Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Unlocker Removed, but Trojan.zlob.Q still attacking - blocked by Norton


  • This topic is locked This topic is locked
23 replies to this topic

#1 Jackkane

Jackkane

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 08:32 AM

I bought my new pc at the start of this year and it appears I managed to install some malicious software.  I'm running Windows 10.  I'm now facing repeated attacks from Trojan.Zlob.Q which is being blocked by my Norton 360 Premier firewall.  Looking back over the Norton logs, I'll give a timeline of events in the hope it gives plenty of information.
 
Since Tuesday last week, my system has been detecting various malware issues with more and more unusual activity, i.e. pop-up ads by DNSUnlocker.  I've tried various ant-spyware programmes which have removed a few things, but there is still the repeated attacks by Trojan.Zlob.Q being blocked by Norton.
 
I'm also seeing warnings of high activity outbound traffic by Malwarebytes, but I'm not given much information on what that is.
 
I've used the following:
 
AdwCleaner
Spybot Search & Destroy
SpyHunter
Malwarebytes
Hitman Pro
CCleaner
Rkill
Sophos virus removal tool
System Mechanic is installed
 
New pc fired up on the 4th January.  Installed Chrome on the 5th and Norton's logs show this activity - "chrome_setup[1].exe (WS.Reputation.1) detected by Download Insight".  This was removed by Norton. 
 
A few days later, the log shows onesystemcare.exe was quarantined as a PUA.onesystemcare file.
 
There were no intrusion attempts until the 19th to 23rd February where Norton blocked "System Infected: Trojan.Zlob.Q Activity" intrusion attempts 16, 10, 1, 7, 6 threats on each of those days respectively.
 
There was a break from attacks until the 5th March where attacks ranged from 1 in a day to 37 in a day.  I'm guessing the increase in attempts on these days is when I've been trying to fix things?
 
There appears to be a Norton notification pop up on my screen after a pc restart informing of the trojan attack being blocked.  Sometimes there are a few attacks, other times there might only be one.
 
I'm not seeing any consistency with the type of activities I do on the pc and when the attacks show up.
 
The IP address of the trojan attack comes from 185.17.184.11
 
The attacker URL is a massive URL which I won't copy here, but the domain is from ough.info.
 
I've noticed that the attack doesn't always come from that IP, Norton sometimes blocks intrusion attempts from localhost.   Attacker URL domain is from listcool.info.
 
The FRST.txt log is pasted here and I've uploaded the Addition.txt file as instructed in your guides.
 
