- d-----w- C:\Users\Steve\AppData\Local\Programs
2016-08-04 12:03:48 -------- d-----w- C:\Users\Steve\AppData\Local\Adobe
2016-08-04 09:55:31 -------- d-----w- C:\Program Files (x86)\AMD
2016-08-04 09:53:24 -------- d-----w- C:\Program Files\AMD
2016-08-04 09:49:01 -------- d-----w- C:\AMD
2016-08-04 09:23:26 -------- d-----w- C:\Program Files (x86)\CheckPoint
2016-08-04 09:22:47 -------- d-----w- C:\ProgramData\CheckPoint
2016-08-04 09:15:47 -------- d-----w- C:\Users\Steve\AppData\Local\Intel
2016-08-04 09:14:45 21984 ----a-w- C:\Windows\System32\drivers\semav6msr64.sys
2016-08-04 09:14:16 -------- d-----w- C:\ProgramData\Package Cache
2016-08-04 08:17:37 -------- d-----w- C:\Windows\System32\MRT
2016-08-04 07:53:26 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2016-08-04 07:53:26 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2016-08-04 07:53:26 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2016-08-04 07:53:26 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2016-08-04 07:27:44 -------- d-s---w- C:\Windows\System32\CompatTel
2016-08-04 07:27:44 -------- d-----w- C:\Windows\System32\appraiser
2016-08-04 06:25:10 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 06:25:10 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 06:02:45 -------- d-----w- C:\Windows\Migration
2016-08-04 05:48:31 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2016-08-04 03:11:35 -------- d-----w- C:\Windows\SysWow64\Wat
2016-08-04 03:11:35 -------- d-----w- C:\Windows\System32\Wat
2016-08-04 02:50:22 950272 ----a-w- C:\Windows\System32\perftrack.dll
2016-08-04 02:50:22 91136 ----a-w- C:\Windows\System32\wdi.dll
2016-08-04 02:50:22 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2016-08-04 02:50:22 29696 ----a-w- C:\Windows\System32\powertracker.dll
2016-08-04 02:48:59 82432 ----a-w- C:\Windows\System32\cryptsp.dll
2016-08-04 02:47:42 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2016-08-04 02:47:41 142336 ----a-w- C:\Windows\System32\poqexec.exe
2016-08-04 02:47:22 91648 ----a-w- C:\Windows\System32\mapistub.dll
2016-08-04 02:47:22 76800 ----a-w- C:\Windows\SysWow64\mapistub.dll
2016-08-04 02:47:21 17920 ----a-w- C:\Windows\System32\fixmapi.exe
2016-08-04 02:47:21 14336 ----a-w- C:\Windows\SysWow64\fixmapi.exe
2016-08-04 02:47:00 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2016-08-04 02:47:00 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2016-08-04 02:45:42 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2016-08-04 02:45:22 1885696 ----a-w- C:\Windows\System32\msxml3.dll
2016-08-04 02:45:21 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2016-08-04 02:45:21 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2016-08-04 02:45:21 1240576 ----a-w- C:\Windows\SysWow64\msxml3.dll
2016-08-04 02:45:19 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-08-04 02:45:19 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-08-04 02:45:19 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-08-04 02:45:18 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-08-04 02:45:18 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-08-04 02:45:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-08-04 02:43:56 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2016-08-04 02:42:59 47104 ----a-w- C:\Windows\System32\typeperf.exe
2016-08-04 02:42:59 43008 ----a-w- C:\Windows\System32\relog.exe
2016-08-04 02:42:59 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2016-08-04 02:42:59 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2016-08-04 02:42:59 19456 ----a-w- C:\Windows\System32\diskperf.exe
2016-08-04 02:42:59 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2016-08-04 02:40:04 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2016-08-04 02:40:04 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2016-08-04 02:40:04 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2016-08-04 02:40:04 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2016-08-04 02:37:21 1866752 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2016-08-04 02:37:21 1498624 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2016-08-04 02:37:03 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2016-08-04 02:37:00 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2016-08-04 02:36:53 11264 ----a-w- C:\Windows\System32\msmmsp.dll
2016-08-04 02:36:52 2560 ----a-w- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2016-08-04 02:34:48 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2016-08-04 02:34:48 73880 ----a-w- C:\Windows\System32\mscories.dll
2016-08-04 02:34:48 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2016-08-04 02:34:48 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2016-08-04 02:34:48 156312 ----a-w- C:\Windows\System32\mscorier.dll
2016-08-04 02:34:48 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2016-08-04 02:34:45 1632256 ----a-w- C:\Windows\System32\dwmcore.dll
2016-08-04 02:34:44 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2016-08-04 02:34:43 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2016-08-04 02:34:43 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2016-08-04 02:34:39 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2016-08-04 02:34:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2016-08-04 02:34:38 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2016-08-04 02:32:27 484864 ----a-w- C:\Windows\System32\wer.dll
2016-08-04 02:32:27 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2016-08-04 02:32:24 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2016-08-04 02:32:24 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2016-08-04 02:31:35 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2016-08-04 02:31:33 515584 ----a-w- C:\Windows\System32\timedate.cpl
2016-08-04 02:31:33 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2016-08-04 02:31:31 2543104 ----a-w- C:\Windows\System32\wpdshext.dll
2016-08-04 02:31:31 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2016-08-04 02:31:30 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2016-08-04 02:31:29 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2016-08-04 02:31:25 197120 ----a-w- C:\Windows\System32\credui.dll
2016-08-04 02:31:25 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2016-08-04 02:31:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2016-08-04 02:31:25 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2016-08-04 02:30:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2016-08-04 02:30:50 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2016-08-04 02:30:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2016-08-04 02:28:16 633856 ----a-w- C:\Windows\System32\comctl32.dll
