Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser issues after complete system reinstall


  • This topic is locked This topic is locked
33 replies to this topic

#1 Scott Stoef

Scott Stoef

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 30 April 2015 - 07:48 PM

I have another post in the removal logs for my desktop (http://www.bleepingcomputer.com/forums/t/574905/infection-issues-mbam-wont-update-and-cannot-enable-windows-firewall-and-more/), but this one is for my laptop.  I'm not sure if the two issues are related or not, but I will try to explain what is happening on the laptop.

 

A few weeks ago the Chrome browser all of sudden started running very slowly.  I tried to update the Malwarebytes database as instructed but when I tried it came back saying there was nothing to update.  I tried a couple of other things, but since this was my laptop I just decided to go ahead and wipe the drive clean and do a clean reinstall of Windows 8 back to factory defaults. 

 

I successfully completed the reinstall and upgraded the OS to Windows 8.1.  From there I reinstalled Avast as my antivirus and turned on windows firewall.  I then installed Chrome and Firebox as my browsers.  Knowing this was a clean install I figured Chrome, my primary browser, would work as quickly as it did, but it is taking about 15-30 to launch and display my home page.  I tried turning on and off (disable and removing) all of my add-ons, but nothing has helped the performance.  I tried using Firefox as well but it is too running slow, but no where as bad a Chrome.  I've even tried IE and it isn't too bad, but it it has a lot of lag. I ran a speedtest and I'm getting 28mbps on my download speed and 5mbps on upload so I don't think I have connection issues.

 

I reinstalled MBAM and ran a scan and it didn't find anything.  I'm wondering if the issue that impacted the laptop in the first place corrupted my factor default partition and I'm still infected.  I originally posted in General Security (http://www.bleepingcomputer.com/forums/t/574630/advice-needed/) and we had no luck diagnosing the issue so I was recommended to post my laptop issues here. Please note this accidentally points to the post for my desktop, but the thread is closed so I cannot update to point to this post. 

 

Please be sure to keep both posts active as they are for different computers. 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 05 May 2015 - 05:35 PM

OK, let's have a look at the laptop as well. :)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 05 May 2015 - 07:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574923 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 May 2015 - 07:56 PM

Jurgen,

 

Before I started the scan I tried to uninstall MBAM.  The system just sat at the uninstall screen for a couple of minutes.  I went into task manager/processes, and the hard drive was at 100%.  When I tried to sort for the highest usage nothing really came up to explain the high usage.

 

Here the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Admin (administrator) on STOEFFLER-LT1 on 05-05-2015 20:48:53
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin & Scott & Sandy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGXA.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\...\Run: [EPSON9B1318 (Artisan 830)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-05-05]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\Extensions\support@lastpass.com [2015-04-24]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (WOT) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (LastPass Vault) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0106921430873003mcinstcleanup; C:\Users\Admin\AppData\Local\Temp\010692~1.EXE [883024 2015-04-06] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 20:48 - 2015-05-05 20:49 - 00014711 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-05-05 20:48 - 2015-05-05 20:48 - 00000000 ____D () C:\FRST
2015-05-05 20:43 - 2015-05-05 20:43 - 00000000 ____D () C:\Program Files\McAfee
2015-05-05 20:41 - 2015-05-05 20:41 - 02101248 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-05-05 18:47 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-05 18:47 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-05 18:46 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-05 18:46 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-05 18:46 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-05 18:46 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-05 18:46 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-05 18:46 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-05 18:32 - 2015-05-05 18:32 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-05-05 18:32 - 2015-05-05 18:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Secunia PSI
2015-05-05 18:32 - 2015-05-05 18:32 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-05-05 18:31 - 2015-05-05 18:31 - 05490752 _____ (Secunia) C:\Users\Admin\Desktop\PSISetup.exe
2015-05-05 18:25 - 2015-05-05 18:25 - 05490752 _____ (Secunia) C:\Users\Scott\Downloads\PSISetup.exe
2015-05-01 18:37 - 2015-05-01 18:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-29 22:20 - 2015-04-29 22:22 - 00000000 ____D () C:\NPE
2015-04-29 22:17 - 2015-04-29 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\NPE
2015-04-29 22:17 - 2015-04-29 22:17 - 00000000 ____D () C:\ProgramData\Norton
2015-04-29 15:24 - 2015-05-05 20:32 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 15:24 - 2015-05-05 20:29 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 15:24 - 2015-04-29 15:24 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 15:24 - 2015-04-29 15:24 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 15:24 - 2015-04-29 15:24 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 15:24 - 2015-04-29 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-28 17:25 - 2015-05-05 18:24 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16522898-203C-4162-B060-2D5BA2E292CC}
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieUserList
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieSiteList
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieBrowserModeList
2015-04-28 17:22 - 2015-04-28 17:22 - 00880208 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe
2015-04-28 16:17 - 2015-04-28 16:17 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-28 16:17 - 2015-04-28 16:17 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-28 16:17 - 2015-04-28 16:17 - 00002069 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-28 16:16 - 2015-04-28 16:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-28 16:14 - 2015-04-28 16:17 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2015-04-28 15:56 - 2015-04-28 15:56 - 00000810 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-04-28 15:56 - 2015-04-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-04-28 15:56 - 2015-04-28 15:56 - 00000000 ____D () C:\Program Files\Speccy
2015-04-27 18:30 - 2015-04-27 18:30 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Macromedia
2015-04-27 18:30 - 2015-04-27 18:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Macromedia
2015-04-27 18:09 - 2015-04-27 18:09 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mozilla
2015-04-27 18:09 - 2015-04-27 18:09 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2015-04-27 17:12 - 2015-04-27 17:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1007
2015-04-27 17:07 - 2015-04-27 17:08 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Packages
2015-04-27 17:07 - 2015-04-27 17:07 - 00001448 _____ () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 17:07 - 2015-04-27 17:07 - 00000020 ___SH () C:\Users\Sandy\ntuser.ini
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\AVAST Software
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Adobe
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Local\VirtualStore
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Google
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 _____ () C:\Users\Sandy\agent.log
2015-04-27 17:07 - 2015-04-22 17:45 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-27 17:07 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-27 17:07 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-27 17:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-27 17:05 - 2015-05-03 20:49 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1006
2015-04-27 17:00 - 2015-04-27 17:00 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AVAST Software
2015-04-27 16:59 - 2015-04-28 17:31 - 00000000 ____D () C:\Users\Scott\AppData\Local\Google
2015-04-27 16:59 - 2015-04-27 17:01 - 00000000 ____D () C:\Users\Scott\AppData\Local\Packages
2015-04-27 16:59 - 2015-04-27 16:59 - 00001448 _____ () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 16:59 - 2015-04-27 16:59 - 00000020 ___SH () C:\Users\Scott\ntuser.ini
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Adobe
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Local\VirtualStore
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 _____ () C:\Users\Scott\agent.log
2015-04-27 16:59 - 2015-04-22 17:45 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-27 16:59 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-27 16:59 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-27 16:59 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-27 16:37 - 2015-04-27 16:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-04-27 16:31 - 2015-04-27 16:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-27 16:29 - 2015-04-27 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-27 16:28 - 2015-05-05 18:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-27 16:27 - 2015-04-27 16:27 - 01482928 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Setup.x64.en-US_ProPlusRetail_P9NHX-MFG99-623J2-TH6WB-6VGXQ_TX_PR_act_1_.exe
2015-04-27 16:07 - 2015-04-27 16:07 - 00000952 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-04-27 16:07 - 2015-04-27 16:07 - 00000000 ____D () C:\Program Files (x86)\epson
2015-04-27 16:07 - 2009-12-09 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2015-04-27 16:07 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-04-27 16:07 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-04-27 16:05 - 2015-04-27 16:06 - 13343008 _____ () C:\Users\Admin\Downloads\epson13774.exe
2015-04-27 16:01 - 2015-04-27 16:01 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-04-27 16:00 - 2015-04-27 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-04-27 15:59 - 2015-04-27 16:01 - 00000000 ____D () C:\ProgramData\EPSON
2015-04-27 15:59 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_IBCBGXA.DLL
2015-04-27 15:59 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMGXA.DLL
2015-04-27 15:58 - 2015-04-27 15:58 - 14334240 _____ () C:\Users\Admin\Downloads\epson14825.exe
2015-04-25 12:03 - 2015-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Decrap my Computer
2015-04-25 12:03 - 2015-04-25 12:03 - 00001893 _____ () C:\Users\Admin\Desktop\Decrap my Computer.lnk
2015-04-25 12:03 - 2015-04-25 12:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2015-04-25 12:02 - 2015-04-25 12:02 - 05663088 _____ () C:\Users\Admin\Downloads\Decrap_Setup.exe
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 10:14 - 2015-04-25 10:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 22:37 - 2015-04-24 22:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-04-24 21:49 - 2015-04-24 21:49 - 00000000 ____D () C:\ProgramData\Sun
2015-04-24 21:48 - 2015-04-24 21:48 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 21:48 - 2015-04-24 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-24 21:47 - 2015-04-24 21:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-24 21:47 - 2015-04-24 21:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 21:46 - 2015-04-24 21:46 - 00561576 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe
2015-04-24 21:41 - 2015-05-05 20:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-24 21:41 - 2015-04-24 21:41 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-24 21:40 - 2015-04-28 16:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-04-24 17:21 - 2015-04-24 17:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-24 16:09 - 2015-04-24 16:09 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-24 16:09 - 2015-04-24 16:09 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-24 16:09 - 2015-04-24 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 16:09 - 2015-04-24 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 16:08 - 2015-04-24 16:08 - 00243304 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-24 07:32 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-23 22:14 - 2015-04-23 22:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2015-04-23 22:13 - 2015-04-27 16:10 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-23 22:13 - 2015-04-23 22:13 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-23 22:13 - 2015-04-23 22:13 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-23 22:13 - 2015-04-23 22:13 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00001940 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-23 22:13 - 2015-04-23 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-23 22:12 - 2015-04-23 22:12 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-23 22:11 - 2015-04-23 22:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-23 21:52 - 2015-04-23 21:52 - 05472992 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-04-23 21:52 - 2015-04-23 21:52 - 05472992 _____ (Avast Software s.r.o.) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
2015-04-23 20:40 - 2015-04-29 15:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-23 20:39 - 2015-04-29 15:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-04-23 20:39 - 2015-04-29 15:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-04-23 20:39 - 2015-04-23 20:39 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2015-04-23 20:37 - 2015-04-23 20:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-04-23 20:37 - 2015-04-23 20:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-04-23 20:37 - 2015-04-23 20:37 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-22 19:23 - 2015-04-22 19:23 - 00000000 __SHD () C:\Recovery
2015-04-22 19:23 - 2015-04-22 16:03 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-22 19:20 - 2015-04-22 19:20 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-22 19:17 - 2015-04-22 19:17 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-22 19:17 - 2015-04-22 19:17 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-22 19:17 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-22 18:28 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-22 18:28 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-22 18:28 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-22 18:28 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-22 18:27 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-22 18:27 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-22 18:27 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-22 18:27 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-22 18:27 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-22 18:26 - 2015-03-13 22:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-22 18:26 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-22 18:26 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-22 18:25 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-22 18:25 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-22 18:25 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-22 18:25 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-22 18:24 - 2015-03-12 22:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-22 18:24 - 2015-03-12 22:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-22 18:24 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-22 18:24 - 2015-02-12 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-22 18:24 - 2015-02-12 21:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-22 18:23 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-22 18:23 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-22 18:23 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-04-22 18:23 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-04-22 18:23 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-04-22 18:23 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-04-22 18:23 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-04-22 18:23 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-04-22 18:23 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-04-22 18:22 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-22 18:22 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-22 18:22 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-04-22 18:22 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-04-22 18:22 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-04-22 18:22 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-04-22 18:22 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-04-22 18:22 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-04-22 18:22 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-04-22 18:22 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-04-22 18:22 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-04-22 18:22 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-04-22 18:22 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-04-22 18:22 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-04-22 18:22 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-04-22 18:22 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-04-22 18:22 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-04-22 18:22 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-04-22 18:22 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-04-22 18:22 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-04-22 18:22 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-04-22 18:22 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-04-22 18:22 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-04-22 18:22 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-04-22 18:22 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-04-22 18:22 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-04-22 18:22 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-04-22 18:22 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-04-22 18:22 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-04-22 18:22 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-04-22 18:22 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-04-22 18:22 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-04-22 18:22 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-04-22 18:22 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-04-22 18:22 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-04-22 18:22 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-04-22 18:22 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-04-22 18:22 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-04-22 18:22 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-04-22 18:22 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-04-22 18:22 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-04-22 18:22 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-04-22 18:22 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-04-22 18:22 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-04-22 18:22 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-04-22 18:22 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-04-22 18:22 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-04-22 18:22 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-04-22 18:22 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-04-22 18:22 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-04-22 18:22 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-04-22 18:22 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-04-22 18:22 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-04-22 18:22 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-04-22 18:22 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-04-22 18:22 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-04-22 18:22 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-04-22 18:22 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-04-22 18:22 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-04-22 18:22 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-04-22 18:22 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-04-22 18:22 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-04-22 18:22 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-04-22 18:22 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-04-22 18:22 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-04-22 18:22 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-04-22 18:22 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-04-22 18:22 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-04-22 18:22 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-04-22 18:21 - 2015-05-05 20:33 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FC18D08-5159-4BC9-B29C-E3C168398267}
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-04-22 18:19 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-22 18:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-04-22 18:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-04-22 17:44 - 2015-04-22 18:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-22 17:44 - 2015-04-22 17:44 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-22 16:31 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-22 16:31 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-22 16:31 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-22 16:31 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-22 16:31 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-22 16:31 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-22 16:31 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-22 16:31 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-22 16:31 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-22 16:30 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-22 16:30 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-22 16:28 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-22 16:28 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-22 16:28 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-22 16:28 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-22 16:28 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-22 16:28 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-22 16:27 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-22 16:27 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-22 16:27 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-22 16:27 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-22 16:27 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-22 16:27 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-22 16:27 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-22 16:27 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-22 16:27 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-22 16:27 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-22 16:27 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-22 16:27 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-22 16:27 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-22 16:27 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-22 16:27 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-22 16:27 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-22 16:27 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-22 16:27 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-22 16:27 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-22 16:27 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-22 16:27 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-22 16:27 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-22 16:27 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-22 16:27 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-22 16:27 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-22 16:27 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-22 16:27 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-22 16:27 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-22 16:27 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-22 16:27 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-22 16:27 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-22 16:27 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-22 16:27 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-22 16:27 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-22 16:27 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-22 16:27 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-22 16:27 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-22 16:27 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-22 16:27 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-22 16:27 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-22 16:27 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-22 16:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-22 16:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-22 16:26 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-22 16:26 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-22 16:25 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-22 16:25 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-22 16:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-22 16:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-22 16:25 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-22 16:25 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-22 16:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-22 16:25 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-22 16:25 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-22 16:25 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-22 16:25 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-22 16:25 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-22 16:25 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-22 16:25 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-22 16:25 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-22 16:25 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-22 16:25 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-22 16:25 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-22 16:25 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-22 16:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-22 16:25 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-22 16:25 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-22 16:25 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-22 16:25 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-22 16:25 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-22 16:25 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-22 16:25 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-22 16:25 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-22 16:25 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-22 16:25 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-22 16:25 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-22 16:25 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-22 16:25 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-22 16:25 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-22 16:25 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-22 16:25 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-22 16:25 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-22 16:25 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-22 16:25 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-22 16:25 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-22 16:25 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-22 16:25 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-22 16:25 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-22 16:25 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-22 16:25 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-22 16:25 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-22 16:25 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-22 16:25 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-22 16:25 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-22 16:25 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-22 16:25 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-22 16:25 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-22 16:25 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-22 16:25 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-22 16:25 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-22 16:25 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-22 16:25 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-22 16:25 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-22 16:25 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-22 16:25 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-22 16:25 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-22 16:25 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-22 16:25 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-22 16:25 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-22 16:25 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-22 16:25 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-22 16:25 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-22 16:25 - 2014-12-05 21:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-22 16:25 - 2014-11-21 22:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-22 16:25 - 2014-11-21 22:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-22 16:24 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-22 16:24 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-22 16:24 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-22 16:24 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-22 16:24 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-22 16:24 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-22 16:24 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-22 16:24 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-22 16:24 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-22 16:24 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-22 16:24 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-22 16:24 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-22 16:24 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-22 16:24 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-22 16:24 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-22 16:24 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-22 16:24 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-22 16:24 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-22 16:24 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-22 16:24 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-22 16:24 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-22 16:24 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-22 16:24 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-22 16:24 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-22 16:24 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-22 16:24 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-22 16:24 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-22 16:24 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-22 16:24 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-22 16:24 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-22 16:24 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-22 16:24 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-22 16:24 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-22 16:24 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-22 16:24 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-22 16:24 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-22 16:24 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-22 16:24 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-22 16:24 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-22 16:24 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-22 16:24 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-22 16:24 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-22 16:24 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-22 16:24 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-22 16:24 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-22 16:08 - 2015-05-05 20:32 - 00000000 ____D () C:\Users\Admin\OneDrive
2015-04-22 16:03 - 2015-04-22 16:03 - 00001448 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-22 16:02 - 2015-04-22 16:02 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-04-22 15:56 - 2015-04-22 15:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-22 15:42 - 2015-04-22 15:42 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-22 15:36 - 2015-04-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-22 15:35 - 2015-04-22 16:08 - 00000000 ____D () C:\Users\Admin
2015-04-22 15:35 - 2015-04-22 15:57 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2015-04-22 15:35 - 2015-04-22 15:57 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2015-04-22 15:35 - 2015-04-22 15:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 15:35 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-22 15:35 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-22 15:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-22 15:29 - 2015-05-05 20:41 - 01739641 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-22 15:26 - 2015-04-22 15:38 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-22 15:26 - 2015-04-22 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-04-22 15:26 - 2015-04-22 15:26 - 00000000 ____D () C:\Program Files\Realtek
2015-04-22 14:55 - 2015-04-22 15:57 - 00006599 _____ () C:\WINDOWS\comsetup.log
2015-04-21 13:57 - 2015-04-22 18:06 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-20 22:27 - 2015-04-22 14:11 - 00797120 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00432016 _____ () C:\WINDOWS\system32\prfh0804.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00162488 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00132686 _____ () C:\WINDOWS\system32\prfc0804.dat
2015-04-20 22:27 - 2015-04-20 22:16 - 00346536 _____ () C:\WINDOWS\system32\perfi00A.dat
2015-04-20 22:27 - 2015-04-20 22:16 - 00043804 _____ () C:\WINDOWS\system32\perfd00A.dat
2015-04-20 22:27 - 2015-04-20 22:15 - 00113128 _____ () C:\WINDOWS\system32\prfi0804.dat
2015-04-20 22:27 - 2015-04-20 22:15 - 00033362 _____ () C:\WINDOWS\system32\prfd0804.dat
2015-04-20 22:19 - 2015-04-22 15:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-04-20 22:19 - 2015-04-20 22:21 - 00000000 ____D () C:\WINDOWS\SysWOW64\es
2015-04-20 22:19 - 2015-04-20 22:20 - 00000000 ____D () C:\WINDOWS\system32\es
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HANS
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\0C0A
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\system32\zh-HANS
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\system32\0C0A
2015-04-20 18:11 - 2015-03-04 03:26 - 00011105 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-04-20 16:33 - 2015-04-20 22:19 - 00000000 ____D () C:\sources
2015-04-20 16:28 - 2015-04-22 17:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-20 13:18 - 2015-04-20 13:18 - 00000323 _____ () C:\WINDOWS\system32\netcfg-58754125.txt
2015-04-20 13:18 - 2015-04-20 13:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-58757453.txt
2015-04-20 13:17 - 2015-04-20 13:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-58707765.txt
2015-04-20 00:14 - 2015-04-20 00:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-20 00:14 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-19 22:49 - 2015-04-19 22:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2230390.txt
2015-04-19 22:48 - 2015-04-19 22:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2220125.txt
2015-04-19 21:54 - 2013-05-04 00:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2015-04-19 21:54 - 2013-05-04 00:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-04-19 21:08 - 2015-04-19 21:08 - 00001200 _____ () C:\WINDOWS\mot.log
2015-04-19 21:07 - 2015-04-19 21:07 - 00001200 _____ () C:\WINDOWS\ori.log
2015-04-19 20:59 - 2015-04-19 20:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-31109.txt
2015-04-19 20:58 - 2015-04-19 20:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-985906.txt
2015-04-19 20:56 - 2015-04-20 17:17 - 00000097 _____ () C:\WINDOWS\comp.log
2015-04-19 20:53 - 2015-04-20 17:17 - 00000026 _____ () C:\WINDOWS\Improvement.log
2015-04-19 20:53 - 2015-04-19 21:06 - 00001157 _____ () C:\WINDOWS\cur.log
2015-04-19 20:53 - 2015-04-19 21:06 - 00000045 _____ () C:\WINDOWS\system32\par2.txt
2015-04-19 20:53 - 2015-04-19 21:06 - 00000042 _____ () C:\WINDOWS\system32\par.txt
2015-04-19 20:42 - 2015-04-19 20:42 - 00000117 _____ () C:\WINDOWS\system32\netcfg-40937.txt
2015-04-19 20:41 - 2015-04-19 20:41 - 00000117 _____ () C:\WINDOWS\system32\netcfg-767656.txt
2015-04-19 20:35 - 2015-04-19 20:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-04-19 20:31 - 2015-04-19 20:31 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-04-19 20:29 - 2015-04-19 20:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46046.txt
2015-04-19 20:28 - 2015-04-19 20:28 - 00000117 _____ () C:\WINDOWS\system32\netcfg-292203.txt
2015-04-19 20:24 - 2015-04-19 20:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-33828.txt
2015-04-19 20:23 - 2015-04-19 20:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-309796.txt
2015-04-19 20:19 - 2015-04-19 20:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-87625.txt
2015-04-19 20:18 - 2015-04-19 20:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3973781.txt
2015-04-19 20:06 - 2015-04-19 20:06 - 00000000 _____ () C:\Users\Admin\agent.log
2015-04-19 20:05 - 2015-05-05 20:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1001
2015-04-19 19:58 - 2015-04-21 13:36 - 00000408 _____ () C:\Users\Admin\AppData\Roaming\sp_data.sys
2015-04-19 19:58 - 2015-04-19 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ASUS WebStorage
2015-04-19 19:57 - 2015-04-26 17:07 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2015-04-19 19:57 - 2015-04-19 19:57 - 00000196 _____ () C:\WINDOWS\FixPatch.log
2015-04-19 19:57 - 2015-04-19 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-04-19 19:57 - 2015-04-19 19:57 - 00000000 ____D () C:\ProgramData\FolderView
2015-04-19 19:55 - 2015-04-23 05:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-04-19 19:55 - 2015-04-19 19:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\ASUS
2015-04-19 19:55 - 2015-04-19 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2015-04-19 19:49 - 2015-04-19 19:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2233265.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 20:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-05 20:43 - 2012-08-04 21:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-05 20:32 - 2012-10-08 18:06 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-05-05 18:52 - 2014-11-21 04:34 - 00012834 _____ () C:\WINDOWS\PFRO.log
2015-05-05 18:52 - 2013-08-22 10:46 - 00286612 _____ () C:\WINDOWS\setupact.log
2015-05-05 18:52 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-05 18:51 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-05 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-05 18:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-03 18:08 - 2012-10-08 18:06 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-29 22:20 - 2013-08-22 10:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-28 16:16 - 2012-08-04 21:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-27 16:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-26 17:07 - 2012-08-04 21:42 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-26 17:05 - 2012-08-04 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-25 04:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-24 21:17 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-23 22:03 - 2014-11-21 04:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 21:59 - 2012-08-04 21:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-23 21:56 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-23 21:54 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-23 20:56 - 2012-10-08 18:20 - 00000000 ____D () C:\AsusVibeData
2015-04-22 19:21 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-04-22 18:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-22 17:45 - 2014-11-21 11:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-22 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-22 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-22 16:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-22 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-22 15:52 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-22 15:52 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-22 15:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-04-22 15:42 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-04-22 15:42 - 2012-10-08 18:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-04-22 15:40 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-22 15:38 - 2014-11-21 04:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-22 15:38 - 2012-10-08 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-22 15:38 - 2012-08-01 21:24 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-22 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-22 15:24 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-04-22 15:06 - 2012-10-08 18:22 - 01656619 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-04-22 13:36 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-19 20:31 - 2012-10-08 18:10 - 00012666 _____ () C:\WINDOWS\DPINST.LOG
2015-04-19 19:57 - 2012-08-04 21:42 - 02762596 _____ () C:\WINDOWS\AsDebug.log
2015-04-19 19:57 - 2012-08-04 21:42 - 00408576 _____ () C:\WINDOWS\AsCDProc.log
2015-04-19 19:57 - 2012-08-04 21:37 - 00001988 _____ () C:\WINDOWS\PQArecord.log
2015-04-19 19:57 - 2012-08-01 21:36 - 00000000 ____D () C:\WINDOWS\Log
2015-04-13 19:24 - 2014-11-21 12:03 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-19 19:58 - 2015-04-21 13:36 - 0000408 _____ () C:\Users\Admin\AppData\Roaming\sp_data.sys
2012-08-04 21:42 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 21:42 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\0106921430873003mcinst.exe
C:\Users\Admin\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 19:04