I'm now at your mercy!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by John (administrator) on ALIENTASTIC (13-03-2016 12:00:22)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Amy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
() C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
() C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe
() C:\Program Files\Alienware\Command Center\MSIControlService.exe
() C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe
() C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\NF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\TampMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\NF.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\conathst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-24] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2745544 2016-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-08-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-08-13] (Seagate Technology LLC)
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2016-02-18] (SmartSoft Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-22]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{b02df54a-398f-410c-b7d6-532a35f05800}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{e1e82b1a-d9d3-4f8e-b066-d5ab0556c755}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-uk
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-uk
SearchScopes: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001 -> {07799083-02C5-4504-875D-62367D3510E0} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine64\3.5.0.43\coIEPlg.dll [2016-01-07] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-12-16] (Perfect World Entertainment Inc)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\coIEPlg.dll [2016-01-07] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\NPSWF32.dll [2015-12-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-12-16] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon [2016-03-08]
FF HKLM\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.5.0.43\coFFAddon
FF Extension: Norton™ Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.5.0.43\coFFAddon [2016-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.5.0.43\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (KidStart Savings Prompt) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbkobfhnfgoioipaedgcjdhojbjhpcg [2016-03-12]
CHR Extension: (Share on Google Plus Page) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boooicegpdabdahoefbdbcpnjhapkdga [2016-03-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-12]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-03-12]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-03-12]
CHR Extension: (The QR Code Generator) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-03-12]
CHR Extension: (Pablo) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpibnlcombjoeejlongmihndgkpnjjo [2016-03-12]
CHR Extension: (TweetDeck by Twitter) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-03-12]
CHR Extension: (Eye Dropper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2016-03-12]
CHR Extension: (Norton Identity Safe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-12]
CHR Extension: (Dropbox) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-03-12]
CHR Extension: (StumbleUpon) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2016-03-12]
CHR Extension: (Google Hangouts) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-12]
CHR Extension: (Norton™ Family) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2016-03-12]
CHR Extension: (Norton Safe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Buffer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-03-12]
CHR Extension: (ColorPick Eyedropper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2016-03-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2016-03-12]
CHR Extension: (RSS Feed Reader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-03-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\Extensions\Chrome.crx [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\Extensions\Chrome.crx [2016-03-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-12-16] (Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S4 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-06-29] (Creative Technology Ltd)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-12] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [444928 2015-08-05] (Rivet Networks) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files\Alienware\Command Center\BIOSData\MSIBIOSDataService.exe [2109776 2014-08-01] (MSI)
R2 MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe [4033360 2014-08-19] ()
S3 MSICOMM_CC; C:\Program Files\Alienware\Command Center\MSICommService.exe [2128720 2014-08-19] ()
R2 MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe [4174672 2014-08-08] ()
R2 MSICTL_CC; C:\Program Files\Alienware\Command Center\MSIControlService.exe [2021712 2014-09-13] ()
R2 MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe [2257232 2014-10-22] ()
S3 MSISaveLoad_CC; C:\Program Files\Alienware\Command Center\MSISaveLoadService.exe [3966288 2014-08-01] ()
R2 MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe [2067792 2014-08-01] ()
S3 MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\MSISuperIOService.exe [549200 2014-08-01] ()
S3 MSIWMI_CC; C:\Program Files\Alienware\Command Center\MSIWMIService.exe [191312 2014-09-13] ()
R2 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [83952 2014-01-13] (Micro-Star Int'l Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\NF.exe [364416 2016-01-11] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-10] (Electronic Arts)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-15] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-08-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-08-13] (Seagate Technology LLC)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-12] (Enigma Software Group USA, LLC.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 TampMon; C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\TampMon.exe [314680 2016-01-11] (Symantec Corporation)
R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [14568 2014-10-24] (Alienware)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [117296 2015-07-30] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20160309.001\BHDrvx64.sys [1766640 2016-03-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0305000.02B\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1067304 2015-06-29] (Creative Technology Ltd)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-01-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-03-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-12] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2016-01-04] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20160311.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-07-28] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160312.001\ENG64.SYS [138488 2016-01-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160312.001\EX64.SYS [2148080 2016-01-10] (Symantec Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NTIOLib_MSICEN; C:\Program Files\Alienware\Command Center\NTIOLib_Thermals_X64.sys [13808 2013-12-04] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-21] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files\Alienware\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-21] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-27] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files\Alienware\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-21] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files\Alienware\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-21] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2014-01-13] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32168 2015-12-09] (EldoS Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [422616 2016-01-04] (Realsil Semiconductor Corporation)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2015-10-01] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51488 2015-10-01] (Saitek)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\system32\drivers\NSMx64\0305000.02B\SymRdrS.SYS [252152 2015-09-03] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 _hid_0738_1708; C:\Windows\system32\DRIVERS\_hid_0738_1708.sys [180928 2015-10-01] (Saitek)
R3 _usb_0738_1708; C:\Windows\System32\drivers\_usb_0738_1708.sys [46528 2015-10-01] (Saitek)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-13 12:00 - 2016-03-13 12:00 - 00038018 _____ C:\Users\John\Downloads\FRST.txt
2016-03-13 11:59 - 2016-03-13 12:00 - 00000000 ____D C:\FRST
2016-03-13 11:59 - 2016-03-13 11:59 - 02374144 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2016-03-13 00:31 - 2016-03-08 22:48 - 00451004 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160313-003114.backup
2016-03-12 19:35 - 2016-03-12 19:35 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\iExplore.exe
2016-03-12 19:33 - 2016-03-12 19:35 - 00004444 _____ C:\Users\John\Desktop\Rkill.txt
2016-03-12 19:33 - 2016-03-12 19:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2016-03-12 18:45 - 2016-03-13 11:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Family
2016-03-12 17:41 - 2016-03-12 17:41 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSMx64
2016-03-12 17:41 - 2016-03-12 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family
2016-03-12 17:41 - 2016-03-12 17:41 - 00000000 ____D C:\Program Files (x86)\Norton Family
2016-03-12 17:39 - 2016-03-12 17:40 - 01110064 _____ (Symantec Corporation) C:\Users\John\Downloads\NF_Installer.exe
2016-03-12 16:20 - 2016-03-12 16:20 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-12 16:20 - 2016-03-12 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-12 16:20 - 2016-03-12 16:20 - 00000000 ____D C:\Program Files\CCleaner
2016-03-12 14:27 - 2016-03-12 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-03-12 14:03 - 2016-03-13 10:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 14:03 - 2016-03-12 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-12 14:03 - 2016-03-12 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 14:03 - 2016-03-12 14:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-12 14:03 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-12 14:03 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-12 14:03 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-12 12:50 - 2016-03-12 12:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-03-12 12:50 - 2016-03-12 12:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Enigma Software Group
2016-03-12 12:50 - 2016-03-12 12:50 - 00000000 ____D C:\sh4ldr
2016-03-12 12:50 - 2016-03-12 12:50 - 00000000 _____ C:\autoexec.bat
2016-03-12 12:49 - 2016-03-12 12:49 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-12 12:49 - 2016-03-12 12:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-12 12:48 - 2016-03-12 12:49 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\John\Downloads\SpyHunter-Installer.exe
2016-03-12 12:32 - 2016-03-12 12:33 - 00174226 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt
2016-03-12 12:32 - 2016-03-12 12:32 - 00000000 ____D C:\Users\John\Downloads\tdsskiller
2016-03-12 12:31 - 2016-03-12 12:32 - 04633146 _____ C:\Users\John\Downloads\tdsskiller.zip
2016-03-12 12:07 - 2016-03-12 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-12 12:07 - 2016-03-12 12:07 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-12 12:07 - 2016-03-08 06:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-12 12:07 - 2016-02-14 01:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-12 12:07 - 2016-02-14 01:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-12 12:07 - 2016-02-14 01:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-12 12:07 - 2016-02-14 01:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-12 12:06 - 2016-03-08 10:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-12 12:06 - 2016-03-08 10:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-12 12:06 - 2016-03-08 10:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-11 21:15 - 2016-03-13 00:51 - 00000000 ____D C:\Users\John\AppData\Local\Apple Inc
2016-03-11 21:09 - 2016-03-11 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-03-11 21:08 - 2016-03-11 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-11 21:08 - 2016-03-11 21:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-08 23:56 - 2016-03-08 23:56 - 01635854 _____ C:\Users\John\Desktop\BBC Application.pdf
2016-03-08 23:22 - 2016-03-08 23:22 - 00000000 ____D C:\ProgramData\Sophos
2016-03-08 23:22 - 2016-03-08 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-08 23:22 - 2016-03-08 23:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-03-08 22:59 - 2016-03-08 23:00 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-08 22:58 - 2016-03-08 23:05 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-08 22:48 - 2015-07-10 11:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160308-224810.backup
2016-03-08 22:01 - 2016-03-08 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-08 22:01 - 2016-03-08 22:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-08 22:01 - 2016-03-08 22:01 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-08 22:01 - 2016-03-08 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-08 22:01 - 2016-03-08 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-08 22:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-03-08 21:16 - 2016-03-12 20:15 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 20:55 - 2016-03-12 23:52 - 00000000 ____D C:\Users\John\Desktop\Adawarestuff
2016-03-08 20:29 - 2016-03-08 20:29 - 00000000 ____D C:\WINDOWS\system32\Drivers\NBRTWizardx64
2016-03-08 20:29 - 2016-03-08 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2016-03-08 20:29 - 2016-03-08 20:29 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2016-03-08 20:29 - 2012-07-26 05:32 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2016-03-08 20:29 - 2012-07-26 05:32 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2016-03-08 20:29 - 2012-07-26 05:32 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2016-03-08 20:28 - 2016-03-01 05:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-08 20:28 - 2016-03-01 05:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-08 20:28 - 2016-02-24 09:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-08 20:28 - 2016-02-24 09:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 20:28 - 2016-02-24 09:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 20:28 - 2016-02-24 09:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-08 20:28 - 2016-02-24 09:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-08 20:28 - 2016-02-24 08:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 20:28 - 2016-02-24 08:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-08 20:28 - 2016-02-24 08:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-08 20:28 - 2016-02-24 08:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-08 20:28 - 2016-02-24 08:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-08 20:28 - 2016-02-24 07:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-08 20:28 - 2016-02-24 06:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 20:28 - 2016-02-24 06:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 20:28 - 2016-02-24 06:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-08 20:28 - 2016-02-24 06:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-08 20:28 - 2016-02-24 06:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-08 20:28 - 2016-02-24 06:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 20:28 - 2016-02-24 06:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-08 20:28 - 2016-02-24 06:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-08 20:28 - 2016-02-24 06:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 20:28 - 2016-02-24 06:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 20:28 - 2016-02-24 06:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 20:28 - 2016-02-24 06:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-08 20:28 - 2016-02-24 05:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 20:28 - 2016-02-24 05:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-08 20:28 - 2016-02-24 05:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 20:28 - 2016-02-24 05:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 20:28 - 2016-02-24 05:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 20:28 - 2016-02-24 05:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:28 - 2016-02-24 05:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 20:28 - 2016-02-24 05:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 20:28 - 2016-02-24 05:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 20:28 - 2016-02-24 05:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 20:28 - 2016-02-24 04:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 20:28 - 2016-02-24 04:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 20:27 - 2016-02-24 09:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-08 20:27 - 2016-02-24 09:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 20:27 - 2016-02-24 09:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-08 20:27 - 2016-02-24 08:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 20:27 - 2016-02-24 08:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-08 20:27 - 2016-02-24 08:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 20:27 - 2016-02-24 08:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-08 20:27 - 2016-02-24 08:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-08 20:27 - 2016-02-24 08:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 20:27 - 2016-02-24 08:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 20:27 - 2016-02-24 08:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 20:27 - 2016-02-24 08:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-08 20:27 - 2016-02-24 08:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-08 20:27 - 2016-02-24 08:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-08 20:27 - 2016-02-24 08:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 20:27 - 2016-02-24 08:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 20:27 - 2016-02-24 08:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-08 20:27 - 2016-02-24 08:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 20:27 - 2016-02-24 08:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 20:27 - 2016-02-24 07:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-08 20:27 - 2016-02-24 07:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 20:27 - 2016-02-24 07:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 20:27 - 2016-02-24 07:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-08 20:27 - 2016-02-24 07:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 20:27 - 2016-02-24 07:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 20:27 - 2016-02-24 07:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 20:27 - 2016-02-24 07:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 20:27 - 2016-02-24 07:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 20:27 - 2016-02-24 07:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 20:27 - 2016-02-24 07:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 20:27 - 2016-02-24 07:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 20:27 - 2016-02-24 07:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-08 20:27 - 2016-02-24 07:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-08 20:27 - 2016-02-24 07:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 20:27 - 2016-02-24 07:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-08 20:27 - 2016-02-24 07:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 20:27 - 2016-02-24 07:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 20:27 - 2016-02-24 07:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 20:27 - 2016-02-24 07:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-08 20:27 - 2016-02-24 07:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-08 20:27 - 2016-02-24 07:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 20:27 - 2016-02-24 07:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-08 20:27 - 2016-02-24 07:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 20:27 - 2016-02-24 07:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 20:27 - 2016-02-24 07:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-08 20:27 - 2016-02-24 07:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 20:27 - 2016-02-24 07:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-08 20:27 - 2016-02-24 07:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 20:27 - 2016-02-24 07:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-08 20:27 - 2016-02-24 07:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 20:27 - 2016-02-24 07:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-08 20:27 - 2016-02-24 07:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 20:27 - 2016-02-24 07:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-08 20:27 - 2016-02-24 07:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 20:27 - 2016-02-24 07:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 20:27 - 2016-02-24 07:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 20:27 - 2016-02-24 07:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 20:27 - 2016-02-24 07:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-08 20:27 - 2016-02-24 07:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 20:27 - 2016-02-24 06:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 20:27 - 2016-02-24 06:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 20:27 - 2016-02-24 06:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-08 20:27 - 2016-02-24 06:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 20:27 - 2016-02-24 06:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-08 20:27 - 2016-02-24 06:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 20:27 - 2016-02-24 06:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-08 20:27 - 2016-02-24 06:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 20:27 - 2016-02-24 06:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-08 20:27 - 2016-02-24 06:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 20:27 - 2016-02-24 06:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-08 20:27 - 2016-02-24 06:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-08 20:27 - 2016-02-24 06:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 20:27 - 2016-02-24 06:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 20:27 - 2016-02-24 06:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 20:27 - 2016-02-24 06:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 20:27 - 2016-02-24 06:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-08 20:27 - 2016-02-24 06:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-08 20:27 - 2016-02-24 06:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-08 20:27 - 2016-02-24 06:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 20:27 - 2016-02-24 06:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 20:27 - 2016-02-24 06:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-08 20:27 - 2016-02-24 06:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-08 20:27 - 2016-02-24 06:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-08 20:27 - 2016-02-24 06:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-08 20:27 - 2016-02-24 06:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 20:27 - 2016-02-24 06:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 20:27 - 2016-02-24 06:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 20:27 - 2016-02-24 06:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 20:27 - 2016-02-24 06:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-08 20:27 - 2016-02-24 06:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-08 20:27 - 2016-02-24 06:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 20:27 - 2016-02-24 06:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 20:27 - 2016-02-24 06:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-08 20:27 - 2016-02-24 06:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-08 20:27 - 2016-02-24 06:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-08 20:27 - 2016-02-24 06:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 20:27 - 2016-02-24 06:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 20:27 - 2016-02-24 06:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-08 20:27 - 2016-02-24 06:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-08 20:27 - 2016-02-24 06:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 20:27 - 2016-02-24 06:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-08 20:27 - 2016-02-24 06:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-08 20:27 - 2016-02-24 06:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 20:27 - 2016-02-24 06:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 20:27 - 2016-02-24 06:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-08 20:27 - 2016-02-24 06:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-08 20:27 - 2016-02-24 06:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-08 20:27 - 2016-02-24 06:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-08 20:27 - 2016-02-24 06:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 20:27 - 2016-02-24 06:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-08 20:27 - 2016-02-24 06:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-08 20:27 - 2016-02-24 06:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-08 20:27 - 2016-02-24 06:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-08 20:27 - 2016-02-24 06:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-08 20:27 - 2016-02-24 06:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-08 20:27 - 2016-02-24 06:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-08 20:27 - 2016-02-24 05:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 20:27 - 2016-02-24 05:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-08 20:27 - 2016-02-24 05:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 20:25 - 2016-03-12 18:45 - 00001318 _____ C:\Users\John\Desktop\Norton Installation Files.lnk
2016-03-08 20:25 - 2016-03-08 20:25 - 01110992 _____ (Symantec Corporation) C:\Users\John\Downloads\NBRT-Retail-Downloader.exe
2016-03-08 20:20 - 2016-03-13 11:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-03-08 20:20 - 2016-03-12 23:38 - 00000000 ____D C:\Users\John\AppData\Local\NPE
2016-03-08 20:18 - 2016-03-12 14:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-08 20:17 - 2016-03-08 22:02 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-08 20:15 - 2016-03-08 20:15 - 00003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-08 19:52 - 2016-03-08 19:52 - 00000000 ____D C:\Users\Amy\AppData\Roaming\.mono
2016-03-08 19:52 - 2016-03-08 19:52 - 00000000 ____D C:\ProgramData\.mono
2016-03-08 07:38 - 2016-03-12 23:27 - 00000000 ____D C:\Users\Amy\AppData\Local\WolfQuest
2016-03-08 07:38 - 2016-03-08 07:38 - 00000829 _____ C:\Users\Public\Desktop\WolfQuest.lnk
2016-03-08 07:37 - 2016-03-08 07:37 - 00000008 _____ C:\Users\Amy\Desktop\WolfQuest Download Key.txt
2016-03-08 07:36 - 2016-03-08 07:41 - 736598517 _____ C:\Users\Amy\Desktop\WolfQuestMusicExtras.zip
2016-03-08 07:36 - 2016-03-08 07:38 - 13773168 _____ (Eduweb Inc ) C:\Users\Amy\Downloads\WolfQuest-Setup.exe
2016-03-07 19:45 - 2016-03-07 19:45 - 00115716 _____ C:\Users\John\Desktop\Groupon-AE7802EC89.pdf
2016-03-06 21:11 - 2016-03-06 21:35 - 00000000 ____D C:\Users\John\Desktop\Old Discs
2016-03-06 15:16 - 2016-03-08 10:27 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-06 15:16 - 2016-02-23 23:57 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436200.dll
2016-03-06 15:16 - 2016-02-23 23:57 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436200.dll
2016-03-05 19:43 - 2016-03-05 19:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel__hid_0738_1708_01009.Wdf
2016-03-05 19:42 - 2016-03-05 19:43 - 11699560 _____ (Mad catz ) C:\Users\John\Downloads\RAT_7_Mouse_7_0_45_2_x64_Drivers.exe
2016-03-05 19:42 - 2016-03-05 19:42 - 10024336 _____ (Mad catz ) C:\Users\John\Downloads\RAT_7_Mouse_7_0_45_2_x86_Drivers.exe
2016-03-05 19:15 - 2016-03-05 19:15 - 00000000 ____D C:\Users\John\AppData\Local\SmartTechnology
2016-03-05 19:13 - 2016-03-05 19:55 - 00000000 ____D C:\Users\Public\Documents\SmartTechnology Profiles
2016-03-05 19:13 - 2016-03-05 19:13 - 00000000 ____D C:\ProgramData\SmartTechnology
2016-03-05 19:13 - 2016-03-05 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2016-03-05 19:13 - 2016-03-05 19:13 - 00000000 ____D C:\Program Files\SmartTechnology
2016-03-05 19:11 - 2016-03-05 19:13 - 103007240 _____ (Mad catz ) C:\Users\John\Downloads\RAT_7_Mouse_7_0_45_2_x64_Software.exe
2016-03-05 12:38 - 2016-03-05 12:38 - 00000000 ____D C:\Users\Amy\Documents\WolfQuest
2016-03-05 12:13 - 2016-03-05 12:26 - 254249184 _____ (Eduweb Inc ) C:\Users\Amy\Downloads\WolfQuest_Trial_Setup.exe
2016-03-05 12:13 - 2016-03-05 12:13 - 02745870 _____ C:\Users\Amy\Desktop\WolfQuest_Manual.pdf
2016-03-02 18:39 - 2016-02-23 11:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 18:39 - 2016-02-23 11:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 18:39 - 2016-02-23 11:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 18:39 - 2016-02-23 11:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 18:39 - 2016-02-23 11:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 18:39 - 2016-02-23 11:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 18:39 - 2016-02-23 11:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 18:39 - 2016-02-23 11:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 18:39 - 2016-02-23 11:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 18:39 - 2016-02-23 11:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 18:39 - 2016-02-23 10:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 18:39 - 2016-02-23 10:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 18:39 - 2016-02-23 10:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 18:39 - 2016-02-23 10:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 18:39 - 2016-02-23 10:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 18:39 - 2016-02-23 10:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 10:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 18:39 - 2016-02-23 10:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 18:39 - 2016-02-23 10:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 18:39 - 2016-02-23 10:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 18:39 - 2016-02-23 10:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 18:39 - 2016-02-23 10:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 18:39 - 2016-02-23 10:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 18:39 - 2016-02-23 10:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 18:39 - 2016-02-23 09:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 18:39 - 2016-02-23 09:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 18:39 - 2016-02-23 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 18:39 - 2016-02-23 09:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 18:39 - 2016-02-23 09:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 18:39 - 2016-02-23 09:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 18:39 - 2016-02-23 09:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 18:39 - 2016-02-23 09:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 18:39 - 2016-02-23 09:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 18:39 - 2016-02-23 09:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 18:39 - 2016-02-23 09:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 18:39 - 2016-02-23 09:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 18:39 - 2016-02-23 09:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 18:39 - 2016-02-23 09:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 18:39 - 2016-02-23 09:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 18:39 - 2016-02-23 09:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 18:39 - 2016-02-23 09:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 18:39 - 2016-02-23 09:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 18:39 - 2016-02-23 09:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 18:39 - 2016-02-23 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 18:39 - 2016-02-23 09:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 18:39 - 2016-02-23 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 18:39 - 2016-02-23 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 18:39 - 2016-02-23 08:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 18:39 - 2016-02-23 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 18:39 - 2016-02-23 08:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 18:39 - 2016-02-23 08:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 18:39 - 2016-02-23 08:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 18:39 - 2016-02-23 08:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 18:39 - 2016-02-23 08:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 18:39 - 2016-02-23 08:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 18:39 - 2016-02-23 08:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 18:39 - 2016-02-23 08:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 18:39 - 2016-02-23 08:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 18:39 - 2016-02-23 08:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 18:39 - 2016-02-23 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 18:39 - 2016-02-23 08:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 18:39 - 2016-02-23 08:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 18:39 - 2016-02-23 08:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 18:39 - 2016-02-23 08:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 18:39 - 2016-02-23 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 18:39 - 2016-02-23 08:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 18:39 - 2016-02-23 08:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 18:39 - 2016-02-23 08:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 18:39 - 2016-02-23 08:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 18:39 - 2016-02-23 08:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 18:39 - 2016-02-23 08:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 18:39 - 2016-02-23 08:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 18:39 - 2016-02-23 08:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 18:39 - 2016-02-23 08:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 18:39 - 2016-02-23 08:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 18:39 - 2016-02-23 08:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 08:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 18:39 - 2016-02-23 08:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 18:39 - 2016-02-23 08:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 18:39 - 2016-02-23 08:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 18:39 - 2016-02-23 08:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 18:39 - 2016-02-23 08:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 18:39 - 2016-02-23 08:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 18:39 - 2016-02-23 08:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 18:39 - 2016-02-23 08:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 18:39 - 2016-02-23 08:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 18:39 - 2016-02-23 08:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 18:39 - 2016-02-23 08:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 18:39 - 2016-02-23 08:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 18:39 - 2016-02-23 08:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 18:39 - 2016-02-23 08:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 18:39 - 2016-02-23 08:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 18:39 - 2016-02-23 08:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 18:39 - 2016-02-23 08:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 18:39 - 2016-02-23 08:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 18:39 - 2016-02-23 08:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 18:39 - 2016-02-23 08:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 18:39 - 2016-02-23 08:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 18:39 - 2016-02-23 08:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 18:39 - 2016-02-23 07:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 18:39 - 2016-02-23 07:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 18:39 - 2016-02-23 07:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 18:39 - 2016-02-23 07:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 18:39 - 2016-02-23 07:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 18:39 - 2016-02-23 07:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 18:39 - 2016-02-23 07:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 18:39 - 2016-02-23 07:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 18:39 - 2016-02-23 07:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 18:39 - 2016-02-23 07:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 18:39 - 2016-02-23 07:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 18:39 - 2016-02-23 07:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 18:39 - 2016-02-23 07:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 18:39 - 2016-02-23 07:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 18:39 - 2016-02-23 07:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 18:39 - 2016-02-23 07:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 18:39 - 2016-02-23 07:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 18:39 - 2016-02-23 07:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 18:39 - 2016-02-23 07:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 18:39 - 2016-02-23 07:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 18:39 - 2016-02-23 07:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 18:39 - 2016-02-23 07:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 18:39 - 2016-02-23 07:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 18:39 - 2016-02-23 07:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 18:39 - 2016-02-23 07:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 18:39 - 2016-02-23 07:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 18:39 - 2016-02-23 07:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 18:39 - 2016-02-23 07:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 18:39 - 2016-02-23 07:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 18:39 - 2016-02-23 07:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 18:39 - 2016-02-23 07:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 18:39 - 2016-02-23 07:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 18:39 - 2016-02-23 07:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 18:39 - 2016-02-23 06:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 18:39 - 2016-02-23 06:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 18:39 - 2016-02-23 06:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 18:39 - 2016-02-23 06:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 18:39 - 2016-02-23 06:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 18:39 - 2016-02-23 06:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 18:39 - 2016-02-23 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 18:39 - 2016-02-23 06:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 18:39 - 2016-02-23 06:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 18:39 - 2016-02-23 06:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 18:39 - 2016-02-23 06:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 18:39 - 2016-02-23 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 18:39 - 2016-02-23 06:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 18:39 - 2016-02-23 06:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 18:39 - 2016-02-23 06:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 18:39 - 2016-02-23 06:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 18:39 - 2016-02-23 06:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 18:39 - 2016-02-23 06:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 18:39 - 2016-02-23 06:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 18:39 - 2016-02-23 06:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 18:39 - 2016-02-09 04:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 18:39 - 2016-02-09 04:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 18:39 - 2016-02-09 03:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 18:39 - 2016-02-09 03:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 18:39 - 2016-02-09 03:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 18:39 - 2016-02-09 03:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 18:39 - 2016-02-09 03:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 18:39 - 2016-02-09 03:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 18:38 - 2016-02-23 09:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 18:38 - 2016-02-23 08:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 18:38 - 2016-02-23 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 18:38 - 2016-02-23 08:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 18:38 - 2016-02-23 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 18:38 - 2016-02-23 08:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 18:38 - 2016-02-23 07:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 18:38 - 2016-02-23 07:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 18:38 - 2016-02-23 07:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 20:06 - 2016-03-01 20:27 - 00000000 ____D C:\Users\John\Desktop\HelpGBWorkWell
2016-02-29 17:59 - 2016-02-29 17:59 - 00000000 ____D C:\Users\Amy\Documents\ROBLOX
2016-02-28 19:49 - 2016-02-28 19:49 - 07304166 _____ C:\Users\John\Downloads\NASAHiddenUniverse.themepack
2016-02-27 14:41 - 2016-02-27 14:41 - 00003784 _____ C:\WINDOWS\System32\Tasks\John1 Merge
2016-02-27 14:40 - 2016-02-27 14:40 - 00004090 _____ C:\WINDOWS\System32\Tasks\John1
2016-02-27 14:09 - 2016-02-27 14:09 - 00000017 _____ C:\Users\John\AppData\Local\resmon.resmoncfg
2016-02-25 19:24 - 2016-02-25 19:24 - 00000000 ____D C:\Program Files\Common Files\Logitech
2016-02-23 16:18 - 2016-02-23 16:18 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 19:58 - 2016-02-22 19:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\SmartFTP
2016-02-22 19:58 - 2016-02-22 19:58 - 00000000 ____D C:\Users\John\AppData\Local\SmartFTP
2016-02-22 19:57 - 2016-02-22 19:57 - 00000000 ____D C:\Users\John\AppData\Roaming\SmartFTP
2016-02-22 19:57 - 2016-02-22 19:57 - 00000000 ____D C:\ProgramData\regid.2006-08.com.smartftp
2016-02-22 19:57 - 2016-02-22 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
2016-02-22 19:57 - 2016-02-22 19:57 - 00000000 ____D C:\Program Files\SmartFTP Client
2016-02-21 18:10 - 2016-02-21 18:10 - 00000000 ____D C:\Users\John\Documents\CyberLink
2016-02-21 18:10 - 2016-02-21 18:10 - 00000000 ____D C:\Users\John\AppData\Local\CyberLink
2016-02-19 23:11 - 2016-02-19 23:11 - 00002139 _____ C:\Users\John\Desktop\GeForce Experience.lnk
2016-02-19 22:36 - 2016-02-19 22:36 - 00000000 ____D C:\Users\John\Documents\My Games
2016-02-19 22:36 - 2016-02-19 22:36 - 00000000 ____D C:\ProgramData\Codemasters
2016-02-19 21:21 - 2016-02-19 21:21 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2016-02-16 20:20 - 2016-02-16 20:20 - 00763877 _____ C:\Users\John\Desktop\Primary School Menu 2016.pdf
2016-02-16 19:52 - 2016-03-08 10:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-02-16 19:52 - 2016-03-08 10:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-02-16 19:52 - 2016-02-09 08:25 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll
2016-02-16 19:52 - 2016-02-09 08:25 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll
2016-02-14 20:51 - 2016-02-14 20:51 - 00001116 _____ C:\Users\John\Desktop\HSfB WIP.lnk
2016-02-14 12:50 - 2016-02-28 19:32 - 00000000 ____D C:\Users\John\Desktop\Essential Tools
2016-02-14 10:55 - 2016-02-14 10:55 - 00020250 _____ C:\Users\John\Downloads\Dollarphotoclub_30123115.svg
2016-02-14 01:47 - 2016-02-14 01:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 - 2016-02-14 01:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 - 2016-02-14 01:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 - 2016-02-14 01:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-3-0.exe
2016-02-13 20:08 - 2016-02-13 20:08 - 00000000 ____D C:\Users\John\AppData\Roaming\NVIDIA
2016-02-12 21:34 - 2016-02-12 21:34 - 00969584 _____ (ROBLOX Corporation) C:\Users\Amy\Downloads\RobloxPlayerLauncher (2).exe
2016-02-12 21:33 - 2016-02-12 21:33 - 00969584 _____ (ROBLOX Corporation) C:\Users\Amy\Downloads\RobloxPlayerLauncher (1).exe
2016-02-12 09:23 - 2016-03-12 13:03 - 00001586 _____ C:\Users\Amy\Desktop\ROBLOX Player.lnk
2016-02-12 09:23 - 2016-03-12 13:03 - 00001401 _____ C:\Users\Amy\Desktop\ROBLOX Studio.lnk
2016-02-12 09:23 - 2016-03-10 18:13 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-12 09:23 - 2016-02-29 17:56 - 00000000 ____D C:\Users\Amy\AppData\Local\Roblox
2016-02-12 09:23 - 2016-02-12 21:29 - 00000248 _____ C:\Users\Amy\AppData\LocalLow\rbxcsettings.rbx
2016-02-12 09:22 - 2016-02-12 09:23 - 00969584 _____ (ROBLOX Corporation) C:\Users\Amy\Downloads\RobloxPlayerLauncher.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-13 11:59 - 2016-01-04 19:08 - 00000000 ____D C:\Users\John\Documents\Outlook Files
2016-03-13 11:37 - 2016-01-09 20:21 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 11:07 - 2015-12-22 04:07 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-13 11:07 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-13 11:03 - 2016-01-09 20:21 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 11:03 - 2016-01-04 18:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-13 11:03 - 2016-01-04 18:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 11:03 - 2016-01-04 13:41 - 00000000 ____D C:\MSI
2016-03-13 11:02 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-13 00:51 - 2016-01-09 14:28 - 00000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2016-03-13 00:51 - 2016-01-04 18:54 - 00000000 ____D C:\Users\John
2016-03-13 00:50 - 2016-01-09 14:28 - 00000000 ____D C:\Users\John\AppData\Local\Apple
2016-03-12 23:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-12 21:34 - 2016-01-04 16:09 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-03-12 21:18 - 2016-01-05 18:33 - 00000000 ____D C:\Users\Amy
2016-03-12 21:07 - 2016-01-05 18:33 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA
2016-03-12 20:05 - 2015-12-22 04:31 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-03-12 18:53 - 2016-01-04 13:12 - 00000000 ____D C:\ProgramData\Norton
2016-03-12 18:30 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-03-12 18:30 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-03-12 18:30 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-12 17:41 - 2016-01-04 13:13 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-03-12 17:41 - 2016-01-04 13:13 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-03-12 17:41 - 2016-01-04 13:13 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-12 17:40 - 2016-01-04 13:12 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-12 17:23 - 2016-01-04 13:08 - 00000000 ___RD C:\Users\John\OneDrive
2016-03-12 16:38 - 2016-01-05 02:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-12 16:38 - 2015-12-22 04:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-12 15:59 - 2015-12-22 04:24 - 00000000 ____D C:\ProgramData\iolo
2016-03-12 15:34 - 2015-10-30 09:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-12 15:34 - 2015-10-30 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-03-12 15:34 - 2015-10-30 09:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\IME
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-03-12 15:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-12 15:34 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\servicing
2016-03-12 13:41 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-12 12:07 - 2016-02-06 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-12 12:07 - 2016-01-04 18:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-11 21:13 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-11 21:10 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-11 21:09 - 2016-01-09 14:28 - 00000000 ____D C:\Users\John\AppData\Local\Apple Computer
2016-03-11 21:09 - 2016-01-09 14:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-11 21:08 - 2016-01-09 14:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-11 21:08 - 2016-01-04 15:48 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-11 21:08 - 2016-01-04 15:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-11 21:06 - 2016-01-04 13:08 - 00002366 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 21:05 - 2016-01-05 18:34 - 00002363 _____ C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 21:05 - 2016-01-05 18:34 - 00000000 ___RD C:\Users\Amy\OneDrive
2016-03-10 03:19 - 2016-01-04 16:03 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-09 09:22 - 2016-01-04 20:16 - 00000000 ____D C:\Users\John\AppData\Roaming\KeePass
2016-03-08 21:44 - 2016-01-04 18:52 - 00410136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-08 21:44 - 2016-01-04 13:13 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-03-08 21:43 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-08 21:43 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-08 21:43 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-08 21:43 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-08 20:15 - 2016-01-04 13:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-03-08 10:27 - 2016-02-06 19:05 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 10:27 - 2016-01-04 16:03 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 10:27 - 2016-01-04 16:03 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-08 10:27 - 2016-01-04 16:03 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 10:27 - 2016-01-04 16:03 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 10:27 - 2016-01-04 16:03 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 07:12 - 2015-10-30 07:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 07:12 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 06:42 - 2016-01-04 18:53 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 06:42 - 2016-01-04 18:53 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 06:42 - 2016-01-04 18:53 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 06:42 - 2016-01-04 18:53 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 06:42 - 2016-01-04 18:53 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 06:42 - 2016-01-04 18:53 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-08 06:42 - 2015-12-22 04:30 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 06:42 - 2015-12-22 04:30 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-07 20:50 - 2016-01-04 13:06 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2016-03-07 04:22 - 2016-01-04 18:53 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-05 19:01 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-05 18:30 - 2015-12-22 04:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 07:41 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-03 07:41 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-03 07:41 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-03 07:41 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-03 07:41 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-03 07:41 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-28 19:18 - 2016-01-04 16:00 - 00000000 ____D C:\Users\John\Desktop\User Icons
2016-02-27 20:42 - 2016-01-17 19:24 - 00000000 ____D C:\Users\John\Desktop\eBay
2016-02-27 12:55 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-27 12:55 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-27 12:51 - 2016-01-10 17:59 - 00000000 ____D C:\Program Files (x86)\Norton Utilities 14
2016-02-27 12:51 - 2015-12-22 04:09 - 00000000 ____D C:\ProgramData\Temp
2016-02-26 23:39 - 2016-01-10 20:14 - 00000000 ____D C:\Users\John\AppData\Roaming\CyberLink
2016-02-26 23:38 - 2016-01-04 21:08 - 00003196 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2016-02-26 23:38 - 2016-01-04 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2016-02-26 23:38 - 2016-01-04 21:08 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-02-26 23:37 - 2015-12-22 04:09 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-25 19:24 - 2016-01-10 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-02-25 19:24 - 2016-01-10 19:12 - 00000000 ____D C:\Program Files\Logitech
2016-02-23 16:19 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 16:18 - 2016-01-04 18:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-23 16:18 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 19:57 - 2015-12-22 04:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-20 19:15 - 2016-02-08 15:11 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA Corporation
2016-02-19 20:37 - 2016-01-09 20:21 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 07:30 - 2016-01-04 21:08 - 00066392 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe
2016-02-19 07:30 - 2016-01-04 21:08 - 00034736 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe
2016-02-19 07:20 - 2016-01-04 21:08 - 02182248 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
2016-02-19 07:20 - 2016-01-04 21:08 - 02123552 _____ (iolo technologies, LLC) C:\WINDOWS\SysWOW64\Incinerator32.dll
2016-02-17 06:40 - 2016-02-06 19:07 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-02-17 06:40 - 2016-02-06 19:07 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-02-17 06:40 - 2016-02-06 19:07 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-02-17 06:40 - 2016-02-06 19:07 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-02-17 06:40 - 2016-02-06 19:07 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-16 20:50 - 2016-01-04 13:07 - 00000000 ____D C:\Users\John\AppData\Local\NVIDIA
2016-02-16 20:05 - 2016-02-06 19:07 - 00000000 ____D C:\Users\John\AppData\Local\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2012-12-11 18:47 - 2012-12-11 18:47 - 0012288 _____ (Archlink Technology Corporation) C:\Users\John\AppData\Roaming\CheckOSandLaunch.exe
2012-12-12 15:14 - 2012-12-12 15:14 - 0001855 _____ () C:\Users\John\AppData\Roaming\CheckOSandLaunch.exe.config
2016-02-27 14:09 - 2016-02-27 14:09 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2015-12-22 04:19 - 2015-12-22 04:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-22 04:09 - 2015-12-22 04:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-22 04:15 - 2015-12-22 04:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-22 04:10 - 2015-12-22 04:14 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-11 22:40
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by John (2016-03-13 12:00:46)
Running from C:\Users\John\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-04 19:01:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3836024648-3634189077-2772633804-500 - Administrator - Disabled)
Amy (S-1-5-21-3836024648-3634189077-2772633804-1005 - Limited - Enabled) => C:\Users\Amy
chloe (S-1-5-21-3836024648-3634189077-2772633804-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-3836024648-3634189077-2772633804-503 - Limited - Disabled)
Guest (S-1-5-21-3836024648-3634189077-2772633804-501 - Limited - Disabled)
John (S-1-5-21-3836024648-3634189077-2772633804-1001 - Administrator - Enabled) => C:\Users\John
Martine (S-1-5-21-3836024648-3634189077-2772633804-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alienware Command Center (HKLM-x32\...\InstallShield_{3B0BFF91-F5EE-4EE3-84B9-5822AF012632}) (Version: 4.0.51.0 - Dell Inc.)
Alienware Command Center (Version: 4.0.51.0 - Dell Inc.) Hidden
Alienware Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell System Detect (HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version: - Codemasters Racing Studio)
Driving Recorder Player (HKLM-x32\...\{4B214065-5C62-4ECA-B99F-D31924006F31}) (Version: 1.0.4989.27635 - Archlink Technology Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4544164b-edf0-455c-b150-bed7109d751e}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
KeePass Password Safe 2.31 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.31 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.55.1230 - Rivet Networks)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Family (HKLM-x32\...\NSM) (Version: 3.5.0.43 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.1.202.0 - Seagate)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SliQ Invoicing Plus V5 (HKLM-x32\...\{F9934C93-3295-4BF5-9F23-3CCE7B92F149}) (Version: 5.003.0003 - SliQTools)
Smart Technology Programming Software 7.0.45.2 (HKLM\...\{431DEFDE-6862-4CBC-AA44-112164825D73}) (Version: 7.0.45.2 - Mad Catz)
SmartFTP Client (HKLM\...\{C9672BF3-92A4-49BB-ABFF-8F0361D7CF21}) (Version: 7.0.2195.0 - SmartSoft Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Sound Blaster Recon3Di (HKLM-x32\...\{A3DF88A7-3E53-4A8F-AD68-4C8AF98931AE}) (Version: 1.01.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WolfQuest version 2.7 (HKLM-x32\...\{4750E8EB-C63E-41B3-A2E7-1031670DD06C}_is1) (Version: 2.7 - Eduweb Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10D008B8-1303-419B-8B73-307A62B997A2} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {14F35438-058D-4EC7-B206-BC4EE33193D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-02-23] (Microsoft Corporation)
Task: {1AAC3F54-404E-4401-96D7-E1B788CB79A8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-19] (CyberLink)
Task: {1B0A22A1-BD9A-41D5-9961-766C9228C609} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {1CD4C7C9-AFE5-4F31-8342-F5BDA21084E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {22DAC662-DE2E-4667-A9A8-26255D162F2E} - System32\Tasks\John1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-08-13] (Seagate Technology LLC)
Task: {23708CE0-9C17-477B-9D35-BC202824E37A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {2CC83F46-B663-430A-B3FD-8C0204742338} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3C9DE2FE-A019-409F-99DC-83DA4AA5E03A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3EFA6FC0-36D7-4BB3-8FF4-A890F4C71E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {499F1B16-F9D0-4C84-A7BF-B9B49C86A8EE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {56518F03-B87B-4F4D-BF65-320B7C1DDDCC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {56F1548F-E7B0-45F7-A663-915C96A5083D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {577F250A-5CA8-48BE-9AE2-47725FFC82F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-02-23] (Microsoft Corporation)
Task: {598F4774-6FC8-4C76-9736-B7C7F13D30D0} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {687917BB-9850-426F-A9B5-EE10CFBA4F28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {78363374-EE04-4538-BA9B-03C9E87E85A4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {79B8FD88-02F9-4F9C-9C14-21967FD61965} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {7ACFABEF-600A-4509-BFC3-C4CBF9F6D5DC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-29] (CyberLink Corp.)
Task: {839C79B0-4ED3-4AA4-B179-1A38B82E8DEF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {8565AB03-4CE0-4852-8D74-2032FF0312C2} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {8A138AE8-3297-422C-ADC5-4E8AFB67FF31} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)
Task: {90962DC6-9C00-4DDA-A66C-853137F833B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {9A450292-B713-4B9B-B5F0-92392AE0555E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {9E78B1EA-2443-4C51-8E71-6ECAA4D84B49} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {A404AE0A-9344-403B-B572-D7977FE45CFE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {B9056DBF-9BFA-4F75-8481-F79324C483CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {E250EDF5-652F-4CD3-A8AC-94D9B2F06AE7} - System32\Tasks\John1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-08-13] (Seagate Technology LLC)
Task: {E331D2C9-981C-4BFF-9574-A4C9D04ECCCD} - System32\Tasks\Norton Family\Norton Autofix => C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E5B8F0F3-41ED-4475-9DE7-291F27384873} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {EA7FC093-A30B-4124-819E-117F974DF21F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-08-13] (Seagate Technology LLC)
Task: {F19A1405-170E-4D6A-9D5F-97BCABF0A5CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:17 - 2015-10-30 07:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-04 18:53 - 2016-03-08 06:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-04 18:10 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-01 21:42 - 2014-08-01 21:42 - 02067792 _____ () C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe
2014-08-19 04:33 - 2014-08-19 04:33 - 04033360 _____ () C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe
2014-09-13 01:28 - 2014-09-13 01:28 - 02021712 _____ () C:\Program Files\Alienware\Command Center\MSIControlService.exe
2014-10-22 21:32 - 2014-10-22 21:32 - 02257232 _____ () C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe
2014-08-08 04:14 - 2014-08-08 04:14 - 04174672 _____ () C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe
2016-02-19 23:10 - 2016-02-17 06:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-02-06 19:07 - 2016-02-17 06:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-02-19 23:10 - 2016-02-17 06:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 18:39 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 18:39 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-23 16:17 - 2016-02-04 13:53 - 08914120 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-01-21 18:34 - 2016-01-21 18:34 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-05 02:50 - 2016-01-05 02:50 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 18:39 - 2016-02-23 08:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 19:27 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 19:27 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 21:30 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 21:30 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-04 18:11 - 2016-01-04 18:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Root\Office16\tmpod.dll
2016-02-23 16:17 - 2016-02-04 13:50 - 01402048 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-03-04 09:14 - 2016-03-04 09:14 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-04 09:14 - 2016-03-04 09:14 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 09:14 - 2016-03-04 09:14 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-08-13 21:56 - 2014-08-13 21:56 - 00102736 _____ () C:\Program Files\Alienware\Command Center\ClockGen\IccLibDll.dll
2016-03-12 17:41 - 2015-05-29 11:46 - 00730440 ____R () C:\Program Files (x86)\Norton Family\Engine\3.5.0.43\cfi.dll
2016-03-08 22:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-08 22:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-08 22:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-08 22:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-08 22:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-21 18:34 - 2016-01-21 18:34 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 18:34 - 2016-01-21 18:34 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-06 19:07 - 2016-02-17 07:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-17 18:39 - 2015-12-17 18:39 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-12-17 18:39 - 2015-12-17 18:39 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-22 04:09 - 2014-12-08 07:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 23:28 - 2014-12-08 23:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2015-06-24 00:26 - 2015-06-24 00:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-02-19 20:37 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 20:37 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\Temp:D287FACF [374]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TampMon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TampMon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2016-03-13 00:31 - 00451027 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15472 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Alienware\AW_ChromeHead_72dpi.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ProfilerU"
HKLM\...\StartupApproved\Run: => "SaiMfd"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D74F4291-7C14-4BA8-9716-76982F516D90}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A71C6AAC-A8ED-4336-A1D2-0D267727F43C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{79952EA2-1C1D-4686-9B76-1B9920F932C5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{10A27C39-824A-42FB-9EAD-84764B294D75}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B4B090F2-14A5-4AF2-8084-D03156EFE8D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2CB64355-1512-40CD-9544-6B359ADF8BFB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E1B8A569-ED3F-4005-A8C8-9117D067A710}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{675FA270-3C34-40C7-BB6D-42786ABDD8B1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4D973646-9B6F-4CB8-9731-1C80C9B0B93E}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8EC48137-9605-4BCB-BD91-F928A4F1387B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{845FA073-CE7F-4FE9-B421-7F1C62B70526}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B521C59E-8567-428F-AE89-F145D063056F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E480C38D-DB26-47C4-B123-61A6F057A1BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F85C8AAE-85CC-440F-A438-5F42A3327267}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{068D3285-96C1-4F24-B6C2-C6AC6142BF35}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AFFA1B19-03A9-4D1A-A3FE-00370719EA93}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99A94416-DD1B-42F7-B16B-D892C1FFACB0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4CB45ACD-4F94-430E-BCA0-A19496E48071}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{68AC5BBD-3A5D-4F79-9436-D81486B01B13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{37F44D92-3CBA-43A4-BFC2-0A4D0ABE1203}] => (Allow) LPort=8888
FirewallRules: [{0E512767-8FD5-4B24-B0B7-5AFA7E7CD31D}] => (Allow) LPort=8888
FirewallRules: [{472FE39E-E971-48FD-99D2-BE493E2EA3DE}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{990842AA-4E4C-4DAF-9036-551DA4C78400}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{6F8C2A15-547B-4206-830F-5D88A128D185}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F254FC0A-13B7-4A21-BCA9-494228ECDB60}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C4CA902-F7BB-49DE-8A02-BEC53133A229}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5787B95-DB4E-4640-BEA2-1794675F80CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA785B80-AEF3-4315-B3DB-7D00D899CEF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9442DF08-A70D-442C-8B0F-811E85D53530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{386FD011-596E-4F79-BE83-1EAC992EEC3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{70E844EC-EF72-4820-BF06-1DABEE7CE0C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EDDF76D3-9E4F-490B-B82E-791E1ADFA9C6}] => (Allow) D:\Games\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{8DDD3FD0-F67E-4A53-86A6-3818640E01F9}] => (Allow) D:\Games\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{9D66F828-298C-4FFC-B1BE-2CF9BCA250A6}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 10:54:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.104, time stamp: 0x56aaffa0
Faulting module name: SHELL32.dll, version: 10.0.10586.122, time stamp: 0x56cbff3d
Exception code: 0xc0000005
Fault offset: 0x000000000008792b
Faulting process id: 0xa68
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (03/13/2016 10:54:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.104, time stamp: 0x56aaffa0
Faulting module name: SHELL32.dll, version: 10.0.10586.122, time stamp: 0x56cbff3d
Exception code: 0xc0000005
Fault offset: 0x000000000008792b
Faulting process id: 0x9d4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (03/12/2016 09:39:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: N360.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x001a5ff3
Faulting process id: 0x1734
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3
Faulting package full name: N360.exe4
Faulting package-relative application ID: N360.exe5