2016-08-04 02:27:51 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2016-08-04 02:26:42 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-08-04 02:24:49 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-08-04 02:24:44 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2016-08-04 02:24:43 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2016-08-04 02:22:56 381440 ----a-w- C:\Windows\System32\mfds.dll
2016-08-04 02:21:20 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2016-08-04 02:21:14 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2016-08-04 02:19:58 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2016-08-04 02:18:18 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2016-08-04 02:17:42 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2016-08-04 02:17:42 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2016-08-04 02:17:32 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-08-04 02:17:32 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-08-04 02:17:00 950720 ----a-w- C:\Windows\System32\drivers\ndis.sys
2016-08-04 02:14:57 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2016-08-04 02:13:56 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2016-08-04 02:12:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2016-08-04 02:11:43 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2016-08-04 02:11:43 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2016-08-04 02:11:43 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2016-08-04 02:11:43 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2016-08-04 02:11:43 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2016-08-04 02:02:54 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2016-08-04 02:02:54 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2016-08-04 02:02:54 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2016-08-04 02:02:54 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2016-08-04 02:02:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2016-08-04 02:02:53 8856 ----a-w- C:\Windows\System32\icardres.dll
2016-08-04 02:02:34 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2016-08-04 02:02:34 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-08-04 01:55:57 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2016-08-04 01:49:19 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2016-08-04 01:49:19 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2016-08-04 01:41:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2016-08-04 01:41:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2016-08-04 01:41:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2016-08-03 20:37:34 -------- d-----w- C:\8631b8470b73a0923ee1e77443cb93
2016-08-03 19:23:53 -------- d-----w- C:\Users\Steve\AppData\Local\Mozilla
2016-08-03 19:15:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
2016-08-03 19:13:26 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2016-08-03 19:13:26 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2016-08-03 19:00:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2016-08-03 19:00:18 -------- d-----w- C:\Program Files\Microsoft Security Client
2016-08-03 18:21:50 -------- d-----w- C:\164804f8c9aef8923cc5fe9accc363
2016-08-03 18:11:39 -------- d-----w- C:\Users\Steve\AppData\Local\Google
2016-08-03 16:22:05 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2016-08-03 15:26:18 -------- d-----w- C:\5a718084973f127f614a1d
2016-08-03 15:24:35 -------- d-----w- C:\Users\Steve\AppData\Local\DSG_Retail_Ltd
2016-08-03 15:24:23 -------- d-----w- C:\Users\Steve\AppData\Local\ATI
2016-07-27 22:03:56 462296 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
.
==================== Find3M ====================
.
2016-08-03 19:14:41 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-02 06:47:38 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-08-02 06:47:27 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-08-02 06:32:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-08-02 06:31:55 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-08-02 06:31:49 417792 ----a-w- C:\Windows\System32\html.iec
2016-08-02 06:31:32 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-08-02 06:31:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-08-02 06:19:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-08-02 06:19:01 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-08-02 06:18:44 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-08-02 06:18:32 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-08-02 06:11:45 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-02 06:03:48 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-08-02 06:00:28 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-02 05:51:57 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-08-02 05:51:49 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-08-02 05:51:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51:03 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-08-02 05:50:11 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41:43 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-08-02 05:41:24 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-08-02 05:37:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-02 05:36:40 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-02 05:29:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:23:24 2868224 ----a-w- C:\Windows\System32\wininet.dll
2016-08-02 05:21:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-08-02 05:14:32 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-08-02 05:14:02 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-08-02 04:56:28 2393088 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-07-27 19:25:34 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-08 15:37:53 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-07-08 15:37:53 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-07-08 15:17:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-07-08 15:17:01 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-07-08 15:03:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-07-08 14:57:09 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-07-08 14:56:37 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-07-08 14:56:34 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-07-08 14:55:51 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-07-08 14:55:06 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-07-08 14:50:51 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:26 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-22 13:06:29 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
.
============= FINISH: 0:08:37.06 ===============

Attached Thumbnails

Image may be NSFW.
Clik here to view.  

Attached Images

Image may be NSFW.
Clik here to view. 

Attached Files

Image may be NSFW. Clik here to view.

attach.txt (8.7 KB)