==================== End Of Log ============================



#5 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 May 2015 - 07:59 PM

Here is the Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Admin at 2015-05-05 20:51:24
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2525780112-4156266377-2695489881-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2525780112-4156266377-2695489881-500 - Administrator - Disabled)
Branden (S-1-5-21-2525780112-4156266377-2695489881-1008 - Limited - Enabled)
Guest (S-1-5-21-2525780112-4156266377-2695489881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2525780112-4156266377-2695489881-1005 - Limited - Enabled)
Kayla (S-1-5-21-2525780112-4156266377-2695489881-1009 - Limited - Enabled)
Sandy (S-1-5-21-2525780112-4156266377-2695489881-1007 - Limited - Enabled) => C:\Users\Sandy
Scott (S-1-5-21-2525780112-4156266377-2695489881-1006 - Limited - Enabled) => C:\Users\Scott

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version:  - Macecraft Software)
EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-04-2015 16:31:41 Windows Update
23-04-2015 21:23:27 Removed ASUS Live Update
25-04-2015 10:55:11 Restore before decrap.org
26-04-2015 16:53:54 Decrap my Computer [W8-x64] - Decrap my Computer
27-04-2015 16:45:56 restore after epson printer drivers and MS office install
05-05-2015 18:47:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1454D6CE-4E0D-4EDD-8F37-539B3E73F420} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {16B21898-9F36-4446-8C5C-838AC7F86F9C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {1F907405-E88A-4B2D-ABCB-0082DE7959AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-27] (Microsoft Corporation)
Task: {28C0770E-AE31-49F0-9D9D-A86168683C71} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {30AC6099-1BDA-4E0F-97DD-1EF5144A7DD2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {30B47AF5-76E4-4536-9047-60F42D14A84D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3B15434D-D8A9-444A-B071-B6C4A4B2AECB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {5201B5E0-29CC-450F-B661-E1DEB6E0AEDC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
Task: {81FDD379-BBB6-4F2A-A66B-2F87D40702F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {9EF3B6BD-7385-4B4C-A02C-25329310DDBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B06BE685-2850-4DEF-8B23-7C84C13A9E8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-24] (Adobe Systems Incorporated)
Task: {CE010756-5915-4CB5-AC1F-8D91E0047215} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {CEFB90A5-D653-405B-8C4C-1B83A54216E5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Task: {D2BAC81A-ACF9-4C38-B67D-67AF91EEC33C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {DE9BA4BA-FE3F-445E-AA90-CA697E4EC84A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {E36942C7-61DD-4F58-A086-33F6756ED081} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-27] (Microsoft Corporation)
Task: {E45DD182-BE1D-4BCA-B010-1D3041A5BAA6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {E477677E-D712-4344-91EF-ADF150BA41B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {E9C51A78-534C-4FC1-AC9A-2BF11274DCB6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-27 16:28 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-27 16:29 - 2015-04-27 16:32 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-04-23 22:13 - 2015-04-23 22:13 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 22:13 - 2015-04-23 22:13 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-03 18:55 - 2015-05-03 18:55 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050301\algo.dll
2015-05-05 20:33 - 2015-05-05 20:33 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050501\algo.dll
2015-04-23 22:13 - 2015-04-23 22:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-24 16:11 - 2015-04-24 16:11 - 01020928 _____ () C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS InstantOn => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mcbootdelaystartsvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McOobeSv => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{71BCB4B6-98D6-4474-BA93-D371A242E15E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FFB8A548-943D-428F-9DAB-7D53CFF47FFB}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D5F1B6EF-7AAE-4C63-BE97-E139A1573C2F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CB3C1A3E-C75C-4490-B4BB-3DD13345FB1F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A1073C8D-6717-4C50-913B-EDDF6947B938}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3FE20E29-5F64-4EAD-A259-2F8BD77BEF4C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2A8E068A-FD26-48DC-A61F-7962B5281AEF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE600AED-AAFD-494F-B60A-43EFFF0700C1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52C51BFC-19B6-4CC1-AA4B-9A7E6412E584}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1966B312-DAB8-43F5-B9ED-0780A5490732}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8677E2AF-F5FA-403F-BF23-B6F4FFEC6C9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A9A71A57-BE6F-43BB-ABAC-50EC8BED2FBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2015 08:36:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/05/2015 07:04:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (05/05/2015 06:39:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000409
Fault offset: 0x00093524
Faulting process id: 0x1c18
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3
Faulting package full name: PSIA.exe4
Faulting package-relative application ID: PSIA.exe5