Error: (03/12/2016 09:34:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x32c4
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (03/12/2016 07:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x1cd0
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (03/12/2016 05:25:45 PM) (Source: MsiInstaller) (EventID: 11606) (User: ALIENTASTIC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (03/12/2016 05:25:43 PM) (Source: MsiInstaller) (EventID: 11606) (User: ALIENTASTIC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (03/12/2016 03:11:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALIENTASTIC)
Description: Activation of app Fitbit.Fitbit_6mqt6hf9g46tw!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 03:09:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALIENTASTIC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 03:09:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALIENTASTIC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/13/2016 11:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_30cf071 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 11:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_30cf071 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 11:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_30cf071 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 11:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_30cf071 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 11:02:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/13/2016 12:51:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_636be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 12:51:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_636be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 12:51:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_636be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 12:51:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_636be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/13/2016 12:51:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-03-12 18:49:21.281
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 17:24:46.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 08:53:53.335
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-08 21:44:40.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 09:07:20.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 19:45:31.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-27 13:24:44.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-25 19:24:51.704
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-23 16:18:45.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-11 13:14:05.819
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-5930K CPU @ 3.50GHz
Percentage of memory in use: 32%
Total physical RAM: 16271.54 MB
Available physical RAM: 10984.49 MB
Total Virtual: 18703.54 MB
Available Virtual: 12439.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:105.04 GB) (Free:26.68 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1557.2 GB) NTFS
Drive f: (WD) (Fixed) (Total:931.51 GB) (Free:931.26 GB) NTFS
Drive g: (Seagate1) (Fixed) (Total:465.69 GB) (Free:465.49 GB) NTFS
Drive h: (Seagate2) (Fixed) (Total:465.69 GB) (Free:465.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CD4D826D)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: CD4D83BC)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 13 March 2016 - 01:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 09:40 AM

Greetings Jackkane and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search & Destroy
iolo System Mechanic
SpyHunter 4

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001 -> {07799083-02C5-4504-875D-62367D3510E0} URL =
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
2015-12-22 04:19 - 2015-12-22 04:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-22 04:09 - 2015-12-22 04:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-22 04:15 - 2015-12-22 04:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-22 04:10 - 2015-12-22 04:14 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\Temp:D287FACF [374]
CMD: type "C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt"
File: C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall properly?
  • Fixlog
  • System Summary Information
  • Result.txt
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 01:25 PM

Hey Gary, my real name is John.  Many thanks for this help, you have no idea how much it's appreciated.

 

I've carried out your instructions word for word...

 

Did the programs uninstall properly?  Yes.  Spybot comes up with a prompt on reboot to re-install after a Windows 10 upgrade.  I've chosen the 'no' option and all seems fine.

Chrome has displayed a message - "your preferences file is corrupt or invalid.  Google Chrome is unable to recover your settings".

Instead of the MiniToolBox displaying a Results.txt file, the file was named MTB.txt.  I'm guessing not a problem, just wanted to mention it.

Computer behaviour - there hasn't been any trojan attacks today, before or after posting here or after the following your instructions.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by John (2016-03-13 17:45:28) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Amy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-3836024648-3634189077-2772633804-1001 -> {07799083-02C5-4504-875D-62367D3510E0} URL =
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
2015-12-22 04:19 - 2015-12-22 04:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-22 04:09 - 2015-12-22 04:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-22 04:15 - 2015-12-22 04:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-22 04:10 - 2015-12-22 04:14 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\Temp:D287FACF [374]
CMD: type "C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt"
File: C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
"HKU\S-1-5-21-3836024648-3634189077-2772633804-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07799083-02C5-4504-875D-62367D3510E0}" => key removed successfully
HKCR\CLSID\{07799083-02C5-4504-875D-62367D3510E0} => key not found. 
Chrome DefaultSuggestURL => removed successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log => moved successfully
C:\WINDOWS\Temp => ":$DATA" ADS removed successfully.
C:\ProgramData\Temp => ":792D4CF1" ADS removed successfully.
C:\ProgramData\Temp => ":D287FACF" ADS removed successfully.
 
=========  type "C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt" =========
 