Error: (05/04/2015 09:31:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (05/03/2015 05:13:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (05/02/2015 06:05:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (05/01/2015 07:10:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bc

Start Time: 01d08463503227f6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4415b8d4-f057-11e4-be9f-50465d998def

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2015 06:37:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/27/2015 04:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17477, time stamp: 0x5452dca5
Exception code: 0xc000027b
Fault offset: 0x00000000006d50ab
Faulting process id: 0x918
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/24/2015 09:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.9700.0, time stamp: 0x51d28fcb
Exception code: 0xc0000005
Fault offset: 0x00000000005615b7
Faulting process id: 0x6ac
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5


System errors:
=============
Error: (05/05/2015 06:39:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 10:19:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/28/2015 05:41:48 PM) (Source: DCOM) (EventID: 10010) (User: Stoeffler-LT1)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/28/2015 05:41:18 PM) (Source: DCOM) (EventID: 10010) (User: Stoeffler-LT1)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/27/2015 04:11:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/26/2015 05:04:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/26/2015 05:04:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/26/2015 05:04:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/24/2015 09:13:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/24/2015 09:10:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:46:33 PM on ‎4/‎24/‎2015 was unexpected.


Microsoft Office Sessions:
=========================
Error: (05/05/2015 08:36:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (05/05/2015 07:04:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/05/2015 06:39:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c0000409000935241c1801d087835f2c79bbC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe9d8c2914-f377-11e4-be9f-50465d998def

Error: (05/04/2015 09:31:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/03/2015 05:13:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/02/2015 06:05:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/01/2015 07:10:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689bc01d08463503227f64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe4415b8d4-f057-11e4-be9f-50465d998defmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2015 06:37:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe

Error: (04/27/2015 04:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemSettings.exe6.3.9600.174895465bbd5Windows.UI.Xaml.dll6.3.9600.174775452dca5c000027b00000000006d50ab91801d0812b87da68f5C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dllbd524038-ed1f-11e4-be9e-50465d998defwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/24/2015 09:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b76ac01d07ef49c8306bcC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll354ce288-eae8-11e4-be9b-50465d998def


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 3979.79 MB
Available physical RAM: 2572.54 MB
Total Pagefile: 4683.79 MB
Available Pagefile: 3284.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.8 GB) (Free:82.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.85 GB) (Free:157.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 23D3E035)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 06 May 2015 - 10:35 AM

Hi there,

 