12:32:36.0308 0x3548  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
12:32:36.0308 0x3548  UEFI system
12:32:43.0058 0x3548  ============================================================
12:32:43.0058 0x3548  Current date / time: 2016/03/12 12:32:43.0058
12:32:43.0058 0x3548  SystemInfo:
12:32:43.0059 0x3548  
12:32:43.0059 0x3548  OS Version: 10.0.10586 ServicePack: 0.0
12:32:43.0059 0x3548  Product type: Workstation
12:32:43.0059 0x3548  ComputerName: ALIENTASTIC
12:32:43.0059 0x3548  UserName: John
12:32:43.0059 0x3548  Windows directory: C:\WINDOWS
12:32:43.0059 0x3548  System windows directory: C:\WINDOWS
12:32:43.0059 0x3548  Running under WOW64
12:32:43.0059 0x3548  Processor architecture: Intel x64
12:32:43.0059 0x3548  Number of processors: 12
12:32:43.0059 0x3548  Page size: 0x1000
12:32:43.0059 0x3548  Boot type: Normal boot
12:32:43.0059 0x3548  ============================================================
12:32:43.0834 0x3548  KLMD registered as C:\WINDOWS\system32\drivers\82645820.sys
12:32:46.0019 0x3548  System UUID: {4C265EEB-8C16-527B-10A6-12BEAA398C97}
12:32:51.0178 0x3548  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:51.0193 0x3548  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:51.0217 0x3548  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:51.0219 0x3548  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:51.0223 0x3548  ============================================================
12:32:51.0223 0x3548  \Device\Harddisk0\DR0:
12:32:51.0224 0x3548  GPT partitions:
12:32:51.0224 0x3548  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C24C6E57-4726-4761-8AE3-A764D2D041BE}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
12:32:51.0224 0x3548  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CE65B30A-C97B-4FDF-A5FE-6AA2C2F381D5}, Name: Microsoft reserved partition, StartLBA 0xFA800, BlocksNum 0x40000
12:32:51.0224 0x3548  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D8FDC44C-492E-41F6-B718-08F31E585AC9}, Name: Basic data partition, StartLBA 0x13A800, BlocksNum 0xD215000
12:32:51.0224 0x3548  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {39BD42D6-4A73-4ECF-94D4-E4A65EB1392B}, Name: , StartLBA 0xD34F800, BlocksNum 0x1AA000
12:32:51.0224 0x3548  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1B49A858-1647-4E05-8A90-CFAEB37C563F}, Name: , StartLBA 0xD4F9800, BlocksNum 0x1982800
12:32:51.0224 0x3548  MBR partitions:
12:32:51.0224 0x3548  \Device\Harddisk1\DR1:
12:32:51.0224 0x3548  GPT partitions:
12:32:51.0224 0x3548  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0677ABD1-6DE0-4C92-81EC-269AB441B5E3}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
12:32:51.0225 0x3548  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {674E5584-BD74-4AA0-91EF-82E8121B5E7F}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
12:32:51.0225 0x3548  MBR partitions:
12:32:51.0225 0x3548  \Device\Harddisk2\DR2:
12:32:51.0225 0x3548  GPT partitions:
12:32:51.0225 0x3548  \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DFFD5318-45DD-4B14-9FC0-81FD3089851A}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
12:32:51.0225 0x3548  \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2C613BDA-1C4B-4717-83E9-B4DEBAFE227A}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3A363000
12:32:51.0225 0x3548  \Device\Harddisk2\DR2\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D3B41E6A-2EDA-4102-88EF-1FC570575F2B}, Name: Basic data partition, StartLBA 0x3A3A3800, BlocksNum 0x3A362800
12:32:51.0225 0x3548  MBR partitions:
12:32:51.0225 0x3548  \Device\Harddisk3\DR3:
12:32:51.0225 0x3548  MBR partitions:
12:32:51.0225 0x3548  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x72744320, BlocksNum 0x6C412B6C
12:32:51.0225 0x3548  ============================================================
12:32:51.0226 0x3548  C: <-> \Device\Harddisk0\DR0\Partition3
12:32:51.0239 0x3548  D: <-> \Device\Harddisk1\DR1\Partition2
12:32:51.0255 0x3548  G: <-> \Device\Harddisk2\DR2\Partition2
12:32:51.0286 0x3548  H: <-> \Device\Harddisk2\DR2\Partition3
12:32:51.0286 0x3548  ============================================================
12:32:51.0286 0x3548  Initialize success
12:32:51.0286 0x3548  ============================================================
12:33:18.0670 0x43a4  ============================================================
12:33:18.0670 0x43a4  Scan started
12:33:18.0670 0x43a4  Mode: Manual; 
12:33:18.0670 0x43a4  ============================================================
12:33:18.0670 0x43a4  KSN ping started
12:33:21.0014 0x43a4  KSN ping finished: true
12:33:22.0372 0x43a4  ================ Scan system memory ========================
12:33:22.0372 0x43a4  System memory - ok
12:33:22.0373 0x43a4  ================ Scan services =============================
12:33:22.0426 0x43a4  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
12:33:22.0432 0x43a4  1394ohci - ok
12:33:22.0448 0x43a4  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
12:33:22.0449 0x43a4  3ware - ok
12:33:22.0466 0x43a4  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
12:33:22.0472 0x43a4  ACPI - ok
12:33:22.0477 0x43a4  acpiex - ok
12:33:22.0479 0x43a4  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
12:33:22.0480 0x43a4  acpipagr - ok
12:33:22.0482 0x43a4  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
12:33:22.0483 0x43a4  AcpiPmi - ok
12:33:22.0487 0x43a4  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
12:33:22.0487 0x43a4  acpitime - ok
12:33:22.0525 0x43a4  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
12:33:22.0538 0x43a4  ADP80XX - ok
12:33:22.0543 0x43a4  AFD - ok
12:33:22.0548 0x43a4  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
12:33:22.0550 0x43a4  agp440 - ok
12:33:22.0553 0x43a4  ahcache - ok
12:33:22.0555 0x43a4  AJRouter - ok
12:33:22.0557 0x43a4  ALG - ok
12:33:22.0564 0x43a4  [ 24E8A917EE263A56B3C9AC4F3746315F, 4F443DBE7968E0DE1F78AB94F69019F4B4E1E5084C66FB4C93C3F058AEE64336 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
12:33:22.0565 0x43a4  AlienFusionService - ok
12:33:22.0571 0x43a4  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
12:33:22.0574 0x43a4  AmdK8 - ok
12:33:22.0581 0x43a4  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
12:33:22.0582 0x43a4  AmdPPM - ok
12:33:22.0586 0x43a4  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
12:33:22.0587 0x43a4  amdsata - ok
12:33:22.0593 0x43a4  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
12:33:22.0597 0x43a4  amdsbs - ok
12:33:22.0600 0x43a4  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
12:33:22.0600 0x43a4  amdxata - ok
12:33:22.0602 0x43a4  AppID - ok
12:33:22.0604 0x43a4  AppIDSvc - ok
12:33:22.0606 0x43a4  Appinfo - ok
12:33:22.0612 0x43a4  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:33:22.0613 0x43a4  Apple Mobile Device Service - ok
12:33:22.0615 0x43a4  AppReadiness - ok
12:33:22.0618 0x43a4  AppXSvc - ok
12:33:22.0622 0x43a4  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
12:33:22.0624 0x43a4  arcsas - ok
12:33:22.0629 0x43a4  [ D824FD03B63568DCAE78254A089213F8, AA46AD2F40F09812AE834D7D817005FBCE7965BB4D7424FFF0FB562AEC673C2E ] ArcService      C:\Program Files (x86)\Arc\ArcService.exe
12:33:22.0630 0x43a4  ArcService - ok
12:33:22.0632 0x43a4  AsyncMac - ok
12:33:22.0635 0x43a4  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
12:33:22.0635 0x43a4  atapi - ok
12:33:22.0637 0x43a4  AudioEndpointBuilder - ok
12:33:22.0639 0x43a4  Audiosrv - ok
12:33:22.0642 0x43a4  AxInstSV - ok
12:33:22.0653 0x43a4  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
12:33:22.0659 0x43a4  b06bdrv - ok
12:33:22.0663 0x43a4  BasicDisplay - ok
12:33:22.0665 0x43a4  BasicRender - ok
12:33:22.0668 0x43a4  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
12:33:22.0669 0x43a4  bcmfn - ok
12:33:22.0671 0x43a4  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
12:33:22.0671 0x43a4  bcmfn2 - ok
12:33:22.0673 0x43a4  BDESVC - ok
12:33:22.0675 0x43a4  Beep - ok
12:33:22.0677 0x43a4  BFE - ok
12:33:22.0682 0x43a4  [ 5D5D629F11A336C96F26EC41C3D016F1, 74B591BEFA59379EC0EEF863BDF92946E885F693FB8C30DA3262E28634C9B661 ] BfLwf           C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys
12:33:22.0684 0x43a4  BfLwf - ok
12:33:22.0737 0x43a4  [ 21F9843380D6151AE0E220B6CE73B9E4, 295142D36FEB1A993DACAA3302789877DDCB3EB527E4B0BA6A55AAC8975600D6 ] BHDrvx64        C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20160309.001\BHDrvx64.sys
12:33:22.0758 0x43a4  BHDrvx64 - ok
12:33:22.0764 0x43a4  BITS - ok
12:33:22.0782 0x43a4  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:33:22.0792 0x43a4  Bonjour Service - ok
12:33:22.0797 0x43a4  bowser - ok
12:33:22.0802 0x43a4  BrokerInfrastructure - ok
12:33:22.0807 0x43a4  Browser - ok
12:33:22.0813 0x43a4  BthAvrcpTg - ok
12:33:22.0818 0x43a4  BthEnum - ok
12:33:22.0826 0x43a4  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
12:33:22.0829 0x43a4  BthHFEnum - ok
12:33:22.0833 0x43a4  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
12:33:22.0834 0x43a4  bthhfhid - ok
12:33:22.0850 0x43a4  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
12:33:22.0855 0x43a4  BthHFSrv - ok
12:33:22.0858 0x43a4  BthLEEnum - ok
12:33:22.0861 0x43a4  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
12:33:22.0862 0x43a4  BTHMODEM - ok
12:33:22.0864 0x43a4  BthPan - ok
12:33:22.0868 0x43a4  BTHPORT - ok
12:33:22.0870 0x43a4  bthserv - ok
12:33:22.0875 0x43a4  BTHUSB - ok
12:33:22.0880 0x43a4  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
12:33:22.0881 0x43a4  buttonconverter - ok
12:33:22.0887 0x43a4  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
12:33:22.0889 0x43a4  CapImg - ok
12:33:22.0896 0x43a4  [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360x64\1606000.08E\ccSetx64.sys
12:33:22.0898 0x43a4  ccSet_N360 - ok
12:33:22.0903 0x43a4  cdfs - ok
12:33:22.0907 0x43a4  CDPSvc - ok
12:33:22.0910 0x43a4  cdrom - ok
12:33:22.0912 0x43a4  CertPropSvc - ok
12:33:22.0919 0x43a4  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
12:33:22.0920 0x43a4  circlass - ok
12:33:22.0922 0x43a4  CLFS - ok
12:33:22.0989 0x43a4  [ 15574335364D67EAE9E992E90B08C5C1, 828E57B77B717A3E1989671EB4E7D6BBCB4AEA00396322E18F51C6492E5196EC ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
12:33:23.0022 0x43a4  ClickToRunSvc - ok
12:33:23.0029 0x43a4  ClipSVC - ok
12:33:23.0047 0x43a4  [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
12:33:23.0051 0x43a4  CLVirtualDrive - ok
12:33:23.0057 0x43a4  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
12:33:23.0059 0x43a4  CmBatt - ok
12:33:23.0063 0x43a4  CNG - ok
12:33:23.0065 0x43a4  cnghwassist - ok
12:33:23.0079 0x43a4  CompositeBus - ok
12:33:23.0081 0x43a4  COMSysApp - ok
12:33:23.0083 0x43a4  condrv - ok
12:33:23.0085 0x43a4  CoreMessagingRegistrar - ok
12:33:23.0090 0x43a4  CryptSvc - ok
12:33:23.0100 0x43a4  [ E94E2A73DD415849CCAEEF50899FC486, 7A93BA6386DCD6F4CF1E41D347C19F844B51EC4EBA710601E9963A655467A691 ] CTAudSvcService c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
12:33:23.0107 0x43a4  CTAudSvcService - ok
12:33:23.0149 0x43a4  [ A9E3B1E3D310F26D7952F42A4BC9FCA8, A404F55DED161BC41E18E9ADF416E56914920F0A6A7EE88A1A868875333CCF40 ] cthda           C:\WINDOWS\system32\drivers\cthda.sys
12:33:23.0163 0x43a4  cthda - ok
12:33:23.0192 0x43a4  [ A4B16896D83B3B414FB82D2EB0890578, B6E627FBF21B9DC2C883067156EDB43BC0C912C89A6FB643F612F822E3075E88 ] CtHdaSvc        C:\WINDOWS\sysWow64\CtHdaSvc.exe
12:33:23.0197 0x43a4  CtHdaSvc - ok
12:33:23.0203 0x43a4  dam - ok
12:33:23.0211 0x43a4  DcomLaunch - ok
12:33:23.0213 0x43a4  DcpSvc - ok
12:33:23.0217 0x43a4  [ 3802CBF4BDDE6F99974B27EE1782E5F9, 51562209E16A1C0247D73D7BFC8827AE4A2E57AF11350379A8FBA1EC44E56E54 ] DDDriver        C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
12:33:23.0218 0x43a4  DDDriver - ok
12:33:23.0220 0x43a4  defragsvc - ok
12:33:23.0225 0x43a4  [ E5091E1A075B1AEC11B2AC55F8EAB6C8, 1FC8A835BD5374E2E6584B9FBE00D8F80FB45B256D846200C3517884A781299D ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
12:33:23.0227 0x43a4  Dell Foundation Services - ok
12:33:23.0269 0x43a4  [ 1D1C763596D86041E33B6B359259F400, 3A933A14870702430AC5F4DF645DD82FB493B2C2FACF5F7BADC1B4B562469887 ] DellDataVault   C:\Program Files\Dell\DellDataVault\DellDataVault.exe
12:33:23.0300 0x43a4  DellDataVault - ok
12:33:23.0307 0x43a4  [ 82E76841123EFCDD0CC2FE3B2BC0DD20, B0DED21BBF6DD1EDD87AFB7313237CA1CF62D19C506080A5F87F42E4610A1226 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
12:33:23.0310 0x43a4  DellDataVaultWiz - ok
12:33:23.0317 0x43a4  [ 58F416B0E25755C3EE1FC754A5EDE1FC, DD5658C3AA4F019A30A76C2EEFA4DF9DDCE2A9425CC93D8EC870521D17D172EA ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
12:33:23.0319 0x43a4  DellDigitalDelivery - ok
12:33:23.0323 0x43a4  [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf        C:\WINDOWS\system32\drivers\DellProf.sys
12:33:23.0324 0x43a4  DellProf - ok
12:33:23.0327 0x43a4  DeviceAssociationService - ok
12:33:23.0331 0x43a4  DeviceInstall - ok
12:33:23.0335 0x43a4  DevQueryBroker - ok
12:33:23.0339 0x43a4  Dfsc - ok
12:33:23.0343 0x43a4  Dhcp - ok
12:33:23.0348 0x43a4  diagnosticshub.standardcollector.service - ok
12:33:23.0352 0x43a4  DiagTrack - ok
12:33:23.0357 0x43a4  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
12:33:23.0359 0x43a4  disk - ok
12:33:23.0361 0x43a4  DmEnrollmentSvc - ok
12:33:23.0365 0x43a4  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
12:33:23.0366 0x43a4  dmvsc - ok
12:33:23.0369 0x43a4  dmwappushservice - ok
12:33:23.0373 0x43a4  Dnscache - ok
12:33:23.0379 0x43a4  dot3svc - ok
12:33:23.0383 0x43a4  DPS - ok
12:33:23.0387 0x43a4  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
12:33:23.0388 0x43a4  drmkaud - ok
12:33:23.0391 0x43a4  DsmSvc - ok
12:33:23.0393 0x43a4  DsSvc - ok
12:33:23.0395 0x43a4  DXGKrnl - ok
12:33:23.0397 0x43a4  Eaphost - ok
12:33:23.0449 0x43a4  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
12:33:23.0487 0x43a4  ebdrv - ok
12:33:23.0501 0x43a4  [ DB817375F4D6D3F2556DE7777775D885, 6DC5CC936E26CBB468ACDD008F6F8B30F8D9D1EC631BCDDF7E692814C9A54D7D ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:33:23.0507 0x43a4  eeCtrl - ok
12:33:23.0509 0x43a4  EFS - ok
12:33:23.0511 0x43a4  EhStorClass - ok
12:33:23.0515 0x43a4  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
12:33:23.0517 0x43a4  EhStorTcgDrv - ok
12:33:23.0519 0x43a4  embeddedmode - ok
12:33:23.0520 0x43a4  EntAppSvc - ok
12:33:23.0525 0x43a4  [ A47F76D4AAFD6193AAC5E049C560213D, 2B6E4EB31394C4D8D2444A197FFCC3C702BC17B0F7BDF0D6FF87DF5C14016FC1 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:33:23.0527 0x43a4  EraserUtilRebootDrv - ok
12:33:23.0529 0x43a4  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
12:33:23.0529 0x43a4  ErrDev - ok
12:33:23.0538 0x43a4  EventSystem - ok
12:33:23.0569 0x43a4  [ 8828725F79A93611CB4AB80B65DEC4F9, C208641DAD2EEBB07BAC489352CED7D6B3C7574836DD9D3158BB58089185C7C0 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:33:23.0578 0x43a4  EvtEng - ok
12:33:23.0583 0x43a4  exfat - ok
12:33:23.0587 0x43a4  fastfat - ok
12:33:23.0593 0x43a4  Fax - ok
12:33:23.0599 0x43a4  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
12:33:23.0601 0x43a4  fdc - ok
12:33:23.0603 0x43a4  fdPHost - ok
12:33:23.0605 0x43a4  FDResPub - ok
12:33:23.0607 0x43a4  fhsvc - ok
12:33:23.0609 0x43a4  FileCrypt - ok
12:33:23.0610 0x43a4  FileInfo - ok
12:33:23.0612 0x43a4  Filetrace - ok
12:33:23.0615 0x43a4  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
12:33:23.0616 0x43a4  flpydisk - ok
12:33:23.0619 0x43a4  FltMgr - ok
12:33:23.0622 0x43a4  FontCache - ok
12:33:23.0624 0x43a4  FontCache3.0.0.0 - ok
12:33:23.0627 0x43a4  FsDepends - ok
12:33:23.0629 0x43a4  Fs_Rec - ok
12:33:23.0631 0x43a4  fvevol - ok
12:33:23.0634 0x43a4  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
12:33:23.0635 0x43a4  gagp30kx - ok
12:33:23.0637 0x43a4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:33:23.0638 0x43a4  GEARAspiWDM - ok
12:33:23.0641 0x43a4  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
12:33:23.0641 0x43a4  gencounter - ok
12:33:23.0644 0x43a4  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
12:33:23.0644 0x43a4  genericusbfn - ok
12:33:23.0665 0x43a4  [ C5FA929A389F11330C780C1E97EF0740, A83EAD4A2F4DB236CC569CCAD619021C1E011CD70DEE249FE8594E8822640BBF ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:33:23.0678 0x43a4  GfExperienceService - ok
12:33:23.0682 0x43a4  GPIOClx0101 - ok
12:33:23.0683 0x43a4  gpsvc - ok
12:33:23.0685 0x43a4  GpuEnergyDrv - ok
12:33:23.0690 0x43a4  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:33:23.0692 0x43a4  gupdate - ok
12:33:23.0695 0x43a4  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:33:23.0697 0x43a4  gupdatem - ok
12:33:23.0699 0x43a4  HDAudBus - ok
12:33:23.0704 0x43a4  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
12:33:23.0705 0x43a4  HidBatt - ok
12:33:23.0709 0x43a4  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
12:33:23.0710 0x43a4  HidBth - ok
12:33:23.0714 0x43a4  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
12:33:23.0715 0x43a4  hidi2c - ok
12:33:23.0718 0x43a4  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
12:33:23.0719 0x43a4  hidinterrupt - ok
12:33:23.0722 0x43a4  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
12:33:23.0722 0x43a4  HidIr - ok
12:33:23.0725 0x43a4  hidserv - ok
12:33:23.0726 0x43a4  HidUsb - ok
12:33:23.0731 0x43a4  [ CE5BE8EEFC74B028C0A039FBCD70B66C, C4D686EAB4C4885D1AC6924CA8BA3B8239D61EF2DE4BC7E8C0A593DD3CEBD882 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
12:33:23.0733 0x43a4  HitmanProScheduler - ok
12:33:23.0735 0x43a4  HomeGroupListener - ok
12:33:23.0737 0x43a4  HomeGroupProvider - ok
12:33:23.0740 0x43a4  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
12:33:23.0741 0x43a4  HpSAMD - ok
12:33:23.0743 0x43a4  HTTP - ok
12:33:23.0744 0x43a4  hwpolicy - ok
12:33:23.0747 0x43a4  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
12:33:23.0748 0x43a4  hyperkbd - ok
12:33:23.0752 0x43a4  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
12:33:23.0754 0x43a4  i8042prt - ok
12:33:23.0757 0x43a4  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
12:33:23.0758 0x43a4  iai2c - ok
12:33:23.0763 0x43a4  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
12:33:23.0765 0x43a4  iaLPSS2i_I2C - ok
12:33:23.0767 0x43a4  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
12:33:23.0768 0x43a4  iaLPSSi_GPIO - ok
12:33:23.0772 0x43a4  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
12:33:23.0774 0x43a4  iaLPSSi_I2C - ok
12:33:23.0810 0x43a4  [ 12859E1215AA083A42E7ADCDE5C061D1, 262F9C65C3FA7EB69C4FA7C6547E1C79DB49697A083309909BC78726A116557F ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
12:33:23.0827 0x43a4  iaStorA - ok
12:33:23.0858 0x43a4  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
12:33:23.0874 0x43a4  iaStorAV - ok
12:33:23.0880 0x43a4  [ 14E3DB5ADA7E2187A404129F4E5CE336, 5925C8E9DC00A6C682D6A3B37C6EBF2C325D37C8E4BF584F0B5AAC5A7B666E47 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:33:23.0880 0x43a4  IAStorDataMgrSvc - ok
12:33:23.0892 0x43a4  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
12:33:23.0897 0x43a4  iaStorV - ok
12:33:23.0908 0x43a4  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
12:33:23.0913 0x43a4  ibbus - ok
12:33:23.0921 0x43a4  [ 127E0F8100D329A3814C80F47713FA79, 7724DA076BFE160576C4642A66839D89C23A1A84DCC6973B7863154D160C06C6 ] ibtsiva         C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
12:33:23.0923 0x43a4  ibtsiva - ok
12:33:23.0931 0x43a4  [ 470A04D92087136F147A2C6F31399906, 21D6D440D72FB59165E4C9241740BF6B344BCFDDD379CAC34CEB5B183FCFCF86 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
12:33:23.0934 0x43a4  ibtusb - ok
12:33:23.0938 0x43a4  icssvc - ok
12:33:23.0965 0x43a4  [ 3448DB2B812AA873ED6E5D609B1DB067, E0F9B35FE59713C09BD838FAD5305DF5FDF24DF1D88F8849F7F88466CF93A7F7 ] IDSVia64        C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20160311.001\IDSvia64.sys
12:33:23.0973 0x43a4  IDSVia64 - ok
12:33:23.0976 0x43a4  IEEtwCollectorService - ok
12:33:23.0978 0x43a4  IKEEXT - ok
12:33:23.0995 0x43a4  [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
12:33:24.0005 0x43a4  Intel® Capability Licensing Service TCP IP Interface - ok
12:33:24.0014 0x43a4  [ 8213094EA736A9C575AB0E22AD09B0BA, 12670A466B5AA37283BD4CB481D000DE3AE2A8D1BD159F67A41703A6FE5675EC ] Intel® Security Assist C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
12:33:24.0021 0x43a4  Intel® Security Assist - ok
12:33:24.0025 0x43a4  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
12:33:24.0026 0x43a4  intelide - ok
12:33:24.0030 0x43a4  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
12:33:24.0031 0x43a4  intelpep - ok
12:33:24.0034 0x43a4  intelppm - ok
12:33:24.0141 0x43a4  [ B4EF8C5440EE956A653CF71DF9D5D409, 8794806304331868E20DE2699A76F903C68B874514F3C6870E921A3086171D34 ] ioloEnergyBooster C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe
12:33:24.0210 0x43a4  ioloEnergyBooster - ok
12:33:24.0290 0x43a4  [ DADF8F493D283EAF8424A324795BCA28, 04DEABF139FBB4B384CE2D434035F77A2B4ADA0E9D1A637F61776EE0C6C1ABC3 ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
12:33:24.0343 0x43a4  ioloSystemService - ok
12:33:24.0351 0x43a4  IoQos - ok
12:33:24.0355 0x43a4  IpFilterDriver - ok
12:33:24.0361 0x43a4  iphlpsvc - ok
12:33:24.0368 0x43a4  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
12:33:24.0372 0x43a4  IPMIDRV - ok
12:33:24.0377 0x43a4  IPNAT - ok
12:33:24.0391 0x43a4  [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:33:24.0398 0x43a4  iPod Service - ok
12:33:24.0402 0x43a4  IRENUM - ok
12:33:24.0407 0x43a4  [ 1DFC3CCA51785254C5604238BB1A5467, 31451A90A91AEE14C6B24F84CB9816E5C77179D411B8B3E8547F538235BEEFB0 ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
12:33:24.0407 0x43a4  isaHelperSvc - ok
12:33:24.0411 0x43a4  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
12:33:24.0412 0x43a4  isapnp - ok
12:33:24.0421 0x43a4  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
12:33:24.0424 0x43a4  iScsiPrt - ok
12:33:24.0430 0x43a4  [ 51054A35D0303B0466F2031DAFDCE302, C02CB422BA3451C89D9524068D4F6B72073337035EC08C11397931A16E11590A ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
12:33:24.0432 0x43a4  jhi_service - ok
12:33:24.0436 0x43a4  kbdclass - ok
12:33:24.0440 0x43a4  kbdhid - ok
12:33:24.0444 0x43a4  kdnic - ok
12:33:24.0448 0x43a4  KeyIso - ok
12:33:24.0467 0x43a4  [ F2DD5E8329ED3B9AA17AED3204000D86, BA2DFBB3C5333C9FA217CE4BC18EBCFBD7ADEABF237620C1C7DE0B64EE949B5F ] Killer Service V2 C:\Program Files\Killer Networking\Network Manager\KillerService.exe
12:33:24.0474 0x43a4  Killer Service V2 - ok
12:33:24.0478 0x43a4  [ 3BC0909C96194CCFDE59CFC4063F2483, B0BFDDF34C7B79215D61A556A67A91F109892D84AFB42D3D2CDE55B83F5A0969 ] KillerEth       C:\WINDOWS\System32\drivers\e22w10x64.sys
12:33:24.0480 0x43a4  KillerEth - ok
12:33:24.0482 0x43a4  KSecDD - ok
12:33:24.0484 0x43a4  KSecPkg - ok
12:33:24.0487 0x43a4  ksthunk - ok
12:33:24.0489 0x43a4  KtmRm - ok
12:33:24.0492 0x43a4  LanmanServer - ok
12:33:24.0494 0x43a4  LanmanWorkstation - ok
12:33:24.0503 0x43a4  [ 20EE2F2ADCF8DBD091E931593F5AC268, 5F053F8B7C8B340A0364CE37B25D68B6755C2CCDB050C02E9B4E0929DF587E0F ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:33:24.0507 0x43a4  LBTServ - ok
12:33:24.0511 0x43a4  lfsvc - ok
12:33:24.0516 0x43a4  [ AFDFA4A6B0F7B15AA38E494FD4595741, 0D89CCEBC816F4A3F6DDB093B3F8BB8B85293E94559085961DA31F9330D43C21 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:33:24.0517 0x43a4  LHidFilt - ok
12:33:24.0520 0x43a4  LicenseManager - ok
12:33:24.0525 0x43a4  lltdio - ok
12:33:24.0530 0x43a4  lltdsvc - ok
12:33:24.0535 0x43a4  lmhosts - ok
12:33:24.0542 0x43a4  [ C3E82B320F34C97F32B8026F4C249BEF, CAF53CD4738D2C92E4764372F75B5D0D74EBA896E59E685ED15B915F4E7223A0 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:33:24.0543 0x43a4  LMouFilt - ok
12:33:24.0553 0x43a4  [ 36E02306E8697940D42C1DDA1CD1CE2A, BF98F2978FCFD13D8A7CC16AA0F8015DBDF14C92206C55FAF1EDB89728F5DC81 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:33:24.0558 0x43a4  LMS - ok
12:33:24.0563 0x43a4  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
12:33:24.0565 0x43a4  LSI_SAS - ok
12:33:24.0569 0x43a4  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
12:33:24.0570 0x43a4  LSI_SAS2i - ok
12:33:24.0574 0x43a4  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
12:33:24.0575 0x43a4  LSI_SAS3i - ok
12:33:24.0579 0x43a4  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
12:33:24.0580 0x43a4  LSI_SSS - ok
12:33:24.0582 0x43a4  LSM - ok
12:33:24.0583 0x43a4  luafv - ok
12:33:24.0586 0x43a4  MapsBroker - ok
12:33:24.0589 0x43a4  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
12:33:24.0590 0x43a4  megasas - ok
12:33:24.0608 0x43a4  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
12:33:24.0615 0x43a4  megasr - ok
12:33:24.0621 0x43a4  [ 5AC258A5845A72B91C675F44050058B2, 69D298B5774F299DE2EECF7B9238BFD36CDC0BAFB167FD0927398E4A89A5D63B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
12:33:24.0623 0x43a4  MEIx64 - ok
12:33:24.0626 0x43a4  MessagingService - ok
12:33:24.0652 0x43a4  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
12:33:24.0660 0x43a4  mlx4_bus - ok
12:33:24.0664 0x43a4  MMCSS - ok
12:33:24.0668 0x43a4  Modem - ok
12:33:24.0670 0x43a4  monitor - ok
12:33:24.0673 0x43a4  mouclass - ok
12:33:24.0676 0x43a4  mouhid - ok
12:33:24.0679 0x43a4  mountmgr - ok
12:33:24.0681 0x43a4  mpsdrv - ok
12:33:24.0684 0x43a4  MpsSvc - ok
12:33:24.0689 0x43a4  MRxDAV - ok
12:33:24.0694 0x43a4  mrxsmb - ok
12:33:24.0700 0x43a4  mrxsmb10 - ok
12:33:24.0704 0x43a4  mrxsmb20 - ok
12:33:24.0710 0x43a4  MsBridge - ok
12:33:24.0713 0x43a4  MSDTC - ok
12:33:24.0716 0x43a4  Msfs - ok
12:33:24.0720 0x43a4  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
12:33:24.0721 0x43a4  msgpiowin32 - ok
12:33:24.0723 0x43a4  mshidkmdf - ok
12:33:24.0725 0x43a4  mshidumdf - ok
12:33:24.0782 0x43a4  [ 94E0BF66E0A508BA63FDED37E1272E54, 710A7D2951124A205FC83D1CB3D676D5CC904CC140808E91904CBC5C8FDC4E0B ] MSIBIOSData_CC  C:\Program Files\Alienware\Command Center\BIOSData\MSIBIOSDataService.exe
12:33:24.0806 0x43a4  MSIBIOSData_CC - ok
12:33:24.0909 0x43a4  [ 91D681459FB46BBDCFC4B18EC433441F, 74CDC5BA14BAA503F97EE19E797716A7AC53B769998F2586A74DE71B5D8B367E ] MSIClock_CC     C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe
12:33:24.0962 0x43a4  MSIClock_CC - ok
12:33:25.0007 0x43a4  [ 52E385BA9B7C9F64D79BB790BED7654D, 709EC55B1708A26DD0E2D0955738AD732A6A36F5CAAC15CD7BCB33F67F7CCC31 ] MSICOMM_CC      C:\Program Files\Alienware\Command Center\MSICommService.exe
12:33:25.0030 0x43a4  MSICOMM_CC - ok
12:33:25.0109 0x43a4  [ 7AE1168DB5C96B9C0DC4DDF5E22A0573, 0EB903E2B6B78A481EB0A743EF2D8960D971DD2C22B58C518C2F2F3DD77BA44A ] MSICPU_CC       C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe
12:33:25.0156 0x43a4  MSICPU_CC - ok
12:33:25.0195 0x43a4  [ CF72FD930F155FBD08ED48D9AEB764A9, 3D2B2662940A1EB5BF731D87E5A940EC97226F24CC9BE3363215D1C369957428 ] MSICTL_CC       C:\Program Files\Alienware\Command Center\MSIControlService.exe
12:33:25.0218 0x43a4  MSICTL_CC - ok
12:33:25.0269 0x43a4  [ 6F10E96F96022E1FA825F9D8F18858D2, 6A7E320B91AD9098B758225ABAA220EBE9C3C9513EFCF05ABD78B85E1D1AA124 ] MSIDDR_CC       C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe
12:33:25.0295 0x43a4  MSIDDR_CC - ok
12:33:25.0304 0x43a4  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
12:33:25.0305 0x43a4  msisadrv - ok
12:33:25.0368 0x43a4  [ CE707129CD2994F6AB4B3A270AB6A1EA, 91CA53CBD8E17F02F47C26174AA8FD9A75810DACDD4F738DC3E35AF03D7DB14C ] MSISaveLoad_CC  C:\Program Files\Alienware\Command Center\MSISaveLoadService.exe
12:33:25.0423 0x43a4  MSISaveLoad_CC - ok
12:33:25.0430 0x43a4  MSiSCSI - ok
12:33:25.0436 0x43a4  msiserver - ok
12:33:25.0480 0x43a4  [ 3CF343BE2815B03680374E0472C63859, F6AB5C2646D406573BF0479A1972F5A28531E6C0154E69D2CEF6CA66294A1042 ] MSISMB_CC       C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe
12:33:25.0503 0x43a4  MSISMB_CC - ok
12:33:25.0517 0x43a4  [ 61255551D7660DDEC023278AC5E45133, 3D069B1F9977288D1FDC0EAC7306048D885F99469359992D4AA7D7C73A5FDEDE ] MSISuperIO_CC   C:\Program Files\Alienware\Command Center\SuperIO\MSISuperIOService.exe
12:33:25.0524 0x43a4  MSISuperIO_CC - ok
12:33:25.0528 0x43a4  [ 368596075C2C6FE069CF3B6906612E81, 7822507234CAF91A054E6E7128F6DA6FE6E2BEBA6C5065EE6E8737BF886933FB ] MSIWMI_CC       C:\Program Files\Alienware\Command Center\MSIWMIService.exe
12:33:25.0531 0x43a4  MSIWMI_CC - ok
12:33:25.0536 0x43a4  [ BCB39323EEF15C6269E618DF9428DB49, E27FC02D21822E5A75B736D2B367F249EE38CB884F2B1590958A4BA8D7F2A324 ] MSI_ODD_Service c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
12:33:25.0537 0x43a4  MSI_ODD_Service - ok
12:33:25.0541 0x43a4  MSKSSRV - ok
12:33:25.0546 0x43a4  MsLldp - ok
12:33:25.0552 0x43a4  MSPCLOCK - ok
12:33:25.0555 0x43a4  MSPQM - ok
12:33:25.0557 0x43a4  MsRPC - ok
12:33:25.0560 0x43a4  mssmbios - ok
12:33:25.0562 0x43a4  MSTEE - ok
12:33:25.0564 0x43a4  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
12:33:25.0565 0x43a4  MTConfig - ok
12:33:25.0567 0x43a4  Mup - ok
12:33:25.0570 0x43a4  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
12:33:25.0571 0x43a4  mvumis - ok
12:33:25.0580 0x43a4  [ F41102EEE5B1D6001CD003CED1D63812, 1A879823FAF5240A6CFAEBE999EB4097284C2D5541E4499B6D87CA6C214DD9CE ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:33:25.0583 0x43a4  MyWiFiDHCPDNS - ok
12:33:25.0595 0x43a4  [ B3C3841A4A46B88E394C66FDDD786F71, 8854B95F84C33DF228BAC2A458ECE4F0C170E788BF802E76AB952919ACCE50B8 ] N360            C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
12:33:25.0598 0x43a4  N360 - ok
12:33:25.0601 0x43a4  NativeWifiP - ok
12:33:25.0609 0x43a4  [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG          C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160311.021\ENG64.SYS
12:33:25.0611 0x43a4  NAVENG - ok
12:33:25.0657 0x43a4  [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15         C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160311.021\EX64.SYS
12:33:25.0679 0x43a4  NAVEX15 - ok
12:33:25.0688 0x43a4  NcaSvc - ok
12:33:25.0693 0x43a4  NcbService - ok
12:33:25.0698 0x43a4  NcdAutoSetup - ok
12:33:25.0705 0x43a4  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
12:33:25.0707 0x43a4  ndfltr - ok
12:33:25.0710 0x43a4  NDIS - ok
12:33:25.0713 0x43a4  NdisCap - ok
12:33:25.0715 0x43a4  NdisImPlatform - ok
12:33:25.0718 0x43a4  NdisTapi - ok
12:33:25.0721 0x43a4  Ndisuio - ok
12:33:25.0724 0x43a4  NdisVirtualBus - ok
12:33:25.0727 0x43a4  NdisWan - ok
12:33:25.0730 0x43a4  ndiswanlegacy - ok
12:33:25.0732 0x43a4  ndproxy - ok
12:33:25.0733 0x43a4  Ndu - ok
12:33:25.0738 0x43a4  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\WINDOWS\System32\drivers\netaapl64.sys
12:33:25.0739 0x43a4  Netaapl - ok
12:33:25.0740 0x43a4  NetBIOS - ok
12:33:25.0743 0x43a4  NetBT - ok
12:33:25.0745 0x43a4  Netlogon - ok
12:33:25.0749 0x43a4  Netman - ok
12:33:25.0754 0x43a4  netprofm - ok
12:33:25.0759 0x43a4  NetSetupSvc - ok
12:33:25.0765 0x43a4  NetTcpPortSharing - ok
12:33:25.0823 0x43a4  [ 387ADDE3084B0E98CD2943705377F9C8, CC29F396277518CED5453870E08653BE95BF0E0BD7DD94DF9E84A35FFE80CDAB ] NETwNb64        C:\WINDOWS\System32\drivers\Netwbw02.sys
12:33:25.0866 0x43a4  NETwNb64 - ok
12:33:25.0875 0x43a4  NgcCtnrSvc - ok
12:33:25.0879 0x43a4  NgcSvc - ok
12:33:25.0884 0x43a4  NlaSvc - ok
12:33:25.0889 0x43a4  Npfs - ok
12:33:25.0894 0x43a4  npsvctrig - ok
12:33:25.0898 0x43a4  nsi - ok
12:33:25.0903 0x43a4  nsiproxy - ok
12:33:25.0909 0x43a4  NTFS - ok
12:33:25.0912 0x43a4  [ 8D63E1A9FF4CAFEE1AF179C0C544365C, E68D453D333854787F8470C8BAEF3E0D082F26DF5AA19C0493898BCF3401E39A ] NTIOLib_MSICEN  C:\Program Files\Alienware\Command Center\NTIOLib_Thermals_X64.sys
12:33:25.0913 0x43a4  NTIOLib_MSICEN - ok
12:33:25.0915 0x43a4  [ 95E4C7B0384DA89DCE8EA6F31C3613D9, CF4B5FA853CE809F1924DF3A3AE3C4E191878C4EA5248D8785DC7E51807A512B ] NTIOLib_MSIClock_CC C:\Program Files\Alienware\Command Center\ClockGen\NTIOLib_X64.sys
12:33:25.0915 0x43a4  NTIOLib_MSIClock_CC - ok
12:33:25.0918 0x43a4  [ A711E6AB17802FABF2E69E0CD57C54CD, A9706E320179993DADE519A83061477ACE195DAA1B788662825484813001F526 ] NTIOLib_MSICOMM_CC C:\Program Files\Alienware\Command Center\NTIOLib_X64.sys
12:33:25.0918 0x43a4  NTIOLib_MSICOMM_CC - ok
12:33:25.0920 0x43a4  [ E9A30EDEF1105B8A64218F892B2E56ED, E83908EBA2501A00EF9E74E7D1C8B4FF1279F1CD6051707FD51824F87E4378FA ] NTIOLib_MSICPU_CC C:\Program Files\Alienware\Command Center\CPU\NTIOLib_X64.sys
12:33:25.0920 0x43a4  NTIOLib_MSICPU_CC - ok
12:33:25.0922 0x43a4  [ 6CCE5BB9C8C2A8293DF2D3B1897941A2, 9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B ] NTIOLib_MSIDDR_CC C:\Program Files\Alienware\Command Center\DDR\NTIOLib_X64.sys
12:33:25.0923 0x43a4  NTIOLib_MSIDDR_CC - ok
12:33:25.0925 0x43a4  [ 63E333D64A8716E1AE59F914CB686AE8, 3124B0411B8077605DB2A9B7909D8240E0D554496600E2706E531C93C931E1B5 ] NTIOLib_MSIFrequency_CC C:\Program Files\Alienware\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys
12:33:25.0926 0x43a4  NTIOLib_MSIFrequency_CC - ok
12:33:25.0928 0x43a4  [ 68DDE686D6999AD2E5D182B20403240B, 591BD5E92DFA0117B3DAA29750E73E2DB25BAA717C31217539D30FFB1F7F3A52 ] NTIOLib_MSIRatio_CC C:\Program Files\Alienware\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys
12:33:25.0929 0x43a4  NTIOLib_MSIRatio_CC - ok
12:33:25.0932 0x43a4  [ 3DBF69F935EA48571EA6B0F5A2878896, E005E8D183E853A27AD3BB56F25489F369C11B0D47E3D4095AAD9291B3343BF1 ] NTIOLib_MSISMB_CC C:\Program Files\Alienware\Command Center\SMBus\NTIOLib_X64.sys
12:33:25.0933 0x43a4  NTIOLib_MSISMB_CC - ok
12:33:25.0934 0x43a4  [ DD04CD3DE0C19BEDE84E9C95A86B3CA8, CD4A249C3EF65AF285D0F8F30A8A96E83688486AAB515836318A2559757A89BB ] NTIOLib_MSISuperIO_CC C:\Program Files\Alienware\Command Center\SuperIO\NTIOLib_X64.sys
12:33:25.0935 0x43a4  NTIOLib_MSISuperIO_CC - ok
12:33:25.0936 0x43a4  [ 3F39F013168428C8E505A7B9E6CBA8A2, 6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4 ] NTIOLib_X64     C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys
12:33:25.0937 0x43a4  NTIOLib_X64 - ok
12:33:25.0939 0x43a4  Null - ok
12:33:25.0944 0x43a4  [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
12:33:25.0947 0x43a4  NVHDA - ok
12:33:26.0127 0x43a4  [ 597C022F2A7E5D31ED3BAD18C75D5552, 1D0A32A2A23FC8BA5E02A8EB248902EF234DBCEFA53454C4AEA3B92D7043A2B3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
12:33:26.0270 0x43a4  nvlddmkm - ok
12:33:26.0317 0x43a4  [ 3D596244C1B93A506292DA07CC2B123F, 1604F8B4B89D599C1944E6FF9A0D35DDB1E34BAEC0315E23070180959644DCF2 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:33:26.0338 0x43a4  NvNetworkService - ok
12:33:26.0345 0x43a4  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
12:33:26.0348 0x43a4  nvraid - ok
12:33:26.0349 0x0e7c  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
12:33:26.0353 0x43a4  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
12:33:26.0355 0x43a4  nvstor - ok
12:33:26.0358 0x43a4  [ 27DF221148B9C1A3EA8900D87ABC30F5, 904B4C99EB039C6D2474E30A0E03B700486BED61D226A1A5095BFF729B91C3F2 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:33:26.0359 0x43a4  NvStreamKms - ok
12:33:26.0457 0x43a4  [ 4B8F9A38BBE8ACCA6D48E253FFE2393A, 11D9ED3E3C5C3D544E83284E24A93632B9B5FF277639DF18046C0564FB838155 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
12:33:26.0530 0x43a4  NvStreamNetworkSvc - ok
12:33:26.0596 0x43a4  [ 2035827FCA3BDF5F37A3B64C8D284176, B3CCCF3AEBBF1D5BC756EEA433CD06A7650294CA4FF09FBCD985085B4692B846 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
12:33:26.0628 0x43a4  NvStreamSvc - ok
12:33:26.0656 0x43a4  [ 38885AE14957B271496CD7DA19CF2697, 1A506872585B6C5B5DD3F2927F70DE6393977167D72DC0A31FB2267B9FF89A49 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
12:33:26.0674 0x43a4  nvsvc - ok
12:33:26.0679 0x43a4  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
12:33:26.0681 0x43a4  nvvad_WaveExtensible - ok
12:33:26.0686 0x43a4  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
12:33:26.0690 0x43a4  nv_agp - ok
12:33:26.0693 0x43a4  OneSyncSvc - ok
12:33:26.0728 0x43a4  [ 40CB809645F1D0A93C535F9B0402F269, E683ED4ED824CE4E49715F23E3D3E8245B398D7A0D279E1F31470B9D7AF7E223 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
12:33:26.0752 0x43a4  Origin Client Service - ok
12:33:26.0759 0x43a4  [ 74C31FA4934D9A7766AAC5283AEBB993, 36B6B50E7EDD740469C6BD0B03B00A26380776342D8C38CE21D6FE4B2AB4471C ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:33:26.0762 0x43a4  ose64 - ok
12:33:26.0764 0x43a4  p2pimsvc - ok
12:33:26.0766 0x43a4  p2psvc - ok
12:33:26.0772 0x43a4  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
12:33:26.0774 0x43a4  Parport - ok
12:33:26.0777 0x43a4  partmgr - ok
12:33:26.0781 0x43a4  PcaSvc - ok
12:33:26.0788 0x43a4  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\WINDOWS\system32\drivers\pci.sys
12:33:26.0792 0x43a4  pci - ok
12:33:26.0797 0x43a4  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
12:33:26.0798 0x43a4  pciide - ok
12:33:26.0806 0x43a4  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
12:33:26.0807 0x43a4  pcmcia - ok
12:33:26.0809 0x43a4  pcw - ok
12:33:26.0813 0x43a4  pdc - ok
12:33:26.0818 0x43a4  PEAUTH - ok
12:33:26.0824 0x43a4  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
12:33:26.0825 0x43a4  percsas2i - ok
12:33:26.0830 0x43a4  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
12:33:26.0831 0x43a4  percsas3i - ok
12:33:26.0854 0x43a4  PerfHost - ok
12:33:26.0865 0x43a4  PhoneSvc - ok
12:33:26.0870 0x43a4  PimIndexMaintenanceSvc - ok
12:33:26.0874 0x43a4  pla - ok
12:33:26.0875 0x43a4  PlugPlay - ok
12:33:26.0877 0x43a4  PNRPAutoReg - ok
12:33:26.0879 0x43a4  PNRPsvc - ok
12:33:26.0881 0x43a4  PolicyAgent - ok
12:33:26.0884 0x43a4  Power - ok
12:33:26.0887 0x43a4  PptpMiniport - ok
12:33:26.0958 0x43a4  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
12:33:27.0020 0x43a4  PrintNotify - ok
12:33:27.0030 0x43a4  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
12:33:27.0032 0x43a4  Processor - ok
12:33:27.0036 0x43a4  ProfSvc - ok
12:33:27.0041 0x43a4  Psched - ok
12:33:27.0046 0x43a4  QWAVE - ok
12:33:27.0051 0x43a4  QWAVEdrv - ok
12:33:27.0056 0x43a4  RasAcd - ok
12:33:27.0058 0x43a4  RasAgileVpn - ok
12:33:27.0060 0x43a4  RasAuto - ok
12:33:27.0063 0x43a4  Rasl2tp - ok
12:33:27.0065 0x43a4  RasMan - ok
12:33:27.0066 0x43a4  RasPppoe - ok
12:33:27.0070 0x43a4  RasSstp - ok
12:33:27.0074 0x43a4  [ 0C7AF32DD37EDE54916F3C2B8E6F9B6A, 33DE531356F37186A178C65595C04A1D481D149939DFE48C8BDD9DF5ACBEAF5E ] RawDisk3        C:\WINDOWS\system32\drivers\rawdsk3.sys
12:33:27.0075 0x43a4  RawDisk3 - ok
12:33:27.0077 0x43a4  rdbss - ok
12:33:27.0080 0x43a4  rdpbus - ok
12:33:27.0081 0x43a4  RDPDR - ok
12:33:27.0085 0x43a4  RdpVideoMiniport - ok
12:33:27.0092 0x43a4  rdyboost - ok
12:33:27.0094 0x43a4  ReFSv1 - ok
12:33:27.0099 0x43a4  [ 0060A50F5E3A397E1F84B0C8F5F9898B, 685452985AF6BF68A63A8A306E7BFA4051B0E8C41CA67EE74D506E6F560FF5DD ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:33:27.0100 0x43a4  RegSrvc - ok
12:33:27.0102 0x43a4  RemoteAccess - ok
12:33:27.0105 0x43a4  RemoteRegistry - ok
12:33:27.0107 0x15ac  Object required for P2P: [ DADF8F493D283EAF8424A324795BCA28 ] ioloSystemService
12:33:27.0109 0x43a4  RetailDemo - ok
12:33:27.0111 0x43a4  RFCOMM - ok
12:33:27.0117 0x43a4  [ E6F4C01AEA6F4E2A1A4C0F67CECD0C13, 43CC0C51B7CA52FFFED528CC560B63EA007BB4E74FF577C322663227296389F8 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:33:27.0120 0x43a4  RichVideo - ok
12:33:27.0123 0x43a4  RpcEptMapper - ok
12:33:27.0125 0x43a4  RpcLocator - ok
12:33:27.0127 0x43a4  RpcSs - ok
12:33:27.0129 0x43a4  rspndr - ok
12:33:27.0138 0x43a4  [ 4AB1F05888033A2ED6574DB155B9D090, 71AB2CA4BB80689092BAFFD4EA1B1CFBAAD22FE0E68FAA1DED9E8A1CD595BE92 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
12:33:27.0143 0x43a4  RTSUER - ok
12:33:27.0145 0x43a4  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
12:33:27.0146 0x43a4  s3cap - ok
12:33:27.0148 0x43a4  [ 5FB00795AE503F4E8B91230C62276925, 20588E22E8DB8D32F1C80D361743DE68D757E7D75E33D89B6E21EB803499E69E ] SaiMini         C:\WINDOWS\System32\drivers\SaiMini.sys
12:33:27.0149 0x43a4  SaiMini - ok
12:33:27.0151 0x43a4  [ 22A2C249BFB87185DC7018AE720BC399, 3AC804A1DE014BC5D0024370DEF9B7E133ECEBC988D830CE3D6275026B3ABF25 ] SaiNtBus        C:\WINDOWS\system32\drivers\SaiBus.sys
12:33:27.0152 0x43a4  SaiNtBus - ok
12:33:27.0155 0x43a4  SamSs - ok
12:33:27.0158 0x43a4  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
12:33:27.0160 0x43a4  sbp2port - ok
12:33:27.0162 0x43a4  SCardSvr - ok
12:33:27.0164 0x43a4  ScDeviceEnum - ok
12:33:27.0166 0x43a4  scfilter - ok
12:33:27.0169 0x43a4  Schedule - ok
12:33:27.0171 0x43a4  SCPolicySvc - ok
12:33:27.0177 0x43a4  [ 70165A0A2653FB8AFDE3D85000727F29, BAC35D7B0296CAC78EAC4266FC96E292174827E0B24ECAF085228B26A5052911 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
12:33:27.0181 0x43a4  sdbus - ok
12:33:27.0183 0x43a4  SDRSVC - ok
12:33:27.0212 0x43a4  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:33:27.0231 0x43a4  SDScannerService - ok
12:33:27.0237 0x43a4  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
12:33:27.0238 0x43a4  sdstor - ok
12:33:27.0270 0x43a4  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:33:27.0293 0x43a4  SDUpdateService - ok
12:33:27.0300 0x43a4  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:33:27.0302 0x43a4  SDWSCService - ok
12:33:27.0308 0x43a4  [ 5B08EB94DCB9B5E21627A1CE692541CF, 7B4AC3A578E179B069265996C3A6F8CEC90882A8C237372C332EA1C6A273EB4D ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
12:33:27.0309 0x43a4  Seagate Dashboard Services - ok
12:33:27.0312 0x43a4  [ 41769C4A7CDD892BF09B0E967BBE9454, 75069920B9AA8D6214D8C7837AE18B55038EE3B5F87AEB0C8179B719FCCAB738 ] Seagate MobileBackup Service C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
12:33:27.0314 0x43a4  Seagate MobileBackup Service - ok
12:33:27.0316 0x43a4  seclogon - ok
12:33:27.0318 0x43a4  SENS - ok
12:33:27.0320 0x43a4  SensorDataService - ok
12:33:27.0323 0x43a4  SensorService - ok
12:33:27.0324 0x43a4  SensrSvc - ok
12:33:27.0326 0x43a4  SerCx - ok
12:33:27.0328 0x43a4  SerCx2 - ok
12:33:27.0331 0x43a4  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
12:33:27.0332 0x43a4  Serenum - ok
12:33:27.0335 0x43a4  [ 88D58E1DAA6C5062DD3A26273106961F, D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B ] Serial          C:\WINDOWS\System32\drivers\serial.sys
12:33:27.0336 0x43a4  Serial - ok
12:33:27.0338 0x43a4  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
12:33:27.0339 0x43a4  sermouse - ok
12:33:27.0344 0x43a4  SessionEnv - ok
12:33:27.0346 0x43a4  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
12:33:27.0347 0x43a4  sfloppy - ok
12:33:27.0348 0x43a4  SharedAccess - ok
12:33:27.0350 0x43a4  ShellHWDetection - ok
12:33:27.0353 0x43a4  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
12:33:27.0354 0x43a4  SiSRaid2 - ok
12:33:27.0357 0x43a4  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
12:33:27.0359 0x43a4  SiSRaid4 - ok
12:33:27.0360 0x43a4  smphost - ok
12:33:27.0362 0x43a4  SmsRouter - ok
12:33:27.0366 0x43a4  SNMPTRAP - ok
12:33:27.0377 0x43a4  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
12:33:27.0383 0x43a4  spaceport - ok
12:33:27.0385 0x43a4  SpbCx - ok
12:33:27.0388 0x43a4  Spooler - ok
12:33:27.0390 0x43a4  sppsvc - ok
12:33:27.0407 0x43a4  [ D6786650A26543FFF83806057458B96E, 1002A5E6338255ACF9E7DD901378CB8BCE0FC6A7503C6D78EEBF8BAD619ECBC4 ] SRTSP           C:\WINDOWS\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS
12:33:27.0417 0x43a4  SRTSP - ok