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 May 2015 - 10:58 AM

11:56:15.0262 0x0ffc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:56:15.0262 0x0ffc  UEFI system
11:56:19.0395 0x0ffc  ============================================================
11:56:19.0395 0x0ffc  Current date / time: 2015/05/06 11:56:19.0395
11:56:19.0395 0x0ffc  SystemInfo:
11:56:19.0395 0x0ffc  
11:56:19.0395 0x0ffc  OS Version: 6.3.9600 ServicePack: 0.0
11:56:19.0395 0x0ffc  Product type: Workstation
11:56:19.0395 0x0ffc  ComputerName: STOEFFLER-LT1
11:56:19.0395 0x0ffc  UserName: Admin
11:56:19.0395 0x0ffc  Windows directory: C:\WINDOWS
11:56:19.0395 0x0ffc  System windows directory: C:\WINDOWS
11:56:19.0395 0x0ffc  Running under WOW64
11:56:19.0395 0x0ffc  Processor architecture: Intel x64
11:56:19.0395 0x0ffc  Number of processors: 4
11:56:19.0395 0x0ffc  Page size: 0x1000
11:56:19.0395 0x0ffc  Boot type: Normal boot
11:56:19.0395 0x0ffc  ============================================================
11:56:19.0786 0x0ffc  KLMD registered as C:\WINDOWS\system32\drivers\26332961.sys
11:56:20.0427 0x0ffc  System UUID: {4E48BBD0-857F-6E19-2B3A-3A6C2D0BB01E}
11:56:21.0161 0x0ffc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:56:21.0161 0x0ffc  ============================================================
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0:
11:56:21.0161 0x0ffc  GPT partitions:
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D822EC6C-98C5-42A8-8DE1-E3EE4543C4A2}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {09FAE88F-4B05-490F-91A6-EB4FA00F51FD}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x12C000
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {76536802-E3F5-4F23-8434-612488BD3FF8}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {032AEA11-E334-4219-BE82-5EB939F164BB}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0xED97800
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CAB33B93-FB55-4E35-8EDC-8C56B2861B64}, Name: , StartLBA 0xEF9A000, BlocksNum 0xE1800
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5797A078-003D-43CE-BDA7-FBE9802924CC}, Name: Basic data partition, StartLBA 0xF07B800, BlocksNum 0x13BB3000
11:56:21.0161 0x0ffc  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {ADBCA9B6-C50C-4EDE-9327-97C07AEFA8C8}, Name: Basic data partition, StartLBA 0x22C2E800, BlocksNum 0x2800000
11:56:21.0161 0x0ffc  MBR partitions:
11:56:21.0161 0x0ffc  ============================================================
11:56:21.0208 0x0ffc  C: <-> \Device\Harddisk0\DR0\Partition4
11:56:21.0255 0x0ffc  D: <-> \Device\Harddisk0\DR0\Partition6
11:56:21.0255 0x0ffc  ============================================================
11:56:21.0255 0x0ffc  Initialize success
11:56:21.0255 0x0ffc  ============================================================
11:56:53.0020 0x13cc  ============================================================
11:56:53.0020 0x13cc  Scan started
11:56:53.0020 0x13cc  Mode: Manual; SigCheck; TDLFS;
11:56:53.0020 0x13cc  ============================================================
11:56:53.0020 0x13cc  KSN ping started
11:56:53.0207 0x13cc  KSN ping finished: true
11:56:55.0082 0x13cc  ================ Scan system memory ========================
11:56:55.0082 0x13cc  System memory - ok
11:56:55.0082 0x13cc  ================ Scan services =============================
11:56:55.0223 0x13cc  0106921430873003mcinstcleanup - ok
11:56:55.0442 0x13cc  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
11:56:55.0504 0x13cc  1394ohci - ok
11:56:55.0551 0x13cc  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
11:56:55.0551 0x13cc  3ware - ok
11:56:55.0598 0x13cc  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:56:55.0629 0x13cc  ACPI - ok
11:56:55.0660 0x13cc  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
11:56:55.0660 0x13cc  acpiex - ok
11:56:55.0676 0x13cc  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
11:56:55.0692 0x13cc  acpipagr - ok
11:56:55.0723 0x13cc  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
11:56:55.0738 0x13cc  AcpiPmi - ok
11:56:55.0754 0x13cc  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
11:56:55.0770 0x13cc  acpitime - ok
11:56:55.0817 0x13cc  [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:56:55.0832 0x13cc  AdobeARMservice - ok
11:56:55.0989 0x13cc  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:56:55.0989 0x13cc  AdobeFlashPlayerUpdateSvc - ok
11:56:56.0035 0x13cc  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
11:56:56.0082 0x13cc  ADP80XX - ok
11:56:56.0129 0x13cc  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
11:56:56.0145 0x13cc  AeLookupSvc - ok
11:56:56.0176 0x13cc  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
11:56:56.0223 0x13cc  AFD - ok
11:56:56.0239 0x13cc  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
11:56:56.0254 0x13cc  agp440 - ok
11:56:56.0270 0x13cc  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
11:56:56.0285 0x13cc  ahcache - ok
11:56:56.0332 0x13cc  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
11:56:56.0348 0x13cc  ALG - ok
11:56:56.0395 0x13cc  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
11:56:56.0395 0x13cc  AmdK8 - ok
11:56:56.0410 0x13cc  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
11:56:56.0426 0x13cc  AmdPPM - ok
11:56:56.0442 0x13cc  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
11:56:56.0442 0x13cc  amdsata - ok
11:56:56.0473 0x13cc  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
11:56:56.0489 0x13cc  amdsbs - ok
11:56:56.0504 0x13cc  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
11:56:56.0520 0x13cc  amdxata - ok
11:56:56.0551 0x13cc  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
11:56:56.0567 0x13cc  AppID - ok
11:56:56.0598 0x13cc  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
11:56:56.0614 0x13cc  AppIDSvc - ok
11:56:56.0629 0x13cc  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
11:56:56.0645 0x13cc  Appinfo - ok
11:56:56.0692 0x13cc  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
11:56:56.0723 0x13cc  AppReadiness - ok
11:56:56.0785 0x13cc  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
11:56:56.0879 0x13cc  AppXSvc - ok
11:56:56.0910 0x13cc  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
11:56:56.0926 0x13cc  arcsas - ok
11:56:56.0989 0x13cc  [ FA713019412C061385F09BD373BF747A, 83ED108FEE95BA7CBE87C845154F97FCB4597F9D9BEC1F802B92D8994BD5931D ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
11:56:57.0004 0x13cc  ASLDRService - ok
11:56:57.0035 0x13cc  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:56:57.0035 0x13cc  ASMMAP64 - ok
11:56:57.0035 0x13cc  ASUS InstantOn - ok
11:56:57.0082 0x13cc  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
11:56:57.0082 0x13cc  aswHwid - ok
11:56:57.0114 0x13cc  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
11:56:57.0129 0x13cc  aswMonFlt - ok
11:56:57.0160 0x13cc  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
11:56:57.0176 0x13cc  aswRdr - ok
11:56:57.0192 0x13cc  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
11:56:57.0192 0x13cc  aswRvrt - ok
11:56:57.0239 0x13cc  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
11:56:57.0285 0x13cc  aswSnx - ok
11:56:57.0332 0x13cc  [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
11:56:57.0348 0x13cc  aswSP - ok
11:56:57.0364 0x13cc  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
11:56:57.0379 0x13cc  aswStm - ok
11:56:57.0395 0x13cc  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
11:56:57.0410 0x13cc  aswVmm - ok
11:56:57.0426 0x13cc  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
11:56:57.0442 0x13cc  atapi - ok
11:56:57.0598 0x13cc  [ A34167BD20D771B8E68F2C41CC85168C, 33E5ACA0D853918E1DE2B9544A6B0B616C09CA92013B1D99C7F48655B1DDB4A9 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
11:56:57.0723 0x13cc  athr - ok
11:56:57.0754 0x13cc  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
11:56:57.0754 0x13cc  ATKGFNEXSrv - ok
11:56:57.0817 0x13cc  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
11:56:57.0817 0x13cc  ATKWMIACPIIO - ok
11:56:57.0832 0x13cc  [ 437EB91CB20144375DDE145149778405, 5E76CDE2B3C852755F6E54AF774E9BECDF472103D83B815899333DE268536B98 ] ATP             C:\WINDOWS\System32\drivers\AsusTP.sys
11:56:57.0832 0x13cc  ATP - ok
11:56:57.0879 0x13cc  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:56:57.0926 0x13cc  AudioEndpointBuilder - ok
11:56:57.0989 0x13cc  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
11:56:58.0035 0x13cc  Audiosrv - ok
11:56:58.0145 0x13cc  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:56:58.0160 0x13cc  avast! Antivirus - ok
11:56:58.0176 0x13cc  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
11:56:58.0207 0x13cc  AxInstSV - ok
11:56:58.0270 0x13cc  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
11:56:58.0285 0x13cc  b06bdrv - ok
11:56:58.0332 0x13cc  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:56:58.0332 0x13cc  BasicDisplay - ok
11:56:58.0348 0x13cc  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
11:56:58.0364 0x13cc  BasicRender - ok
11:56:58.0379 0x13cc  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
11:56:58.0395 0x13cc  bcmfn2 - ok
11:56:58.0426 0x13cc  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
11:56:58.0442 0x13cc  BDESVC - ok
11:56:58.0473 0x13cc  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:56:58.0504 0x13cc  Beep - ok
11:56:58.0567 0x13cc  [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE             C:\WINDOWS\System32\bfe.dll
11:56:58.0614 0x13cc  BFE - ok
11:56:58.0676 0x13cc  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
11:56:58.0739 0x13cc  BITS - ok
11:56:58.0754 0x13cc  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
11:56:58.0770 0x13cc  bowser - ok
11:56:58.0864 0x13cc  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:56:58.0879 0x13cc  BrokerInfrastructure - ok
11:56:58.0911 0x13cc  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
11:56:58.0942 0x13cc  Browser - ok
11:56:58.0973 0x13cc  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:56:58.0989 0x13cc  BthAvrcpTg - ok
11:56:59.0036 0x13cc  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
11:56:59.0051 0x13cc  BthHFEnum - ok
11:56:59.0098 0x13cc  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
11:56:59.0114 0x13cc  bthhfhid - ok
11:56:59.0161 0x13cc  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
11:56:59.0192 0x13cc  BthHFSrv - ok
11:56:59.0207 0x13cc  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
11:56:59.0223 0x13cc  BTHMODEM - ok
11:56:59.0254 0x13cc  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
11:56:59.0286 0x13cc  bthserv - ok
11:56:59.0301 0x13cc  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:56:59.0317 0x13cc  cdfs - ok
11:56:59.0332 0x13cc  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
11:56:59.0348 0x13cc  cdrom - ok
11:56:59.0364 0x13cc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
11:56:59.0395 0x13cc  CertPropSvc - ok
11:56:59.0411 0x13cc  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
11:56:59.0426 0x13cc  circlass - ok
11:56:59.0473 0x13cc  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
11:56:59.0489 0x13cc  CLFS - ok
11:56:59.0629 0x13cc  [ 1352A95AD8150440E0A5DD9745154D74, CF78A6267A246F747844FFA255783B5867B0A7232C65AF6224B25B2FBB893313 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:56:59.0707 0x13cc  ClickToRunSvc - ok
11:56:59.0754 0x13cc  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
11:56:59.0770 0x13cc  CmBatt - ok
11:56:59.0817 0x13cc  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
11:56:59.0848 0x13cc  CNG - ok
11:56:59.0864 0x13cc  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
11:56:59.0879 0x13cc  CompositeBus - ok
11:56:59.0895 0x13cc  COMSysApp - ok
11:56:59.0911 0x13cc  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
11:56:59.0911 0x13cc  condrv - ok
11:57:00.0051 0x13cc  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:57:00.0067 0x13cc  cphs - ok
11:57:00.0114 0x13cc  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
11:57:00.0129 0x13cc  CryptSvc - ok
11:57:00.0176 0x13cc  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
11:57:00.0176 0x13cc  dam - ok
11:57:00.0239 0x13cc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:57:00.0286 0x13cc  DcomLaunch - ok
11:57:00.0317 0x13cc  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
11:57:00.0348 0x13cc  defragsvc - ok
11:57:00.0395 0x13cc  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:57:00.0426 0x13cc  DeviceAssociationService - ok
11:57:00.0442 0x13cc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
11:57:00.0489 0x13cc  DeviceInstall - ok
11:57:00.0520 0x13cc  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
11:57:00.0536 0x13cc  Dfsc - ok
11:57:00.0551 0x13cc  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
11:57:00.0598 0x13cc  Dhcp - ok
11:57:00.0692 0x13cc  [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
11:57:00.0833 0x13cc  DiagTrack - ok
11:57:00.0864 0x13cc  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
11:57:00.0879 0x13cc  disk - ok
11:57:00.0926 0x13cc  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
11:57:00.0942 0x13cc  dmvsc - ok
11:57:00.0973 0x13cc  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:57:01.0004 0x13cc  Dnscache - ok
11:57:01.0036 0x13cc  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:57:01.0067 0x13cc  dot3svc - ok
11:57:01.0083 0x13cc  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
11:57:01.0098 0x13cc  DPS - ok
11:57:01.0114 0x13cc  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:57:01.0129 0x13cc  drmkaud - ok
11:57:01.0161 0x13cc  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
11:57:01.0192 0x13cc  DsmSvc - ok
11:57:01.0270 0x13cc  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:57:01.0333 0x13cc  DXGKrnl - ok
11:57:01.0379 0x13cc  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
11:57:01.0395 0x13cc  Eaphost - ok
11:57:01.0520 0x13cc  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
11:57:01.0645 0x13cc  ebdrv - ok
11:57:01.0692 0x13cc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
11:57:01.0708 0x13cc  EFS - ok
11:57:01.0723 0x13cc  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
11:57:01.0723 0x13cc  EhStorClass - ok
11:57:01.0754 0x13cc  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:57:01.0770 0x13cc  EhStorTcgDrv - ok
11:57:01.0801 0x13cc  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
11:57:01.0801 0x13cc  ErrDev - ok
11:57:01.0911 0x13cc  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
11:57:01.0926 0x13cc  EventSystem - ok
11:57:01.0958 0x13cc  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
11:57:01.0973 0x13cc  exfat - ok
11:57:01.0989 0x13cc  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
11:57:02.0004 0x13cc  fastfat - ok
11:57:02.0051 0x13cc  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:57:02.0098 0x13cc  Fax - ok
11:57:02.0114 0x13cc  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
11:57:02.0129 0x13cc  fdc - ok
11:57:02.0161 0x13cc  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
11:57:02.0192 0x13cc  fdPHost - ok
11:57:02.0223 0x13cc  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
11:57:02.0239 0x13cc  FDResPub - ok
11:57:02.0254 0x13cc  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
11:57:02.0270 0x13cc  fhsvc - ok
11:57:02.0270 0x13cc  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
11:57:02.0286 0x13cc  FileInfo - ok
11:57:02.0301 0x13cc  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
11:57:02.0317 0x13cc  Filetrace - ok
11:57:02.0333 0x13cc  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
11:57:02.0348 0x13cc  flpydisk - ok
11:57:02.0379 0x13cc  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:57:02.0395 0x13cc  FltMgr - ok
11:57:02.0458 0x13cc  [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache       C:\WINDOWS\system32\FntCache.dll
11:57:02.0536 0x13cc  FontCache - ok
11:57:02.0629 0x13cc  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:57:02.0629 0x13cc  FontCache3.0.0.0 - ok
11:57:02.0676 0x13cc  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
11:57:02.0676 0x13cc  FsDepends - ok
11:57:02.0692 0x13cc  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:57:02.0708 0x13cc  Fs_Rec - ok
11:57:02.0739 0x13cc  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:57:02.0754 0x13cc  fvevol - ok
11:57:02.0786 0x13cc  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
11:57:02.0801 0x13cc  FxPPM - ok
11:57:02.0817 0x13cc  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
11:57:02.0833 0x13cc  gagp30kx - ok
11:57:02.0864 0x13cc  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
11:57:02.0864 0x13cc  gencounter - ok
11:57:02.0911 0x13cc  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:57:02.0926 0x13cc  GPIOClx0101 - ok
11:57:02.0989 0x13cc  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
11:57:03.0067 0x13cc  gpsvc - ok
11:57:03.0145 0x13cc  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:57:03.0161 0x13cc  gupdate - ok
11:57:03.0161 0x13cc  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:57:03.0161 0x13cc  gupdatem - ok
11:57:03.0192 0x13cc  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
11:57:03.0208 0x13cc  HDAudBus - ok
11:57:03.0239 0x13cc  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
11:57:03.0254 0x13cc  HidBatt - ok
11:57:03.0286 0x13cc  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
11:57:03.0317 0x13cc  HidBth - ok
11:57:03.0333 0x13cc  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
11:57:03.0348 0x13cc  hidi2c - ok
11:57:03.0380 0x13cc  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
11:57:03.0395 0x13cc  HidIr - ok
11:57:03.0426 0x13cc  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
11:57:03.0458 0x13cc  hidserv - ok
11:57:03.0489 0x13cc  [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch       C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
11:57:03.0504 0x13cc  HIDSwitch - ok
11:57:03.0520 0x13cc  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
11:57:03.0536 0x13cc  HidUsb - ok
11:57:03.0583 0x13cc  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
11:57:03.0598 0x13cc  hkmsvc - ok
11:57:03.0629 0x13cc  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:57:03.0661 0x13cc  HomeGroupListener - ok
11:57:03.0723 0x13cc  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:57:03.0770 0x13cc  HomeGroupProvider - ok
11:57:03.0801 0x13cc  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
11:57:03.0817 0x13cc  HpSAMD - ok
11:57:03.0880 0x13cc  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
11:57:03.0942 0x13cc  HTTP - ok
11:57:03.0989 0x13cc  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
11:57:03.0989 0x13cc  hwpolicy - ok
11:57:04.0020 0x13cc  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
11:57:04.0036 0x13cc  hyperkbd - ok
11:57:04.0051 0x13cc  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:57:04.0067 0x13cc  HyperVideo - ok
11:57:04.0098 0x13cc  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
11:57:04.0130 0x13cc  i8042prt - ok
11:57:04.0145 0x13cc  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
11:57:04.0145 0x13cc  iaLPSSi_GPIO - ok
11:57:04.0176 0x13cc  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