12:33:27.0422 0x43a4  [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX          C:\WINDOWS\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS
12:33:27.0423 0x43a4  SRTSPX - ok
12:33:27.0426 0x43a4  srv - ok
12:33:27.0429 0x43a4  srv2 - ok
12:33:27.0433 0x43a4  srvnet - ok
12:33:27.0437 0x43a4  SSDPSRV - ok
12:33:27.0441 0x43a4  SstpSvc - ok
12:33:27.0446 0x43a4  StateRepository - ok
12:33:27.0473 0x43a4  [ 81433E112B6BD31B59519BA31EF927DB, DD1776E5729F22C58A4969132E0C105B0E48672ADC4E8FD958A8D5A627596BBA ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:33:27.0482 0x43a4  Steam Client Service - ok
12:33:27.0502 0x43a4  [ 419226C42B9427BB7D04F05BBA9C7FC9, 4D6910C250C6A48D79CA3253CC4529E37C37C38876F91B62B2CF92C63EA68F39 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:33:27.0506 0x43a4  Stereo Service - ok
12:33:27.0511 0x43a4  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
12:33:27.0512 0x43a4  stexstor - ok
12:33:27.0515 0x43a4  stisvc - ok
12:33:27.0520 0x43a4  storahci - ok
12:33:27.0526 0x43a4  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
12:33:27.0527 0x43a4  storflt - ok
12:33:27.0532 0x43a4  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
12:33:27.0533 0x43a4  stornvme - ok
12:33:27.0535 0x43a4  storqosflt - ok
12:33:27.0537 0x43a4  StorSvc - ok
12:33:27.0540 0x43a4  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
12:33:27.0540 0x43a4  storufs - ok
12:33:27.0544 0x43a4  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
12:33:27.0545 0x43a4  storvsc - ok
12:33:27.0548 0x43a4  [ 14ADA448C5083CBF44638ACA517D3AC6, BABD5B7D53A0BE39A87A77043A5FD8F7E3AEDD37305602B533A2D6DB0667C3ED ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
12:33:27.0549 0x43a4  SupportAssistAgent - ok
12:33:27.0551 0x43a4  svsvc - ok
12:33:27.0552 0x43a4  swenum - ok
12:33:27.0554 0x43a4  swprv - ok
12:33:27.0593 0x43a4  [ 6F227CF9E64364578E2DABD1EF6E51A4, D5223B441A319D4C57FDBEA9BFBB8E5C95CA6F7B6AE6F4029BCE84A5CCE51B33 ] SymEFASI        C:\WINDOWS\system32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS
12:33:27.0612 0x43a4  SymEFASI - ok
12:33:27.0620 0x43a4  [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM         C:\WINDOWS\system32\drivers\N360x64\1606000.08E\SymELAM.sys
12:33:27.0621 0x43a4  SymELAM - ok
12:33:27.0630 0x43a4  [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:33:27.0635 0x43a4  SymEvent - ok
12:33:27.0651 0x43a4  [ EC8538693C84E5B85014CB0F4174A8B7, 570D4193A5616A65962D086048D51C37BE166B77ED7293DF3E8871A502831261 ] SymIRON         C:\WINDOWS\system32\drivers\N360x64\1606000.08E\Ironx64.SYS
12:33:27.0654 0x43a4  SymIRON - ok
12:33:27.0666 0x43a4  [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS         C:\WINDOWS\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS
12:33:27.0672 0x43a4  SymNetS - ok
12:33:27.0678 0x43a4  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
12:33:27.0679 0x43a4  Synth3dVsc - ok
12:33:27.0683 0x43a4  SysMain - ok
12:33:27.0689 0x43a4  SystemEventsBroker - ok
12:33:27.0704 0x43a4  TabletInputService - ok
12:33:27.0719 0x43a4  TapiSrv - ok
12:33:27.0724 0x43a4  Tcpip - ok
12:33:27.0726 0x43a4  Tcpip6 - ok
12:33:27.0731 0x43a4  tcpipreg - ok
12:33:27.0734 0x43a4  tdx - ok
12:33:27.0739 0x43a4  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
12:33:27.0739 0x43a4  terminpt - ok
12:33:27.0742 0x43a4  TermService - ok
12:33:27.0743 0x43a4  Themes - ok
12:33:27.0749 0x43a4  [ 523ABABA975A8C171C0E3E1E4AD656A2, A27D67C75B6328240F1E785C4C4B897BC8F99D70AF51D383DB8B3976AF18FB50 ] ThermalsWindowsService C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe
12:33:27.0750 0x43a4  ThermalsWindowsService - ok
12:33:27.0752 0x43a4  TieringEngineService - ok
12:33:27.0754 0x43a4  tiledatamodelsvc - ok
12:33:27.0756 0x43a4  TimeBroker - ok
12:33:27.0761 0x43a4  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
12:33:27.0764 0x43a4  TPM - ok
12:33:27.0766 0x43a4  TrkWks - ok
12:33:27.0768 0x43a4  TrustedInstaller - ok
12:33:27.0772 0x43a4  tsusbflt - ok
12:33:27.0774 0x43a4  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
12:33:27.0775 0x43a4  TsUsbGD - ok
12:33:27.0778 0x43a4  tunnel - ok
12:33:27.0780 0x43a4  tzautoupdate - ok
12:33:27.0783 0x43a4  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
12:33:27.0784 0x43a4  uagp35 - ok
12:33:27.0791 0x43a4  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
12:33:27.0792 0x43a4  UASPStor - ok
12:33:27.0794 0x43a4  UcmCx0101 - ok
12:33:27.0797 0x43a4  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
12:33:27.0798 0x43a4  UcmUcsi - ok
12:33:27.0800 0x43a4  Ucx01000 - ok
12:33:27.0802 0x43a4  UdeCx - ok
12:33:27.0805 0x43a4  udfs - ok
12:33:27.0811 0x43a4  UEFI - ok
12:33:27.0814 0x43a4  Ufx01000 - ok
12:33:27.0818 0x43a4  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
12:33:27.0819 0x43a4  UfxChipidea - ok
12:33:27.0823 0x43a4  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
12:33:27.0825 0x43a4  ufxsynopsys - ok
12:33:27.0829 0x43a4  UI0Detect - ok
12:33:27.0832 0x43a4  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
12:33:27.0833 0x43a4  uliagpkx - ok
12:33:27.0835 0x43a4  umbus - ok
12:33:27.0840 0x43a4  UmPass - ok
12:33:27.0845 0x43a4  UmRdpService - ok
12:33:27.0847 0x43a4  UnistoreSvc - ok
12:33:27.0851 0x43a4  upnphost - ok
12:33:27.0854 0x43a4  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
12:33:27.0854 0x43a4  UrsChipidea - ok
12:33:27.0856 0x43a4  UrsCx01000 - ok
12:33:27.0859 0x43a4  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
12:33:27.0859 0x43a4  UrsSynopsys - ok
12:33:27.0862 0x43a4  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
12:33:27.0863 0x43a4  USBAAPL64 - ok
12:33:27.0867 0x43a4  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:33:27.0869 0x43a4  usbaudio - ok
12:33:27.0871 0x43a4  usbccgp - ok
12:33:27.0874 0x43a4  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
12:33:27.0876 0x43a4  usbcir - ok
12:33:27.0877 0x43a4  usbehci - ok
12:33:27.0879 0x43a4  usbhub - ok
12:33:27.0881 0x43a4  USBHUB3 - ok
12:33:27.0884 0x43a4  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
12:33:27.0885 0x43a4  usbohci - ok
12:33:27.0890 0x43a4  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
12:33:27.0891 0x43a4  usbprint - ok
12:33:27.0895 0x43a4  [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:33:27.0896 0x43a4  usbscan - ok
12:33:27.0900 0x43a4  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
12:33:27.0901 0x43a4  usbser - ok
12:33:27.0905 0x43a4  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
12:33:27.0907 0x43a4  USBSTOR - ok
12:33:27.0909 0x43a4  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
12:33:27.0910 0x43a4  usbuhci - ok
12:33:27.0916 0x43a4  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
12:33:27.0919 0x43a4  usbvideo - ok
12:33:27.0922 0x43a4  USBXHCI - ok
12:33:27.0927 0x43a4  UserDataSvc - ok
12:33:27.0931 0x43a4  UserManager - ok
12:33:27.0936 0x43a4  UsoSvc - ok
12:33:27.0942 0x43a4  VaultSvc - ok
12:33:27.0948 0x43a4  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
12:33:27.0949 0x43a4  vdrvroot - ok
12:33:27.0952 0x43a4  vds - ok
12:33:27.0954 0x43a4  VerifierExt - ok
12:33:27.0975 0x43a4  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
12:33:27.0987 0x43a4  vhdmp - ok
12:33:27.0993 0x43a4  vhf - ok
12:33:28.0000 0x43a4  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
12:33:28.0005 0x43a4  vmbus - ok
12:33:28.0010 0x43a4  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
12:33:28.0011 0x43a4  VMBusHID - ok
12:33:28.0015 0x43a4  vmicguestinterface - ok
12:33:28.0018 0x43a4  vmicheartbeat - ok
12:33:28.0022 0x43a4  vmickvpexchange - ok
12:33:28.0026 0x43a4  vmicrdv - ok
12:33:28.0030 0x43a4  vmicshutdown - ok
12:33:28.0033 0x43a4  vmictimesync - ok
12:33:28.0039 0x43a4  vmicvmsession - ok
12:33:28.0041 0x43a4  vmicvss - ok
12:33:28.0046 0x43a4  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
12:33:28.0048 0x43a4  volmgr - ok
12:33:28.0051 0x43a4  volmgrx - ok
12:33:28.0062 0x43a4  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
12:33:28.0067 0x43a4  volsnap - ok
12:33:28.0070 0x43a4  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
12:33:28.0071 0x43a4  vpci - ok
12:33:28.0076 0x43a4  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
12:33:28.0078 0x43a4  vsmraid - ok
12:33:28.0080 0x43a4  VSS - ok
12:33:28.0086 0x43a4  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
12:33:28.0090 0x43a4  VSTXRAID - ok
12:33:28.0093 0x43a4  vwifibus - ok
12:33:28.0095 0x43a4  vwififlt - ok
12:33:28.0098 0x43a4  vwifimp - ok
12:33:28.0101 0x43a4  W32Time - ok
12:33:28.0105 0x43a4  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
12:33:28.0106 0x43a4  WacomPen - ok
12:33:28.0108 0x43a4  WalletService - ok
12:33:28.0110 0x43a4  wanarp - ok
12:33:28.0111 0x43a4  wanarpv6 - ok
12:33:28.0113 0x43a4  wbengine - ok
12:33:28.0115 0x43a4  WbioSrvc - ok
12:33:28.0117 0x43a4  Wcmsvc - ok
12:33:28.0119 0x43a4  wcncsvc - ok
12:33:28.0124 0x43a4  WcsPlugInService - ok
12:33:28.0126 0x43a4  WdBoot - ok
12:33:28.0128 0x43a4  Wdf01000 - ok
12:33:28.0129 0x43a4  WdFilter - ok
12:33:28.0132 0x43a4  WdiServiceHost - ok
12:33:28.0133 0x43a4  WdiSystemHost - ok
12:33:28.0135 0x43a4  wdiwifi - ok
12:33:28.0139 0x43a4  WdNisDrv - ok
12:33:28.0141 0x43a4  WdNisSvc - ok
12:33:28.0143 0x43a4  WebClient - ok
12:33:28.0145 0x43a4  Wecsvc - ok
12:33:28.0147 0x43a4  WEPHOSTSVC - ok
12:33:28.0149 0x43a4  wercplsupport - ok
12:33:28.0151 0x43a4  WerSvc - ok
12:33:28.0155 0x43a4  WFPLWFS - ok
12:33:28.0157 0x43a4  WiaRpc - ok
12:33:28.0159 0x43a4  WIMMount - ok
12:33:28.0160 0x43a4  WinDefend - ok
12:33:28.0165 0x43a4  WindowsTrustedRT - ok
12:33:28.0167 0x43a4  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
12:33:28.0168 0x43a4  WindowsTrustedRTProxy - ok
12:33:28.0170 0x43a4  WinHttpAutoProxySvc - ok
12:33:28.0173 0x43a4  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
12:33:28.0173 0x43a4  WinMad - ok
12:33:28.0178 0x43a4  Winmgmt - ok
12:33:28.0180 0x43a4  WinRM - ok
12:33:28.0185 0x43a4  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
12:33:28.0187 0x43a4  WINUSB - ok
12:33:28.0191 0x43a4  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
12:33:28.0192 0x43a4  WinVerbs - ok
12:33:28.0194 0x43a4  WlanSvc - ok
12:33:28.0198 0x43a4  wlidsvc - ok
12:33:28.0200 0x43a4  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
12:33:28.0201 0x43a4  WmBEnum - ok
12:33:28.0204 0x43a4  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
12:33:28.0205 0x43a4  WmFilter - ok
12:33:28.0207 0x43a4  WmiAcpi - ok
12:33:28.0210 0x43a4  wmiApSrv - ok
12:33:28.0213 0x43a4  WMPNetworkSvc - ok
12:33:28.0216 0x43a4  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
12:33:28.0217 0x43a4  WmVirHid - ok
12:33:28.0220 0x43a4  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
12:33:28.0221 0x43a4  WmXlCore - ok
12:33:28.0226 0x43a4  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
12:33:28.0229 0x43a4  Wof - ok
12:33:28.0232 0x43a4  workfolderssvc - ok
12:33:28.0234 0x43a4  wpcfltr - ok
12:33:28.0237 0x43a4  WPDBusEnum - ok
12:33:28.0241 0x43a4  WpdUpFltr - ok
12:33:28.0243 0x43a4  WpnService - ok
12:33:28.0245 0x43a4  ws2ifsl - ok
12:33:28.0247 0x43a4  wscsvc - ok
12:33:28.0249 0x43a4  WSearch - ok
12:33:28.0252 0x43a4  WSService - ok
12:33:28.0254 0x43a4  wuauserv - ok
12:33:28.0256 0x43a4  WudfPf - ok
12:33:28.0258 0x43a4  WUDFRd - ok
12:33:28.0260 0x43a4  wudfsvc - ok
12:33:28.0262 0x43a4  WUDFWpdFs - ok
12:33:28.0264 0x43a4  WUDFWpdMtp - ok
12:33:28.0266 0x43a4  WwanSvc - ok
12:33:28.0268 0x43a4  XblAuthManager - ok
12:33:28.0270 0x43a4  XblGameSave - ok
12:33:28.0276 0x43a4  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
12:33:28.0279 0x43a4  xboxgip - ok
12:33:28.0281 0x43a4  XboxNetApiSvc - ok
12:33:28.0283 0x43a4  [ DBACD4E4FE191D0CE7C624ACA389535E, A706DA0A284398E80AEB6FBE1B5F6C3192C3F4D1C1B7533528D689D163374DDF ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
12:33:28.0284 0x43a4  xinputhid - ok
12:33:28.0289 0x43a4  [ 47E1337B1538390895E035DFF91E0FD1, FC47D47607B8027067C14EBF106B40569C09375F9482570053BD189D56E9BD2E ] xusb22          C:\WINDOWS\System32\drivers\xusb22.sys
12:33:28.0290 0x43a4  xusb22 - ok
12:33:28.0349 0x43a4  [ 8BA550098E9A09FA934C05F0CF9D5857, EF105D2A1FEEF7F3253810F0CF4694E2668CE9964BD528F10BBCCE02CA7F3485 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:33:28.0389 0x43a4  ZeroConfigService - ok
12:33:28.0399 0x43a4  [ AD14E5E2CDD37C49EC2EDE55211D201B, 29176FC7C3ACA060E34434DB1F032D558A1B3C9FEDFF41A15D470D2532A08ED3 ] _hid_0738_1708  C:\WINDOWS\system32\DRIVERS\_hid_0738_1708.sys
12:33:28.0402 0x43a4  _hid_0738_1708 - ok
12:33:28.0404 0x43a4  [ 2ED1AB13F7D7C363FE48EEF40BFA9F64, E19C23C7A831F5D4A035A081AC6A60D35683FA58C1F0F16FC5309B039D1CA7C9 ] _usb_0738_1708  C:\WINDOWS\System32\drivers\_usb_0738_1708.sys
12:33:28.0405 0x43a4  _usb_0738_1708 - ok
12:33:28.0406 0x43a4  ================ Scan global ===============================
12:33:28.0411 0x43a4  [ Global ] - ok
12:33:28.0411 0x43a4  ================ Scan MBR ==================================
12:33:28.0412 0x43a4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:33:28.0417 0x43a4  \Device\Harddisk0\DR0 - ok
12:33:28.0439 0x43a4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:33:28.0443 0x43a4  \Device\Harddisk1\DR1 - ok
12:33:28.0463 0x43a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
12:33:28.0467 0x43a4  \Device\Harddisk2\DR2 - ok
12:33:28.0469 0x43a4  [ DD7C678D1AF9313CDC826A92A3DA110C ] \Device\Harddisk3\DR3
12:33:28.0553 0x43a4  \Device\Harddisk3\DR3 - ok
12:33:28.0554 0x43a4  ================ Scan VBR ==================================
12:33:28.0559 0x43a4  [ 9BC7D83A23CC64405ACB03F468C4F069 ] \Device\Harddisk0\DR0\Partition1
12:33:28.0560 0x43a4  \Device\Harddisk0\DR0\Partition1 - ok
12:33:28.0564 0x43a4  [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
12:33:28.0564 0x43a4  \Device\Harddisk0\DR0\Partition2 - ok
12:33:28.0568 0x43a4  [ 87553464D334BC03F8691C1D2E870E93 ] \Device\Harddisk0\DR0\Partition3
12:33:28.0569 0x43a4  \Device\Harddisk0\DR0\Partition3 - ok
12:33:28.0573 0x43a4  [ 866E0DA1E50E45D76F1FC05B83256537 ] \Device\Harddisk0\DR0\Partition4
12:33:28.0575 0x43a4  \Device\Harddisk0\DR0\Partition4 - ok
12:33:28.0577 0x43a4  [ 2ABC35F5E71BDD4991A10F58B6FA882F ] \Device\Harddisk0\DR0\Partition5
12:33:28.0578 0x43a4  \Device\Harddisk0\DR0\Partition5 - ok
12:33:28.0582 0x43a4  [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk1\DR1\Partition1
12:33:28.0582 0x43a4  \Device\Harddisk1\DR1\Partition1 - ok
12:33:28.0586 0x43a4  [ A7357CE2A4678C2B3396F0505462FA0F ] \Device\Harddisk1\DR1\Partition2
12:33:28.0628 0x43a4  \Device\Harddisk1\DR1\Partition2 - ok
12:33:28.0630 0x43a4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
12:33:28.0630 0x43a4  \Device\Harddisk2\DR2\Partition1 - ok
12:33:28.0631 0x43a4  [ B1258391839E079EA15BDA9FE9A7679B ] \Device\Harddisk2\DR2\Partition2
12:33:28.0692 0x43a4  \Device\Harddisk2\DR2\Partition2 - ok
12:33:28.0714 0x43a4  [ 21F0FE068C852DA552448813B1999C52 ] \Device\Harddisk2\DR2\Partition3
12:33:28.0722 0x43a4  \Device\Harddisk2\DR2\Partition3 - ok
12:33:28.0728 0x43a4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk3\DR3\Partition1
12:33:28.0733 0x43a4  \Device\Harddisk3\DR3\Partition1 - ok
12:33:28.0733 0x43a4  ================ Scan generic autorun ======================
12:33:28.0737 0x43a4  [ E4E3D8C310A0DE09B77C0F131CDF6246, 97B4A5D7D743B2EDAC1FD76B46219041E1F085BF72DDD7002DE4B6A4FF6987EB ] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe
12:33:28.0738 0x43a4  Command Center Controllers - ok
12:33:28.0743 0x43a4  [ BAEDADCD6509201F82CE5B404AB14814, 8C39C18CE00DB254F370D9C4AA80E88BF67C457240F3D30A58E39DBF9B96F44B ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
12:33:28.0745 0x43a4  IAStorIcon - ok
12:33:28.0789 0x43a4  [ BC293F3C9621D40E1924A5715417F77C, 3EB1B0040566CE0DBA3FC65C5005B0F1E79BE9AB39CAD1398A45AAC3AB7AD733 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
12:33:28.0823 0x0e7c  Object send P2P result: true
12:33:28.0823 0x0e7c  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
12:33:28.0832 0x43a4  NvBackend - ok
12:33:28.0839 0x43a4  [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
12:33:28.0841 0x43a4  iTunesHelper - ok
12:33:28.0885 0x43a4  [ 948EB9C552C05DF39F79587E6979D9F5, 402B155395C32005A8D78C8B0F00F2391542CB41188AF944FF17ADE6BE97A62D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
12:33:28.0918 0x43a4  EvtMgr6 - ok
12:33:28.0922 0x43a4  ShadowPlay - ok
12:33:28.0931 0x43a4  [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
12:33:28.0936 0x43a4  Start WingMan Profiler - ok
12:33:28.0956 0x43a4  [ 6EE3715365088DEA045C3435980D7898, 188882D7C2385DDAAD2C717A2198BF8B23C6BF772D96912FEF3CAF72D8442E7B ] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
12:33:28.0971 0x43a4  ProfilerU - ok
12:33:28.0981 0x43a4  [ 7AB0F78E4A11AA37B1E58F613F4164F6, FF6238EAACBF0F50889BE964C8DA0D715B5975351F87EB97A3C90F810DB09734 ] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
12:33:28.0986 0x43a4  SaiMfd - ok
12:33:28.0992 0x43a4  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
12:33:28.0996 0x43a4  UpdReg - ok
12:33:29.0034 0x43a4  [ F85C8852B663E1D1A69E9A59677AD393, 7065140F76ED16A760E6AC6386C47AD27A09CDAFD889DAA07A726819FDCAF34F ] c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
12:33:29.0064 0x43a4  Sound Blaster Recon3Di SBX Control Panel - ok
12:33:29.0106 0x43a4  [ 81842625465D708AFAF95DBCB2833B67, A4D69205D34DA7C83C47BFA7C959F2703B44A5D4F16C8093B4CF5AAA1CBECC54 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
12:33:29.0134 0x43a4  KeePass 2 PreLoad - ok
12:33:29.0185 0x43a4  [ 661A772B7324A1163F3AB48BEC8E2665, 305ED0391BBCD835F503FBA498F96AC5894A33D40E53F0C539F811C249492012 ] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
12:33:29.0202 0x43a4  DBAgent - ok
12:33:29.0266 0x43a4  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
12:33:29.0311 0x43a4  SDTray - ok
12:33:29.0340 0x43a4  OneDriveSetup - ok
12:33:29.0342 0x43a4  OneDriveSetup - ok
12:33:29.0362 0x43a4  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe
12:33:29.0368 0x43a4  OneDrive - ok
12:33:29.0372 0x43a4  [ 0FC461D717D7BB1B3C65C061F8E12DEE, 3D0C475AC0F40E99480B5DDD6A540D646ECCA2E5467D631024A5F10811F6B0A7 ] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
12:33:29.0374 0x43a4  Uploader - ok
12:33:29.0397 0x43a4  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
12:33:29.0409 0x43a4  SpybotPostWindows10UpgradeReInstall - ok
12:33:29.0414 0x43a4  [ 5D47E37C1E1F03C1E7E8DCEDD4A4BCDF, 72F9675AEA8ED5ACF19161E8FDD481460BE158A65EF2B998AE4E93A7804B2172 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
12:33:29.0415 0x43a4  iCloudServices - ok
12:33:29.0421 0x43a4  [ 8C5A712AA2C4A0F106965D199D8B73B8, AED43CD6E85CC92AD72AE344842F47E39E288BEC78168CBF8BB6A6B9105FBFB8 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
12:33:29.0424 0x43a4  iCloudDrive - ok
12:33:29.0442 0x43a4  [ A71A3361AE28DDA0F016B9E72D0FD770, F10B3D5621B20DBBB7F28EB1A59107F10C700D1CE522D926924792BE7D6ECA54 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
12:33:29.0454 0x43a4  AppleIEDAV - ok
12:33:29.0475 0x43a4  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Amy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
12:33:29.0484 0x43a4  OneDrive - ok
12:33:29.0485 0x43a4  Waiting for KSN requests completion. In queue: 189
12:33:29.0583 0x15ac  Object send P2P result: true
12:33:30.0486 0x43a4  Waiting for KSN requests completion. In queue: 168
12:33:31.0278 0x0e7c  Object send P2P result: true
12:33:31.0486 0x43a4  Waiting for KSN requests completion. In queue: 158
12:33:31.0898 0x38f4  Object required for P2P: [ B3C3841A4A46B88E394C66FDDD786F71 ] N360
12:33:32.0487 0x43a4  Waiting for KSN requests completion. In queue: 142
12:33:33.0487 0x43a4  Waiting for KSN requests completion. In queue: 142
12:33:34.0376 0x38f4  Object send P2P result: true
12:33:34.0379 0x38f4  Object required for P2P: [ 597C022F2A7E5D31ED3BAD18C75D5552 ] nvlddmkm
12:33:34.0487 0x43a4  Waiting for KSN requests completion. In queue: 125
12:33:35.0488 0x43a4  Waiting for KSN requests completion. In queue: 125
12:33:36.0488 0x43a4  Waiting for KSN requests completion. In queue: 125
12:33:36.0880 0x38f4  Object send P2P result: true
12:33:36.0887 0x38f4  Object required for P2P: [ 38885AE14957B271496CD7DA19CF2697 ] nvsvc
12:33:37.0489 0x43a4  Waiting for KSN requests completion. In queue: 118
12:33:38.0489 0x43a4  Waiting for KSN requests completion. In queue: 118
12:33:39.0358 0x38f4  Object send P2P result: true
12:33:39.0365 0x38f4  Object required for P2P: [ EC8538693C84E5B85014CB0F4174A8B7 ] SymIRON
12:33:39.0489 0x43a4  Waiting for KSN requests completion. In queue: 70
12:33:40.0490 0x43a4  Waiting for KSN requests completion. In queue: 70
12:33:41.0490 0x43a4  Waiting for KSN requests completion. In queue: 70
12:33:41.0829 0x38f4  Object send P2P result: true
12:33:41.0834 0x38f4  Object required for P2P: [ A71A3361AE28DDA0F016B9E72D0FD770 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
12:33:42.0491 0x43a4  Waiting for KSN requests completion. In queue: 1
12:33:43.0491 0x43a4  Waiting for KSN requests completion. In queue: 1
12:33:44.0303 0x38f4  Object send P2P result: true
12:33:44.0511 0x43a4  AV detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51000 ( enabled : updated )
12:33:44.0512 0x43a4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
12:33:44.0512 0x43a4  FW detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51010 ( enabled )
12:33:46.0902 0x43a4  ============================================================
12:33:46.0902 0x43a4  Scan finished
12:33:46.0902 0x43a4  ============================================================
12:33:46.0912 0x3ca0  Detected object count: 0
12:33:46.0912 0x3ca0  Actual detected object count: 0
12:33:52.0656 0x3e0c  Deinitialize success
 