11:57:04.0176 0x13cc  iaLPSSi_I2C - ok
11:57:04.0239 0x13cc  [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
11:57:04.0255 0x13cc  iaStorA - ok
11:57:04.0317 0x13cc  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
11:57:04.0364 0x13cc  iaStorAV - ok
11:57:04.0395 0x13cc  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
11:57:04.0411 0x13cc  iaStorV - ok
11:57:04.0426 0x13cc  IEEtwCollectorService - ok
11:57:04.0614 0x13cc  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:57:04.0833 0x13cc  igfx - ok
11:57:04.0895 0x13cc  [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
11:57:04.0958 0x13cc  IKEEXT - ok
11:57:05.0130 0x13cc  [ DC052337C24A87AA1ACC8FCE4F2D5C7F, A438A7A519E9B05DAC2AB097BFBDCD42766E9EAA66054DD6946D27802F0B150A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
11:57:05.0301 0x13cc  IntcAzAudAddService - ok
11:57:05.0364 0x13cc  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:57:05.0395 0x13cc  IntcDAud - ok
11:57:05.0505 0x13cc  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:57:05.0551 0x13cc  Intel® Capability Licensing Service Interface - ok
11:57:05.0630 0x13cc  [ 9656F8E29F6C3161A3E99BCD3A472FF9, 30AD00B53CCB2E4121508729F3471D3C0568F1C32324C398382C97E8BC43ECF0 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
11:57:05.0645 0x13cc  Intel® ME Service - ok
11:57:05.0676 0x13cc  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
11:57:05.0676 0x13cc  intelide - ok
11:57:05.0708 0x13cc  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
11:57:05.0723 0x13cc  intelpep - ok
11:57:05.0755 0x13cc  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
11:57:05.0770 0x13cc  intelppm - ok
11:57:05.0802 0x13cc  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:57:05.0817 0x13cc  IpFilterDriver - ok
11:57:05.0911 0x13cc  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
11:57:05.0989 0x13cc  iphlpsvc - ok
11:57:06.0020 0x13cc  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:57:06.0036 0x13cc  IPMIDRV - ok
11:57:06.0052 0x13cc  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
11:57:06.0083 0x13cc  IPNAT - ok
11:57:06.0098 0x13cc  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
11:57:06.0114 0x13cc  IRENUM - ok
11:57:06.0161 0x13cc  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:57:06.0161 0x13cc  isapnp - ok
11:57:06.0223 0x13cc  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
11:57:06.0239 0x13cc  iScsiPrt - ok
11:57:06.0286 0x13cc  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
11:57:06.0301 0x13cc  jhi_service - ok
11:57:06.0317 0x13cc  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
11:57:06.0333 0x13cc  kbdclass - ok
11:57:06.0364 0x13cc  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
11:57:06.0380 0x13cc  kbdhid - ok
11:57:06.0411 0x13cc  [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr         C:\WINDOWS\System32\drivers\kbfiltr.sys
11:57:06.0411 0x13cc  kbfiltr - ok
11:57:06.0427 0x13cc  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:57:06.0458 0x13cc  kdnic - ok
11:57:06.0473 0x13cc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
11:57:06.0473 0x13cc  KeyIso - ok
11:57:06.0489 0x13cc  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
11:57:06.0505 0x13cc  KSecDD - ok
11:57:06.0552 0x13cc  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:57:06.0567 0x13cc  KSecPkg - ok
11:57:06.0583 0x13cc  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
11:57:06.0598 0x13cc  ksthunk - ok
11:57:06.0630 0x13cc  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
11:57:06.0645 0x13cc  KtmRm - ok
11:57:06.0692 0x13cc  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
11:57:06.0723 0x13cc  LanmanServer - ok
11:57:06.0755 0x13cc  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:57:06.0786 0x13cc  LanmanWorkstation - ok
11:57:06.0833 0x13cc  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
11:57:06.0895 0x13cc  lfsvc - ok
11:57:06.0927 0x13cc  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:57:06.0942 0x13cc  lltdio - ok
11:57:06.0989 0x13cc  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
11:57:07.0020 0x13cc  lltdsvc - ok
11:57:07.0052 0x13cc  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
11:57:07.0083 0x13cc  lmhosts - ok
11:57:07.0130 0x13cc  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:57:07.0145 0x13cc  LMS - ok
11:57:07.0177 0x13cc  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
11:57:07.0192 0x13cc  LSI_SAS - ok
11:57:07.0208 0x13cc  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:57:07.0223 0x13cc  LSI_SAS2 - ok
11:57:07.0239 0x13cc  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
11:57:07.0255 0x13cc  LSI_SAS3 - ok
11:57:07.0270 0x13cc  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
11:57:07.0286 0x13cc  LSI_SSS - ok
11:57:07.0348 0x13cc  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
11:57:07.0411 0x13cc  LSM - ok
11:57:07.0442 0x13cc  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
11:57:07.0458 0x13cc  luafv - ok
11:57:07.0473 0x13cc  MBAMSwissArmy - ok
11:57:07.0505 0x13cc  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
11:57:07.0520 0x13cc  megasas - ok
11:57:07.0567 0x13cc  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
11:57:07.0614 0x13cc  megasr - ok
11:57:07.0645 0x13cc  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
11:57:07.0661 0x13cc  MEIx64 - ok
11:57:07.0692 0x13cc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
11:57:07.0723 0x13cc  MMCSS - ok
11:57:07.0755 0x13cc  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
11:57:07.0770 0x13cc  Modem - ok
11:57:07.0786 0x13cc  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
11:57:07.0817 0x13cc  monitor - ok
11:57:07.0848 0x13cc  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
11:57:07.0848 0x13cc  mouclass - ok
11:57:07.0895 0x13cc  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
11:57:07.0911 0x13cc  mouhid - ok
11:57:07.0958 0x13cc  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
11:57:07.0973 0x13cc  mountmgr - ok
11:57:08.0005 0x13cc  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:57:08.0020 0x13cc  MozillaMaintenance - ok
11:57:08.0036 0x13cc  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
11:57:08.0052 0x13cc  mpsdrv - ok
11:57:08.0114 0x13cc  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
11:57:08.0177 0x13cc  MpsSvc - ok
11:57:08.0208 0x13cc  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
11:57:08.0239 0x13cc  MRxDAV - ok
11:57:08.0255 0x13cc  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:08.0286 0x13cc  mrxsmb - ok
11:57:08.0302 0x13cc  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:57:08.0333 0x13cc  mrxsmb10 - ok
11:57:08.0348 0x13cc  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:57:08.0364 0x13cc  mrxsmb20 - ok
11:57:08.0395 0x13cc  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
11:57:08.0411 0x13cc  MsBridge - ok
11:57:08.0442 0x13cc  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:57:08.0458 0x13cc  MSDTC - ok
11:57:08.0458 0x13cc  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:57:08.0489 0x13cc  Msfs - ok
11:57:08.0505 0x13cc  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:57:08.0520 0x13cc  msgpiowin32 - ok
11:57:08.0536 0x13cc  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:57:08.0536 0x13cc  mshidkmdf - ok
11:57:08.0552 0x13cc  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
11:57:08.0567 0x13cc  mshidumdf - ok
11:57:08.0583 0x13cc  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
11:57:08.0598 0x13cc  msisadrv - ok
11:57:08.0630 0x13cc  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
11:57:08.0661 0x13cc  MSiSCSI - ok
11:57:08.0661 0x13cc  msiserver - ok
11:57:08.0677 0x13cc  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:08.0692 0x13cc  MSKSSRV - ok
11:57:08.0708 0x13cc  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:57:08.0723 0x13cc  MsLldp - ok
11:57:08.0755 0x13cc  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:08.0770 0x13cc  MSPCLOCK - ok
11:57:08.0786 0x13cc  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:08.0802 0x13cc  MSPQM - ok
11:57:08.0849 0x13cc  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
11:57:08.0880 0x13cc  MsRPC - ok
11:57:08.0880 0x13cc  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
11:57:08.0895 0x13cc  mssmbios - ok
11:57:08.0911 0x13cc  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:57:08.0927 0x13cc  MSTEE - ok
11:57:08.0927 0x13cc  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
11:57:08.0942 0x13cc  MTConfig - ok
11:57:08.0958 0x13cc  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
11:57:08.0958 0x13cc  Mup - ok
11:57:08.0989 0x13cc  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
11:57:09.0005 0x13cc  mvumis - ok
11:57:09.0036 0x13cc  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
11:57:09.0067 0x13cc  napagent - ok
11:57:09.0130 0x13cc  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:57:09.0161 0x13cc  NativeWifiP - ok
11:57:09.0208 0x13cc  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
11:57:09.0239 0x13cc  NcaSvc - ok
11:57:09.0255 0x13cc  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
11:57:09.0286 0x13cc  NcbService - ok
11:57:09.0302 0x13cc  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
11:57:09.0333 0x13cc  NcdAutoSetup - ok
11:57:09.0380 0x13cc  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
11:57:09.0474 0x13cc  NDIS - ok
11:57:09.0505 0x13cc  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:57:09.0520 0x13cc  NdisCap - ok
11:57:09.0536 0x13cc  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:57:09.0567 0x13cc  NdisImPlatform - ok
11:57:09.0599 0x13cc  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:09.0614 0x13cc  NdisTapi - ok
11:57:09.0661 0x13cc  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:09.0677 0x13cc  Ndisuio - ok
11:57:09.0692 0x13cc  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
11:57:09.0708 0x13cc  NdisVirtualBus - ok
11:57:09.0739 0x13cc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:09.0755 0x13cc  NdisWan - ok
11:57:09.0770 0x13cc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:09.0802 0x13cc  NdisWanLegacy - ok
11:57:09.0817 0x13cc  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:09.0849 0x13cc  NDProxy - ok
11:57:09.0880 0x13cc  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
11:57:09.0895 0x13cc  Ndu - ok
11:57:09.0895 0x13cc  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:09.0911 0x13cc  NetBIOS - ok
11:57:09.0927 0x13cc  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:09.0942 0x13cc  NetBT - ok
11:57:09.0958 0x13cc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:57:09.0974 0x13cc  Netlogon - ok
11:57:10.0005 0x13cc  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
11:57:10.0036 0x13cc  Netman - ok
11:57:10.0083 0x13cc  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
11:57:10.0130 0x13cc  netprofm - ok
11:57:10.0192 0x13cc  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:57:10.0224 0x13cc  NetTcpPortSharing - ok
11:57:10.0239 0x13cc  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
11:57:10.0255 0x13cc  netvsc - ok
11:57:10.0302 0x13cc  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
11:57:10.0349 0x13cc  NlaSvc - ok
11:57:10.0364 0x13cc  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:57:10.0380 0x13cc  Npfs - ok
11:57:10.0411 0x13cc  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
11:57:10.0427 0x13cc  npsvctrig - ok
11:57:10.0474 0x13cc  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
11:57:10.0489 0x13cc  nsi - ok
11:57:10.0489 0x13cc  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
11:57:10.0505 0x13cc  nsiproxy - ok
11:57:10.0583 0x13cc  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:10.0677 0x13cc  Ntfs - ok
11:57:10.0692 0x13cc  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:57:10.0708 0x13cc  Null - ok
11:57:10.0739 0x13cc  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:57:10.0755 0x13cc  nvraid - ok
11:57:10.0770 0x13cc  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
11:57:10.0786 0x13cc  nvstor - ok
11:57:10.0802 0x13cc  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
11:57:10.0817 0x13cc  nv_agp - ok
11:57:10.0864 0x13cc  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:57:10.0880 0x13cc  ose64 - ok
11:57:10.0927 0x13cc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:57:10.0989 0x13cc  p2pimsvc - ok
11:57:11.0099 0x13cc  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
11:57:11.0130 0x13cc  p2psvc - ok
11:57:11.0145 0x13cc  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
11:57:11.0161 0x13cc  Parport - ok
11:57:11.0192 0x13cc  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
11:57:11.0192 0x13cc  partmgr - ok
11:57:11.0224 0x13cc  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
11:57:11.0270 0x13cc  PcaSvc - ok
11:57:11.0333 0x13cc  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
11:57:11.0349 0x13cc  pci - ok
11:57:11.0364 0x13cc  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
11:57:11.0380 0x13cc  pciide - ok
11:57:11.0396 0x13cc  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
11:57:11.0411 0x13cc  pcmcia - ok
11:57:11.0427 0x13cc  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
11:57:11.0427 0x13cc  pcw - ok
11:57:11.0458 0x13cc  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
11:57:11.0474 0x13cc  pdc - ok
11:57:11.0521 0x13cc  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
11:57:11.0583 0x13cc  PEAUTH - ok
11:57:11.0708 0x13cc  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
11:57:11.0724 0x13cc  PerfHost - ok
11:57:11.0802 0x13cc  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
11:57:11.0896 0x13cc  pla - ok
11:57:11.0942 0x13cc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
11:57:11.0958 0x13cc  PlugPlay - ok
11:57:11.0974 0x13cc  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
11:57:11.0989 0x13cc  PNRPAutoReg - ok
11:57:12.0021 0x13cc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
11:57:12.0036 0x13cc  PNRPsvc - ok
11:57:12.0083 0x13cc  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
11:57:12.0114 0x13cc  PolicyAgent - ok
11:57:12.0146 0x13cc  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
11:57:12.0161 0x13cc  Power - ok
11:57:12.0333 0x13cc  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
11:57:12.0427 0x13cc  PrintNotify - ok
11:57:12.0458 0x13cc  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
11:57:12.0474 0x13cc  Processor - ok
11:57:12.0521 0x13cc  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
11:57:12.0552 0x13cc  ProfSvc - ok
11:57:12.0567 0x13cc  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
11:57:12.0583 0x13cc  Psched - ok
11:57:12.0614 0x13cc  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
11:57:12.0614 0x13cc  PSI - ok
11:57:12.0646 0x13cc  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
11:57:12.0692 0x13cc  QWAVE - ok
11:57:12.0724 0x13cc  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
11:57:12.0739 0x13cc  QWAVEdrv - ok
11:57:12.0771 0x13cc  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:12.0786 0x13cc  RasAcd - ok
11:57:12.0817 0x13cc  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:57:12.0833 0x13cc  RasAuto - ok
11:57:12.0880 0x13cc  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:57:12.0927 0x13cc  RasMan - ok
11:57:12.0942 0x13cc  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:12.0958 0x13cc  RasPppoe - ok
11:57:12.0989 0x13cc  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:13.0021 0x13cc  rdbss - ok
11:57:13.0036 0x13cc  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
11:57:13.0067 0x13cc  rdpbus - ok
11:57:13.0083 0x13cc  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
11:57:13.0114 0x13cc  RDPDR - ok
11:57:13.0130 0x13cc  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:57:13.0130 0x13cc  RdpVideoMiniport - ok
11:57:13.0177 0x13cc  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
11:57:13.0192 0x13cc  rdyboost - ok
11:57:13.0255 0x13cc  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
11:57:13.0302 0x13cc  ReFS - ok
11:57:13.0349 0x13cc  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:57:13.0380 0x13cc  RemoteAccess - ok
11:57:13.0411 0x13cc  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:57:13.0442 0x13cc  RemoteRegistry - ok
11:57:13.0458 0x13cc  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
11:57:13.0489 0x13cc  RpcEptMapper - ok
11:57:13.0505 0x13cc  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:57:13.0536 0x13cc  RpcLocator - ok
11:57:13.0583 0x13cc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:57:13.0614 0x13cc  RpcSs - ok
11:57:13.0661 0x13cc  [ 7B386B880EDAD12C5102B448E2A3127C, 9B7906AA6F043533B8665012445D63733C703DB77EAAEFB5985C32437A03D56F ] RSBASTOR        C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys
11:57:13.0677 0x13cc  RSBASTOR - ok
11:57:13.0708 0x13cc  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:57:13.0724 0x13cc  rspndr - ok
11:57:13.0755 0x13cc  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:57:13.0802 0x13cc  RTL8168 - ok
11:57:13.0849 0x13cc  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
11:57:13.0864 0x13cc  s3cap - ok
11:57:13.0896 0x13cc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
11:57:13.0911 0x13cc  SamSs - ok
11:57:13.0958 0x13cc  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
11:57:13.0974 0x13cc  sbp2port - ok
11:57:14.0005 0x13cc  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
11:57:14.0036 0x13cc  SCardSvr - ok
11:57:14.0052 0x13cc  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
11:57:14.0067 0x13cc  ScDeviceEnum - ok
11:57:14.0083 0x13cc  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:57:14.0099 0x13cc  scfilter - ok
11:57:14.0177 0x13cc  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:57:14.0255 0x13cc  Schedule - ok
11:57:14.0302 0x13cc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
11:57:14.0318 0x13cc  SCPolicySvc - ok
11:57:14.0364 0x13cc  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
11:57:14.0380 0x13cc  sdbus - ok
11:57:14.0427 0x13cc  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
11:57:14.0443 0x13cc  sdstor - ok
11:57:14.0458 0x13cc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
11:57:14.0474 0x13cc  secdrv - ok
11:57:14.0489 0x13cc  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
11:57:14.0505 0x13cc  seclogon - ok
11:57:14.0646 0x13cc  [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:57:14.0708 0x13cc  Secunia PSI Agent - ok
11:57:14.0739 0x13cc  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
11:57:14.0755 0x13cc  SENS - ok
11:57:14.0786 0x13cc  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
11:57:14.0818 0x13cc  SensrSvc - ok
11:57:14.0833 0x13cc  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
11:57:14.0849 0x13cc  SerCx - ok
11:57:14.0880 0x13cc  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
11:57:14.0896 0x13cc  SerCx2 - ok
11:57:14.0927 0x13cc  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
11:57:14.0927 0x13cc  Serenum - ok
11:57:14.0958 0x13cc  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
11:57:14.0974 0x13cc  Serial - ok
11:57:15.0005 0x13cc  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
11:57:15.0036 0x13cc  sermouse - ok
11:57:15.0068 0x13cc  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
11:57:15.0130 0x13cc  SessionEnv - ok
11:57:15.0161 0x13cc  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
11:57:15.0177 0x13cc  sfloppy - ok
11:57:15.0224 0x13cc  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:57:15.0271 0x13cc  SharedAccess - ok
11:57:15.0364 0x13cc  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:57:15.0411 0x13cc  ShellHWDetection - ok
11:57:15.0443 0x13cc  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:57:15.0443 0x13cc  SiSRaid2 - ok
11:57:15.0458 0x13cc  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:57:15.0474 0x13cc  SiSRaid4 - ok
11:57:15.0521 0x13cc  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
11:57:15.0536 0x13cc  smphost - ok
11:57:15.0568 0x13cc  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:57:15.0583 0x13cc  SNMPTRAP - ok
11:57:15.0614 0x13cc  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
11:57:15.0630 0x13cc  spaceport - ok
11:57:15.0661 0x13cc  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
11:57:15.0661 0x13cc  SpbCx - ok
11:57:15.0724 0x13cc  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
11:57:15.0786 0x13cc  Spooler - ok
11:57:16.0005 0x13cc  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
11:57:16.0224 0x13cc  sppsvc - ok
11:57:16.0255 0x13cc  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:57:16.0286 0x13cc  srv - ok
11:57:16.0318 0x13cc  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
11:57:16.0349 0x13cc  srv2 - ok
11:57:16.0364 0x13cc  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:57:16.0380 0x13cc  srvnet - ok
11:57:16.0443 0x13cc  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:57:16.0458 0x13cc  SSDPSRV - ok
11:57:16.0505 0x13cc  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
11:57:16.0521 0x13cc  SstpSvc - ok
11:57:16.0536 0x13cc  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
11:57:16.0552 0x13cc  stexstor - ok
11:57:16.0614 0x13cc  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
11:57:16.0677 0x13cc  stisvc - ok
11:57:16.0708 0x13cc  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
11:57:16.0724 0x13cc  storahci - ok
11:57:16.0755 0x13cc  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
11:57:16.0755 0x13cc  storflt - ok
11:57:16.0771 0x13cc  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
11:57:16.0786 0x13cc  stornvme - ok
11:57:16.0818 0x13cc  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
11:57:16.0849 0x13cc  StorSvc - ok
11:57:16.0865 0x13cc  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
11:57:16.0880 0x13cc  storvsc - ok
11:57:16.0911 0x13cc  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
11:57:16.0927 0x13cc  svsvc - ok
11:57:16.0958 0x13cc  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
11:57:16.0958 0x13cc  swenum - ok
11:57:17.0005 0x13cc  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
11:57:17.0052 0x13cc  swprv - ok
11:57:17.0115 0x13cc  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
11:57:17.0193 0x13cc  SysMain - ok
11:57:17.0208 0x13cc  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:57:17.0255 0x13cc  SystemEventsBroker - ok
11:57:17.0286 0x13cc  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:57:17.0318 0x13cc  TabletInputService - ok
11:57:17.0349 0x13cc  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:57:17.0411 0x13cc  TapiSrv - ok
11:57:17.0552 0x13cc  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
11:57:17.0646 0x13cc  Tcpip - ok
11:57:17.0740 0x13cc  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:57:17.0818 0x13cc  TCPIP6 - ok
11:57:17.0865 0x13cc  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
11:57:17.0896 0x13cc  tcpipreg - ok
11:57:17.0943 0x13cc  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
11:57:17.0943 0x13cc  tdx - ok
11:57:17.0974 0x13cc  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
11:57:17.0990 0x13cc  terminpt - ok
11:57:18.0052 0x13cc  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:57:18.0115 0x13cc  TermService - ok
11:57:18.0130 0x13cc  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
11:57:18.0146 0x13cc  Themes - ok
11:57:18.0177 0x13cc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
11:57:18.0193 0x13cc  THREADORDER - ok
11:57:18.0208 0x13cc  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
11:57:18.0255 0x13cc  TimeBroker - ok
11:57:18.0271 0x13cc  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
11:57:18.0286 0x13cc  TPM - ok
11:57:18.0302 0x13cc  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
11:57:18.0318 0x13cc  TrkWks - ok
11:57:18.0396 0x13cc  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:57:18.0411 0x13cc  TrustedInstaller - ok
11:57:18.0443 0x13cc  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
11:57:18.0474 0x13cc  TsUsbFlt - ok
11:57:18.0490 0x13cc  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:57:18.0505 0x13cc  TsUsbGD - ok
11:57:18.0536 0x13cc  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:57:18.0552 0x13cc  tunnel - ok
11:57:18.0583 0x13cc  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
11:57:18.0583 0x13cc  uagp35 - ok
11:57:18.0615 0x13cc  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
11:57:18.0615 0x13cc  UASPStor - ok
11:57:18.0646 0x13cc  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
11:57:18.0661 0x13cc  UCX01000 - ok
11:57:18.0708 0x13cc  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
11:57:18.0740 0x13cc  udfs - ok
11:57:18.0755 0x13cc  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
11:57:18.0771 0x13cc  UEFI - ok
11:57:18.0802 0x13cc  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
11:57:18.0818 0x13cc  UI0Detect - ok
11:57:18.0833 0x13cc  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
11:57:18.0849 0x13cc  uliagpkx - ok
11:57:18.0865 0x13cc  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
11:57:18.0880 0x13cc  umbus - ok
11:57:18.0911 0x13cc  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
11:57:18.0911 0x13cc  UmPass - ok
11:57:18.0958 0x13cc  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
11:57:19.0005 0x13cc  UmRdpService - ok
11:57:19.0099 0x13cc  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:57:19.0115 0x13cc  UNS - ok
11:57:19.0146 0x13cc  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:57:19.0177 0x13cc  upnphost - ok
11:57:19.0193 0x13cc  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
11:57:19.0208 0x13cc  usbccgp - ok
11:57:19.0318 0x13cc  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
11:57:19.0333 0x13cc  usbcir - ok
11:57:19.0380 0x13cc  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
11:57:19.0396 0x13cc  usbehci - ok
11:57:19.0427 0x13cc  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
11:57:19.0458 0x13cc  usbhub - ok
11:57:19.0521 0x13cc  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
11:57:19.0552 0x13cc  USBHUB3 - ok
11:57:19.0568 0x13cc  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
11:57:19.0599 0x13cc  usbohci - ok
11:57:19.0615 0x13cc  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
11:57:19.0630 0x13cc  usbprint - ok
11:57:19.0646 0x13cc  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:57:19.0662 0x13cc  USBSTOR - ok
11:57:19.0677 0x13cc  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
11:57:19.0693 0x13cc  usbuhci - ok
11:57:19.0740 0x13cc  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
11:57:19.0755 0x13cc  usbvideo - ok
11:57:19.0787 0x13cc  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:57:19.0802 0x13cc  USBXHCI - ok
11:57:19.0802 0x13cc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
11:57:19.0818 0x13cc  VaultSvc - ok
11:57:19.0833 0x13cc  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
11:57:19.0849 0x13cc  vdrvroot - ok
11:57:19.0927 0x13cc  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
11:57:20.0005 0x13cc  vds - ok
11:57:20.0177 0x13cc  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
11:57:20.0193 0x13cc  VerifierExt - ok
11:57:20.0240 0x13cc  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
11:57:20.0287 0x13cc  vhdmp - ok
11:57:20.0333 0x13cc  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
11:57:20.0333 0x13cc  viaide - ok
11:57:20.0365 0x13cc  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
11:57:20.0380 0x13cc  vmbus - ok
11:57:20.0396 0x13cc  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
11:57:20.0412 0x13cc  VMBusHID - ok
11:57:20.0458 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
11:57:20.0490 0x13cc  vmicguestinterface - ok
11:57:20.0521 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
11:57:20.0537 0x13cc  vmicheartbeat - ok
11:57:20.0552 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:57:20.0583 0x13cc  vmickvpexchange - ok
11:57:20.0599 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
11:57:20.0630 0x13cc  vmicrdv - ok
11:57:20.0646 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
11:57:20.0677 0x13cc  vmicshutdown - ok
11:57:20.0693 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
11:57:20.0708 0x13cc  vmictimesync - ok
11:57:20.0740 0x13cc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
11:57:20.0755 0x13cc  vmicvss - ok
11:57:20.0771 0x13cc  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
11:57:20.0787 0x13cc  volmgr - ok
11:57:20.0802 0x13cc  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
11:57:20.0833 0x13cc  volmgrx - ok
11:57:20.0849 0x13cc  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
11:57:20.0880 0x13cc  volsnap - ok
11:57:20.0912 0x13cc  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
11:57:20.0927 0x13cc  vpci - ok
11:57:20.0974 0x13cc  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
11:57:20.0990 0x13cc  vsmraid - ok
11:57:21.0099 0x13cc  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\WINDOWS\system32\vssvc.exe
11:57:21.0177 0x13cc  VSS - ok
11:57:21.0208 0x13cc  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
11:57:21.0224 0x13cc  VSTXRAID - ok
11:57:21.0240 0x13cc  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
11:57:21.0271 0x13cc  vwifibus - ok
11:57:21.0287 0x13cc  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:57:21.0302 0x13cc  vwififlt - ok
11:57:21.0318 0x13cc  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:57:21.0333 0x13cc  vwifimp - ok
11:57:21.0365 0x13cc  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:57:21.0427 0x13cc  W32Time - ok
11:57:21.0443 0x13cc  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
11:57:21.0458 0x13cc  WacomPen - ok
11:57:21.0552 0x13cc  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
11:57:21.0646 0x13cc  wbengine - ok
11:57:21.0708 0x13cc  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
11:57:21.0771 0x13cc  WbioSrvc - ok
11:57:21.0787 0x13cc  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
11:57:21.0802 0x13cc  Wcmsvc - ok
11:57:21.0833 0x13cc  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
11:57:21.0865 0x13cc  wcncsvc - ok
11:57:21.0896 0x13cc  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:57:21.0912 0x13cc  WcsPlugInService - ok
11:57:21.0959 0x13cc  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
11:57:21.0974 0x13cc  WdBoot - ok
11:57:22.0037 0x13cc  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
11:57:22.0068 0x13cc  Wdf01000 - ok
11:57:22.0084 0x13cc  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
11:57:22.0115 0x13cc  WdFilter - ok
11:57:22.0146 0x13cc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
11:57:22.0162 0x13cc  WdiServiceHost - ok
11:57:22.0177 0x13cc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
11:57:22.0193 0x13cc  WdiSystemHost - ok
11:57:22.0224 0x13cc  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
11:57:22.0240 0x13cc  WdNisDrv - ok
11:57:22.0271 0x13cc  WdNisSvc - ok
11:57:22.0302 0x13cc  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:57:22.0334 0x13cc  WebClient - ok
11:57:22.0365 0x13cc  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
11:57:22.0380 0x13cc  Wecsvc - ok
11:57:22.0412 0x13cc  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
11:57:22.0443 0x13cc  WEPHOSTSVC - ok
11:57:22.0459 0x13cc  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
11:57:22.0474 0x13cc  wercplsupport - ok
11:57:22.0490 0x13cc  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
11:57:22.0505 0x13cc  WerSvc - ok
11:57:22.0552 0x13cc  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:57:22.0568 0x13cc  WFPLWFS - ok
11:57:22.0584 0x13cc  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
11:57:22.0599 0x13cc  WiaRpc - ok
11:57:22.0630 0x13cc  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
11:57:22.0646 0x13cc  WIMMount - ok
11:57:22.0646 0x13cc  WinDefend - ok
11:57:22.0724 0x13cc  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:57:22.0771 0x13cc  WinHttpAutoProxySvc - ok
11:57:22.0834 0x13cc  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:57:22.0865 0x13cc  Winmgmt - ok
11:57:22.0974 0x13cc  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:57:23.0099 0x13cc  WinRM - ok
11:57:23.0193 0x13cc  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
11:57:23.0271 0x13cc  WlanSvc - ok
11:57:23.0334 0x13cc  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
11:57:23.0412 0x13cc  wlidsvc - ok
11:57:23.0443 0x13cc  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
11:57:23.0459 0x13cc  WmiAcpi - ok
11:57:23.0521 0x13cc  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:57:23.0537 0x13cc  wmiApSrv - ok
11:57:23.0568 0x13cc  WMPNetworkSvc - ok
11:57:23.0568 0x13cc  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
11:57:23.0584 0x13cc  Wof - ok
11:57:23.0662 0x13cc  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
11:57:23.0755 0x13cc  workfolderssvc - ok
11:57:23.0787 0x13cc  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:57:23.0802 0x13cc  wpcfltr - ok
11:57:23.0818 0x13cc  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
11:57:23.0849 0x13cc  WPCSvc - ok
11:57:23.0865 0x13cc  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
11:57:23.0896 0x13cc  WPDBusEnum - ok
11:57:23.0912 0x13cc  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:57:23.0927 0x13cc  WpdUpFltr - ok
11:57:23.0959 0x13cc  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:57:23.0974 0x13cc  ws2ifsl - ok
11:57:23.0990 0x13cc  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:57:24.0037 0x13cc  wscsvc - ok
11:57:24.0037 0x13cc  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
11:57:24.0052 0x13cc  WSDPrintDevice - ok
11:57:24.0099 0x13cc  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
11:57:24.0115 0x13cc  WSDScan - ok
11:57:24.0115 0x13cc  WSearch - ok
11:57:24.0271 0x13cc  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
11:57:24.0443 0x13cc  WSService - ok
11:57:24.0584 0x13cc  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
11:57:24.0756 0x13cc  wuauserv - ok
11:57:24.0787 0x13cc  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
11:57:24.0818 0x13cc  WudfPf - ok
11:57:24.0849 0x13cc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
11:57:24.0865 0x13cc  WUDFRd - ok
11:57:24.0881 0x13cc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:57:24.0896 0x13cc  WUDFSensorLP - ok
11:57:24.0943 0x13cc  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
11:57:24.0959 0x13cc  wudfsvc - ok
11:57:25.0006 0x13cc  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
11:57:25.0052 0x13cc  WwanSvc - ok
11:57:25.0052 0x13cc  ================ Scan global ===============================
11:57:25.0115 0x13cc  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
11:57:25.0162 0x13cc  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
11:57:25.0193 0x13cc  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
11:57:25.0224 0x13cc  [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
11:57:25.0240 0x13cc  [ Global ] - ok
11:57:25.0240 0x13cc  ================ Scan MBR ==================================
11:57:25.0256 0x13cc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:57:25.0396 0x13cc  \Device\Harddisk0\DR0 - ok
11:57:25.0396 0x13cc  ================ Scan VBR ==================================
11:57:25.0396 0x13cc  [ 1E6626A3E5CE0284C4A969F5249554B9 ] \Device\Harddisk0\DR0\Partition1
11:57:25.0427 0x13cc  \Device\Harddisk0\DR0\Partition1 - ok
11:57:25.0443 0x13cc  [ 98A2C6A6B3F652B910D55E6D0A937F38 ] \Device\Harddisk0\DR0\Partition2
11:57:25.0459 0x13cc  \Device\Harddisk0\DR0\Partition2 - ok
11:57:25.0474 0x13cc  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
11:57:25.0474 0x13cc  \Device\Harddisk0\DR0\Partition3 - ok
11:57:25.0490 0x13cc  [ D050888344223101B5D912D1B3960449 ] \Device\Harddisk0\DR0\Partition4
11:57:25.0506 0x13cc  \Device\Harddisk0\DR0\Partition4 - ok
11:57:25.0521 0x13cc  [ 7C4ED0734A76BFF1B3056EE8B49A2657 ] \Device\Harddisk0\DR0\Partition5
11:57:25.0552 0x13cc  \Device\Harddisk0\DR0\Partition5 - ok
11:57:25.0552 0x13cc  [ 7BF1A31A676985052443818F12DE8101 ] \Device\Harddisk0\DR0\Partition6
11:57:25.0568 0x13cc  \Device\Harddisk0\DR0\Partition6 - ok
11:57:25.0599 0x13cc  [ FA478C4485F92ECE573F40EE222A16D5 ] \Device\Harddisk0\DR0\Partition7
11:57:25.0615 0x13cc  \Device\Harddisk0\DR0\Partition7 - ok
11:57:25.0615 0x13cc  ================ Scan generic autorun ======================
11:57:25.0677 0x13cc  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\WINDOWS\system32\igfxtray.exe
11:57:25.0693 0x13cc  IgfxTray - ok
11:57:25.0724 0x13cc  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\WINDOWS\system32\hkcmd.exe
11:57:25.0740 0x13cc  HotKeysCmds - ok
11:57:25.0771 0x13cc  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\WINDOWS\system32\igfxpers.exe
11:57:25.0802 0x13cc  Persistence - ok
11:57:26.0302 0x13cc  [ F61140A7D41E2B3CB73D28A2F6ABC405, E2C242507C41398781A9C39B47F2104F9BC928E60950291759987BB4EE05AEBF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:57:26.0802 0x13cc  RTHDVCPL - ok
11:57:26.0849 0x13cc  ACMON - ok
11:57:26.0865 0x13cc  Adobe Reader Speed Launcher - ok
11:57:27.0115 0x13cc  [ 31EA4BC4328BDBC50CD5CA4870F09E06, 2BF16A98C4F92FA81B061A73C0DEE1B4BAA3310393F8E8CD838DAC79372E4F8D ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
11:57:27.0349 0x13cc  AvastUI.exe - ok
11:57:27.0490 0x13cc  [ A55FB42F0642DBF4817543A58E97721F, A4A8986EA050B1216D85749AB705EB36FE9D0FE0E833281DC63732B1FD4E4687 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
11:57:27.0506 0x13cc  SunJavaUpdateSched - ok
11:57:27.0553 0x13cc  [ 6D9C544ECF1D56AFDA3C03C19E75FE8B, 8FD676300ED596EDCB33F334709245424613CAB30868A2866785A47CBF689199 ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE
11:57:27.0568 0x13cc  EPSON9B1318 (Artisan 830) - ok
11:57:27.0568 0x13cc  Waiting for KSN requests completion. In queue: 121
11:57:28.0646 0x13cc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
11:57:28.0646 0x13cc  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
11:57:28.0678 0x13cc  Win FW state via NFP2: enabled
11:57:28.0865 0x13cc  ============================================================
11:57:28.0865 0x13cc  Scan finished
11:57:28.0865 0x13cc  ============================================================
11:57:28.0865 0x1860  Detected object count: 0
11:57:28.0865 0x1860  Actual detected object count: 0
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 06 May 2015 - 11:30 AM

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-05-05]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 May 2015 - 12:13 PM

Jurgen,

 

I just ran the farbar recovery scan as requested.  I already had the original FRST.txt file out my desktop and it appears that the file was not updated with this run.  A new folder was created on my desktop called FRST-OlderVersion.  I looked in there and I cannot find the new FRST log either. 

 

Just in case is apended to the current FRST.txt file I'm going to include that here, but if not let me know where I can go to get the recent log from today. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Admin (administrator) on STOEFFLER-LT1 on 05-05-2015 20:48:53
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin & Scott & Sandy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGXA.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\...\Run: [EPSON9B1318 (Artisan 830)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-05-05]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\Extensions\support@lastpass.com [2015-04-24]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (WOT) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (LastPass Vault) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0106921430873003mcinstcleanup; C:\Users\Admin\AppData\Local\Temp\010692~1.EXE [883024 2015-04-06] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 20:48 - 2015-05-05 20:49 - 00014711 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-05-05 20:48 - 2015-05-05 20:48 - 00000000 ____D () C:\FRST
2015-05-05 20:43 - 2015-05-05 20:43 - 00000000 ____D () C:\Program Files\McAfee
2015-05-05 20:41 - 2015-05-05 20:41 - 02101248 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-05-05 18:47 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-05 18:47 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-05 18:46 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-05 18:46 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-05 18:46 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-05 18:46 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-05 18:46 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-05 18:46 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-05 18:32 - 2015-05-05 18:32 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-05-05 18:32 - 2015-05-05 18:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Secunia PSI
2015-05-05 18:32 - 2015-05-05 18:32 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-05-05 18:31 - 2015-05-05 18:31 - 05490752 _____ (Secunia) C:\Users\Admin\Desktop\PSISetup.exe
2015-05-05 18:25 - 2015-05-05 18:25 - 05490752 _____ (Secunia) C:\Users\Scott\Downloads\PSISetup.exe
2015-05-01 18:37 - 2015-05-01 18:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-29 22:20 - 2015-04-29 22:22 - 00000000 ____D () C:\NPE
2015-04-29 22:17 - 2015-04-29 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\NPE
2015-04-29 22:17 - 2015-04-29 22:17 - 00000000 ____D () C:\ProgramData\Norton
2015-04-29 15:24 - 2015-05-05 20:32 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 15:24 - 2015-05-05 20:29 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 15:24 - 2015-04-29 15:24 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 15:24 - 2015-04-29 15:24 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 15:24 - 2015-04-29 15:24 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 15:24 - 2015-04-29 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-28 17:25 - 2015-05-05 18:24 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16522898-203C-4162-B060-2D5BA2E292CC}
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieUserList
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieSiteList
2015-04-28 17:25 - 2015-04-28 17:25 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieBrowserModeList
2015-04-28 17:22 - 2015-04-28 17:22 - 00880208 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe
2015-04-28 16:17 - 2015-04-28 16:17 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-28 16:17 - 2015-04-28 16:17 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-28 16:17 - 2015-04-28 16:17 - 00002069 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-28 16:16 - 2015-04-28 16:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-28 16:14 - 2015-04-28 16:17 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2015-04-28 15:56 - 2015-04-28 15:56 - 00000810 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-04-28 15:56 - 2015-04-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-04-28 15:56 - 2015-04-28 15:56 - 00000000 ____D () C:\Program Files\Speccy
2015-04-27 18:30 - 2015-04-27 18:30 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Macromedia
2015-04-27 18:30 - 2015-04-27 18:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Macromedia
2015-04-27 18:09 - 2015-04-27 18:09 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mozilla
2015-04-27 18:09 - 2015-04-27 18:09 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2015-04-27 17:12 - 2015-04-27 17:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1007
2015-04-27 17:07 - 2015-04-27 17:08 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Packages
2015-04-27 17:07 - 2015-04-27 17:07 - 00001448 _____ () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 17:07 - 2015-04-27 17:07 - 00000020 ___SH () C:\Users\Sandy\ntuser.ini
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\AVAST Software
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Adobe
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Local\VirtualStore
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Google
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 ____D () C:\Users\Sandy
2015-04-27 17:07 - 2015-04-27 17:07 - 00000000 _____ () C:\Users\Sandy\agent.log
2015-04-27 17:07 - 2015-04-22 17:45 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-27 17:07 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-27 17:07 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-27 17:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-27 17:05 - 2015-05-03 20:49 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1006
2015-04-27 17:00 - 2015-04-27 17:00 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AVAST Software
2015-04-27 16:59 - 2015-04-28 17:31 - 00000000 ____D () C:\Users\Scott\AppData\Local\Google
2015-04-27 16:59 - 2015-04-27 17:01 - 00000000 ____D () C:\Users\Scott\AppData\Local\Packages
2015-04-27 16:59 - 2015-04-27 16:59 - 00001448 _____ () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 16:59 - 2015-04-27 16:59 - 00000020 ___SH () C:\Users\Scott\ntuser.ini
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Adobe
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Local\VirtualStore
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 ____D () C:\Users\Scott
2015-04-27 16:59 - 2015-04-27 16:59 - 00000000 _____ () C:\Users\Scott\agent.log
2015-04-27 16:59 - 2015-04-22 17:45 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-27 16:59 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-27 16:59 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-27 16:59 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-27 16:37 - 2015-04-27 16:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-04-27 16:31 - 2015-04-27 16:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-27 16:29 - 2015-04-27 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-27 16:28 - 2015-05-05 18:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-27 16:27 - 2015-04-27 16:27 - 01482928 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Setup.x64.en-US_ProPlusRetail_P9NHX-MFG99-623J2-TH6WB-6VGXQ_TX_PR_act_1_.exe
2015-04-27 16:07 - 2015-04-27 16:07 - 00000952 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-04-27 16:07 - 2015-04-27 16:07 - 00000000 ____D () C:\Program Files (x86)\epson
2015-04-27 16:07 - 2009-12-09 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2015-04-27 16:07 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-04-27 16:07 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-04-27 16:05 - 2015-04-27 16:06 - 13343008 _____ () C:\Users\Admin\Downloads\epson13774.exe
2015-04-27 16:01 - 2015-04-27 16:01 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-04-27 16:00 - 2015-04-27 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-04-27 15:59 - 2015-04-27 16:01 - 00000000 ____D () C:\ProgramData\EPSON
2015-04-27 15:59 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_IBCBGXA.DLL
2015-04-27 15:59 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMGXA.DLL
2015-04-27 15:58 - 2015-04-27 15:58 - 14334240 _____ () C:\Users\Admin\Downloads\epson14825.exe
2015-04-25 12:03 - 2015-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Decrap my Computer
2015-04-25 12:03 - 2015-04-25 12:03 - 00001893 _____ () C:\Users\Admin\Desktop\Decrap my Computer.lnk
2015-04-25 12:03 - 2015-04-25 12:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2015-04-25 12:02 - 2015-04-25 12:02 - 05663088 _____ () C:\Users\Admin\Downloads\Decrap_Setup.exe
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 10:14 - 2015-04-25 10:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 22:37 - 2015-04-24 22:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-04-24 21:49 - 2015-04-24 21:49 - 00000000 ____D () C:\ProgramData\Sun
2015-04-24 21:48 - 2015-04-24 21:48 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 21:48 - 2015-04-24 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-24 21:47 - 2015-04-24 21:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-24 21:47 - 2015-04-24 21:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 21:46 - 2015-04-24 21:46 - 00561576 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe
2015-04-24 21:41 - 2015-05-05 20:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-24 21:41 - 2015-04-24 21:41 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-24 21:40 - 2015-04-28 16:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-04-24 17:21 - 2015-04-24 17:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-24 16:09 - 2015-04-24 16:09 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-24 16:09 - 2015-04-24 16:09 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-24 16:09 - 2015-04-24 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 16:09 - 2015-04-24 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 16:08 - 2015-04-24 16:08 - 00243304 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-24 07:32 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-23 22:14 - 2015-04-23 22:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2015-04-23 22:13 - 2015-04-27 16:10 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-23 22:13 - 2015-04-23 22:13 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-23 22:13 - 2015-04-23 22:13 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-23 22:13 - 2015-04-23 22:13 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-23 22:13 - 2015-04-23 22:13 - 00001940 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-23 22:13 - 2015-04-23 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-23 22:12 - 2015-04-23 22:12 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-23 22:11 - 2015-04-23 22:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-23 21:52 - 2015-04-23 21:52 - 05472992 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-04-23 21:52 - 2015-04-23 21:52 - 05472992 _____ (Avast Software s.r.o.) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
2015-04-23 20:40 - 2015-04-29 15:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-23 20:39 - 2015-04-29 15:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-04-23 20:39 - 2015-04-29 15:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-04-23 20:39 - 2015-04-23 20:39 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2015-04-23 20:37 - 2015-04-23 20:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-04-23 20:37 - 2015-04-23 20:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-04-23 20:37 - 2015-04-23 20:37 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-22 19:23 - 2015-04-22 19:23 - 00000000 __SHD () C:\Recovery
2015-04-22 19:23 - 2015-04-22 16:03 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-22 19:20 - 2015-04-22 19:20 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-22 19:18 - 2015-04-22 19:18 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-22 19:17 - 2015-04-22 19:17 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-22 19:17 - 2015-04-22 19:17 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-22 19:17 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-22 19:17 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-22 18:28 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-22 18:28 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-22 18:28 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-22 18:28 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-22 18:27 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-22 18:27 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-22 18:27 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-22 18:27 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-22 18:27 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-22 18:26 - 2015-03-13 22:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-22 18:26 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-22 18:26 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-22 18:25 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-22 18:25 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-22 18:25 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-22 18:25 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-22 18:24 - 2015-03-12 22:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-22 18:24 - 2015-03-12 22:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-22 18:24 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-22 18:24 - 2015-02-12 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-22 18:24 - 2015-02-12 21:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-22 18:23 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-22 18:23 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-22 18:23 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-04-22 18:23 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-04-22 18:23 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-04-22 18:23 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-04-22 18:23 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-04-22 18:23 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-04-22 18:23 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-04-22 18:22 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-22 18:22 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-22 18:22 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-04-22 18:22 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-04-22 18:22 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-04-22 18:22 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-04-22 18:22 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-04-22 18:22 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-04-22 18:22 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-04-22 18:22 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-04-22 18:22 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-04-22 18:22 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-04-22 18:22 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-04-22 18:22 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-04-22 18:22 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-04-22 18:22 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-04-22 18:22 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-04-22 18:22 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-04-22 18:22 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-04-22 18:22 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-04-22 18:22 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-04-22 18:22 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-04-22 18:22 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-04-22 18:22 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-04-22 18:22 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-04-22 18:22 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-04-22 18:22 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-04-22 18:22 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-04-22 18:22 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-04-22 18:22 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-04-22 18:22 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-04-22 18:22 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-04-22 18:22 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-04-22 18:22 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-04-22 18:22 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-04-22 18:22 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-04-22 18:22 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-04-22 18:22 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-04-22 18:22 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-04-22 18:22 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-04-22 18:22 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-04-22 18:22 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-04-22 18:22 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-04-22 18:22 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-04-22 18:22 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-04-22 18:22 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-04-22 18:22 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-04-22 18:22 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-04-22 18:22 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-04-22 18:22 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-04-22 18:22 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-04-22 18:22 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-04-22 18:22 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-04-22 18:22 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-04-22 18:22 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-04-22 18:22 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-04-22 18:22 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-04-22 18:22 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-04-22 18:22 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-04-22 18:22 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-04-22 18:22 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-04-22 18:22 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-04-22 18:22 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-04-22 18:22 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-04-22 18:22 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-04-22 18:22 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-04-22 18:22 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-04-22 18:22 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-04-22 18:22 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-04-22 18:22 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-04-22 18:21 - 2015-05-05 20:33 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FC18D08-5159-4BC9-B29C-E3C168398267}
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-04-22 18:21 - 2015-04-22 18:21 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-04-22 18:19 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-22 18:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-04-22 18:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-04-22 17:44 - 2015-04-22 18:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-22 17:44 - 2015-04-22 17:44 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-22 16:31 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-22 16:31 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-22 16:31 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-22 16:31 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-22 16:31 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-22 16:31 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-22 16:31 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-22 16:31 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-22 16:31 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-22 16:30 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-22 16:30 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-22 16:28 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-22 16:28 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-22 16:28 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-22 16:28 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-22 16:28 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-22 16:28 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-22 16:27 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-22 16:27 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-22 16:27 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-22 16:27 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-22 16:27 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-22 16:27 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-22 16:27 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-22 16:27 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-22 16:27 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-22 16:27 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-22 16:27 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-22 16:27 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-22 16:27 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-22 16:27 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-22 16:27 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-22 16:27 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-22 16:27 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-22 16:27 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-22 16:27 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-22 16:27 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-22 16:27 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-22 16:27 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-22 16:27 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-22 16:27 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-22 16:27 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-22 16:27 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-22 16:27 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-22 16:27 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-22 16:27 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-22 16:27 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-22 16:27 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-22 16:27 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-22 16:27 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-22 16:27 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-22 16:27 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-22 16:27 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-22 16:27 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-22 16:27 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-22 16:27 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-22 16:27 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-22 16:27 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-22 16:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-22 16:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-22 16:26 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-22 16:26 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-22 16:25 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-22 16:25 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-22 16:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-22 16:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-22 16:25 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-22 16:25 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-22 16:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-22 16:25 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-22 16:25 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-22 16:25 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-22 16:25 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-22 16:25 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-22 16:25 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-22 16:25 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-22 16:25 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-22 16:25 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-22 16:25 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-22 16:25 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-22 16:25 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-22 16:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-22 16:25 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-22 16:25 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-22 16:25 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-22 16:25 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-22 16:25 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-22 16:25 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-22 16:25 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-22 16:25 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-22 16:25 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-22 16:25 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-22 16:25 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-22 16:25 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-22 16:25 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-22 16:25 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-22 16:25 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-22 16:25 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-22 16:25 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-22 16:25 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-22 16:25 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-22 16:25 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-22 16:25 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-22 16:25 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-22 16:25 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-22 16:25 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-22 16:25 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-22 16:25 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-22 16:25 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-22 16:25 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-22 16:25 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-22 16:25 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-22 16:25 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-22 16:25 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-22 16:25 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-22 16:25 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-22 16:25 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-22 16:25 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-22 16:25 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-22 16:25 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-22 16:25 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-22 16:25 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-22 16:25 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-22 16:25 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-22 16:25 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-22 16:25 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-22 16:25 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-22 16:25 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-22 16:25 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-22 16:25 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-22 16:25 - 2014-12-05 21:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-22 16:25 - 2014-11-21 22:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-22 16:25 - 2014-11-21 22:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-22 16:24 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-22 16:24 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-22 16:24 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-22 16:24 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-22 16:24 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-22 16:24 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-22 16:24 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-22 16:24 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-22 16:24 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-22 16:24 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-22 16:24 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-22 16:24 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-22 16:24 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-22 16:24 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-22 16:24 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-22 16:24 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-22 16:24 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-22 16:24 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-22 16:24 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-22 16:24 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-22 16:24 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-22 16:24 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-22 16:24 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-22 16:24 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-22 16:24 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-22 16:24 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-22 16:24 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-22 16:24 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-22 16:24 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-22 16:24 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-22 16:24 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-22 16:24 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-22 16:24 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-22 16:24 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-22 16:24 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-22 16:24 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-22 16:24 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-22 16:24 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-22 16:24 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-22 16:24 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-22 16:24 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-22 16:24 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-22 16:24 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-22 16:24 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-22 16:24 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-22 16:24 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-22 16:08 - 2015-05-05 20:32 - 00000000 ____D () C:\Users\Admin\OneDrive
2015-04-22 16:03 - 2015-04-22 16:03 - 00001448 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-22 16:02 - 2015-04-22 16:02 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-04-22 15:56 - 2015-04-22 15:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-22 15:42 - 2015-04-22 15:42 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-22 15:36 - 2015-04-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-22 15:35 - 2015-04-22 16:08 - 00000000 ____D () C:\Users\Admin
2015-04-22 15:35 - 2015-04-22 15:57 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2015-04-22 15:35 - 2015-04-22 15:57 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2015-04-22 15:35 - 2015-04-22 15:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 15:35 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-22 15:35 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-22 15:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-22 15:29 - 2015-05-05 20:41 - 01739641 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-22 15:26 - 2015-04-22 15:38 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-22 15:26 - 2015-04-22 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-04-22 15:26 - 2015-04-22 15:26 - 00000000 ____D () C:\Program Files\Realtek
2015-04-22 14:55 - 2015-04-22 15:57 - 00006599 _____ () C:\WINDOWS\comsetup.log
2015-04-21 13:57 - 2015-04-22 18:06 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-20 22:27 - 2015-04-22 14:11 - 00797120 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00432016 _____ () C:\WINDOWS\system32\prfh0804.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00162488 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-04-20 22:27 - 2015-04-22 14:11 - 00132686 _____ () C:\WINDOWS\system32\prfc0804.dat
2015-04-20 22:27 - 2015-04-20 22:16 - 00346536 _____ () C:\WINDOWS\system32\perfi00A.dat
2015-04-20 22:27 - 2015-04-20 22:16 - 00043804 _____ () C:\WINDOWS\system32\perfd00A.dat
2015-04-20 22:27 - 2015-04-20 22:15 - 00113128 _____ () C:\WINDOWS\system32\prfi0804.dat
2015-04-20 22:27 - 2015-04-20 22:15 - 00033362 _____ () C:\WINDOWS\system32\prfd0804.dat
2015-04-20 22:19 - 2015-04-22 15:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-04-20 22:19 - 2015-04-20 22:21 - 00000000 ____D () C:\WINDOWS\SysWOW64\es
2015-04-20 22:19 - 2015-04-20 22:20 - 00000000 ____D () C:\WINDOWS\system32\es
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HANS
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\0C0A
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\system32\zh-HANS
2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\WINDOWS\system32\0C0A
2015-04-20 18:11 - 2015-03-04 03:26 - 00011105 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-04-20 16:33 - 2015-04-20 22:19 - 00000000 ____D () C:\sources
2015-04-20 16:28 - 2015-04-22 17:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-20 13:18 - 2015-04-20 13:18 - 00000323 _____ () C:\WINDOWS\system32\netcfg-58754125.txt
2015-04-20 13:18 - 2015-04-20 13:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-58757453.txt
2015-04-20 13:17 - 2015-04-20 13:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-58707765.txt
2015-04-20 00:14 - 2015-04-20 00:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-20 00:14 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-19 22:49 - 2015-04-19 22:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2230390.txt
2015-04-19 22:48 - 2015-04-19 22:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2220125.txt
2015-04-19 21:54 - 2013-05-04 00:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2015-04-19 21:54 - 2013-05-04 00:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-04-19 21:08 - 2015-04-19 21:08 - 00001200 _____ () C:\WINDOWS\mot.log
2015-04-19 21:07 - 2015-04-19 21:07 - 00001200 _____ () C:\WINDOWS\ori.log
2015-04-19 20:59 - 2015-04-19 20:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-31109.txt
2015-04-19 20:58 - 2015-04-19 20:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-985906.txt
2015-04-19 20:56 - 2015-04-20 17:17 - 00000097 _____ () C:\WINDOWS\comp.log
2015-04-19 20:53 - 2015-04-20 17:17 - 00000026 _____ () C:\WINDOWS\Improvement.log
2015-04-19 20:53 - 2015-04-19 21:06 - 00001157 _____ () C:\WINDOWS\cur.log
2015-04-19 20:53 - 2015-04-19 21:06 - 00000045 _____ () C:\WINDOWS\system32\par2.txt
2015-04-19 20:53 - 2015-04-19 21:06 - 00000042 _____ () C:\WINDOWS\system32\par.txt
2015-04-19 20:42 - 2015-04-19 20:42 - 00000117 _____ () C:\WINDOWS\system32\netcfg-40937.txt
2015-04-19 20:41 - 2015-04-19 20:41 - 00000117 _____ () C:\WINDOWS\system32\netcfg-767656.txt
2015-04-19 20:35 - 2015-04-19 20:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-04-19 20:31 - 2015-04-19 20:31 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-04-19 20:29 - 2015-04-19 20:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46046.txt
2015-04-19 20:28 - 2015-04-19 20:28 - 00000117 _____ () C:\WINDOWS\system32\netcfg-292203.txt
2015-04-19 20:24 - 2015-04-19 20:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-33828.txt
2015-04-19 20:23 - 2015-04-19 20:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-309796.txt
2015-04-19 20:19 - 2015-04-19 20:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-87625.txt
2015-04-19 20:18 - 2015-04-19 20:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3973781.txt
2015-04-19 20:06 - 2015-04-19 20:06 - 00000000 _____ () C:\Users\Admin\agent.log
2015-04-19 20:05 - 2015-05-05 20:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1001
2015-04-19 19:58 - 2015-04-21 13:36 - 00000408 _____ () C:\Users\Admin\AppData\Roaming\sp_data.sys
2015-04-19 19:58 - 2015-04-19 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ASUS WebStorage
2015-04-19 19:57 - 2015-04-26 17:07 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2015-04-19 19:57 - 2015-04-19 19:57 - 00000196 _____ () C:\WINDOWS\FixPatch.log
2015-04-19 19:57 - 2015-04-19 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-04-19 19:57 - 2015-04-19 19:57 - 00000000 ____D () C:\ProgramData\FolderView
2015-04-19 19:55 - 2015-04-23 05:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-04-19 19:55 - 2015-04-19 19:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\ASUS
2015-04-19 19:55 - 2015-04-19 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2015-04-19 19:49 - 2015-04-19 19:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2233265.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 20:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-05 20:43 - 2012-08-04 21:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-05 20:32 - 2012-10-08 18:06 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-05-05 18:52 - 2014-11-21 04:34 - 00012834 _____ () C:\WINDOWS\PFRO.log
2015-05-05 18:52 - 2013-08-22 10:46 - 00286612 _____ () C:\WINDOWS\setupact.log
2015-05-05 18:52 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-05 18:51 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-05 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-05 18:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-03 18:08 - 2012-10-08 18:06 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-29 22:20 - 2013-08-22 10:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-28 16:16 - 2012-08-04 21:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-27 16:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-26 17:07 - 2012-08-04 21:42 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-26 17:05 - 2012-08-04 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-25 04:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-24 21:17 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-23 22:03 - 2014-11-21 04:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 21:59 - 2012-08-04 21:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-23 21:56 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-23 21:54 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-23 20:56 - 2012-10-08 18:20 - 00000000 ____D () C:\AsusVibeData
2015-04-22 19:21 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-04-22 18:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-04-22 18:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-22 17:45 - 2014-11-21 11:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-22 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-22 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-22 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-22 16:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-22 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-22 15:52 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-22 15:52 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-22 15:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-04-22 15:42 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-04-22 15:42 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-22 15:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-22 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-04-22 15:42 - 2012-10-08 18:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-04-22 15:40 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-22 15:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-22 15:38 - 2014-11-21 04:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-22 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-22 15:38 - 2012-10-08 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-22 15:38 - 2012-08-01 21:24 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-22 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-22 15:24 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-04-22 15:06 - 2012-10-08 18:22 - 01656619 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-04-22 13:36 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-19 20:31 - 2012-10-08 18:10 - 00012666 _____ () C:\WINDOWS\DPINST.LOG
2015-04-19 19:57 - 2012-08-04 21:42 - 02762596 _____ () C:\WINDOWS\AsDebug.log
2015-04-19 19:57 - 2012-08-04 21:42 - 00408576 _____ () C:\WINDOWS\AsCDProc.log
2015-04-19 19:57 - 2012-08-04 21:37 - 00001988 _____ () C:\WINDOWS\PQArecord.log
2015-04-19 19:57 - 2012-08-01 21:36 - 00000000 ____D () C:\WINDOWS\Log
2015-04-13 19:24 - 2014-11-21 12:03 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-19 19:58 - 2015-04-21 13:36 - 0000408 _____ () C:\Users\Admin\AppData\Roaming\sp_data.sys
2012-08-04 21:42 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 21:42 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\0106921430873003mcinst.exe
C:\Users\Admin\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 19:04

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 06 May 2015 - 12:25 PM

Please follow my instructions and run the FRST-Fix (step1).
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 May 2015 - 12:34 PM

Sorry...It was called fixlog.... I see where I made my mistake.  Here you go Jurgen!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Admin at 2015-05-06 13:00:22 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin & Scott & Sandy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-05-05]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
EmptyTemp: => Removed 879.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:00:39 ====



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 06 May 2015 - 12:41 PM

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.

  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 May 2015 - 02:17 PM

Hitman Pro log:

 

HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : STOEFFLER-LT1
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : STOEFFLER-LT1\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-05-06 15:11:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 32

   Objects scanned . . . : 1,383,050
   Files scanned . . . . : 19,890
   Remnants scanned  . . : 225,408 files / 1,137,752 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,101,248 bytes
      Age  . . . . . . . : 0.8 days (2015-05-05 20:41:17)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 64F9E705A827BC25D17F2ADA05B65D00B6C6D0597201E6006133A19A02F24FB7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Admin\Desktop\FRST64.exe
      Size . . . . . . . : 2,102,272 bytes
      Age  . . . . . . . : 0.1 days (2015-05-06 13:00:04)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0042486483333A54E0919A8AAD21F9E37C4EDE0C7B620A6CD962990C0F5A70FA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Admin\Desktop\FRST64.exe
          2.1s C:\Users\Admin\Desktop\FRST-OlderVersion\
         18.7s C:\FRST\Logs\ct
         18.7s C:\Users\Admin\Desktop\Fixlog.txt
         18.9s C:\FRST\Quarantine\C\ProgramData\
         18.9s C:\FRST\Quarantine\C\
         18.9s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\
         18.9s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
         18.9s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\
         18.9s C:\FRST\Quarantine\C\ProgramData\Microsoft\
         18.9s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\
         20.6s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.15.gthr
         20.6s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.15.Crwl


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

   ask.com
   C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\cookies.sqlite:atdmt.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\cookies.sqlite:doubleclick.net
   C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:ad.360yield.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:adtechus.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:advertising.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:at.atwola.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:atdmt.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:burstnet.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:casalemedia.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:collective-media.net
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:doubleclick.net
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:media6degrees.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:mediaplex.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:questionmarket.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:revsci.net
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:ru4.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:serving-sys.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:smartadserver.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:track.adform.net
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:tribalfusion.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:www.burstnet.com
   C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\27ps5djf.default\cookies.sqlite:www.googleadservices.com
 

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 06 May 2015 - 02:37 PM

How is the computer running now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 May 2015 - 03:50 PM

Chrome is still very slow to load. It is still taking 20 seconds from the time I lauch Chrome to the time it displays the homepage on the sceen. When it was running slowly I pulled up Windows Task Manager to see what was going on and agin the Disk was maxed out at 100%.  I sorted  by the process using up the hard drive and Service Host: Local System (Network Restricted) (10) is using up around 14 mb/s.  Once everything stabilizd the Disk was back to running between 0 and 10%. 

 

There are a total of 8 Google Chrome processes running, but I really don't know what is causing that to happen. Chrom si still taking up the vast majority of memory even though it is sitting idle (41.0mb). Firefox (32 bit) by contract is using up 130.7mb, but I'm using this browser for typing this message. 

 

Does any of this make sense to you?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users