========= End of CMD: =========
 
 
========================= File: C:\TDSSKiller.3.1.0.9_12.03.2016_12.32.36_log.txt ========================
 
File not signed
MD5: 415EACFCECD5CA3D90B15C8D8F655746
Creation and modification date: 2016-03-12 12:32 - 2016-03-12 12:33
Size: 0174226
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
 
The system needed a reboot.
 

==== End of Fixlog 17:45:29 ====

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by John (administrator) on 13-03-2016 at 18:06:20
Running from "C:\Users\John\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Alienware Area-51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15472 entries.
 
========================= IP Configuration: ================================
 
Killer e2200 Gigabit Ethernet Controller = Ethernet (Connected)
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled mtu=1380 nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled mtu=1380 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled mtu=1380 nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AlienTastic
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 4C-EB-42-E5-CD-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 4C-EB-42-E5-CD-ED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : F8-B1-56-FF-60-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4d13:9628:c314:b32d%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 13 March 2016 17:46:35
   Lease Expires . . . . . . . . . . : 14 March 2016 17:46:32
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 167293270
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-0A-84-02-F8-B1-56-FF-60-55
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 4C-EB-42-E5-CD-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c8a:3332:3f57:fee9(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2c8a:3332:3f57:fee9%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 402653184
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-0A-84-02-F8-B1-56-FF-60-55
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{E1E82B1A-D9D3-4F8E-B066-D5AB0556C755}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:4009:810::200e
 216.58.213.142
 
 
Pinging google.com [216.58.213.142] with 32 bytes of data:
Reply from 216.58.213.142: bytes=32 time=29ms TTL=53
Reply from 216.58.213.142: bytes=32 time=22ms TTL=53
 
Ping statistics for 216.58.213.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 29ms, Average = 25ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=157ms TTL=48
Reply from 98.138.253.109: bytes=32 time=149ms TTL=48
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 149ms, Maximum = 157ms, Average = 153ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...4c eb 42 e5 cd ec ......Intel® Dual Band Wireless-AC 7260
  8...4c eb 42 e5 cd ed ......Microsoft Wi-Fi Direct Virtual Adapter
 11...f8 b1 56 ff 60 55 ......Killer e2200 Gigabit Ethernet Controller
  6...4c eb 42 e5 cd f0 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.22     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.22    276
     192.168.1.22  255.255.255.255         On-link      192.168.1.22    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.22    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.22    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.22    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6abd:2c8a:3332:3f57:fee9/128
                                    On-link
 11    276 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::2c8a:3332:3f57:fee9/128
                                    On-link
 11    276 fe80::4d13:9628:c314:b32d/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
**** End of log ****
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 02:05 PM

Hi John. My pleasure to work together with you on this.

Thanks for the detailed reply. Farbar must have changed the name of the ouptut file for MiniToolBar, thanks for letting me know.

Please do this.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Listparts report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 02:14 PM

Here you go Gary...

 

ListParts by Farbar Version: 31-07-2014
Ran by John (administrator) on 13-03-2016 at 19:11:20
WIN_81 (X64)
Running From: C:\Users\John\Desktop
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 30%
Total physical RAM: 16271.54 MB
Available physical RAM: 11292.27 MB
Total Pagefile: 18703.54 MB
Available Pagefile: 12892.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB
 
======================= Partitions =========================
 
1 Drive c: (OS) (Fixed) (Total:105.04 GB) (Free:27.14 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1557.08 GB) NTFS
4 Drive f: (WD) (Fixed) (Total:931.51 GB) (Free:931.26 GB) NTFS
5 Drive g: (Seagate1) (Fixed) (Total:465.69 GB) (Free:465.49 GB) NTFS
6 Drive h: (Seagate2) (Fixed) (Total:465.69 GB) (Free:465.49 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          119 GB      0 B        *
  Disk 1    Online         1863 GB      0 B        *
  Disk 2    Online          931 GB  1024 KB        *
  Disk 3    Online          931 GB      0 B         
 
Partitions of Disk 0:
===============
 
 
Disk ID: {392BC0D1-48D6-495D-9B87-F2F64A6355AE}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             500 MB  1024 KB
  Partition 2    Reserved           128 MB   501 MB
  Partition 3    Primary            105 GB   629 MB
  Partition 4    Recovery           852 MB   105 GB
  Partition 5    Recovery            12 GB   106 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         ESP          FAT32  Partition    500 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 0
Partition 2
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 3
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    105 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 0
Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         WINRETOOLS   NTFS   Partition    852 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 5
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         Image        NTFS   Partition     12 GB  Healthy    Hidden  
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
 
Disk ID: {A29094C2-333B-40FD-8C7A-AD750ECEB217}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Reserved           128 MB  1024 KB
  Partition 2    Primary           1862 GB   129 MB
 
======================================================================================================
 
Disk: 1
Partition 1
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 1
Partition 2
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     D   DATA         NTFS   Partition   1862 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 2:
===============
 
 
Disk ID: {1EFB2AB5-A9E3-498F-A710-689F4C49FAF7}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Reserved           128 MB    17 KB
  Partition 2    Primary            465 GB   129 MB
  Partition 3    Primary            465 GB   465 GB
 
======================================================================================================
 
Disk: 2
Partition 1
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 2
Partition 2
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     G   Seagate1     NTFS   Partition    465 GB  Healthy            
 
======================================================================================================
 
Disk: 2
Partition 3
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     H   Seagate2     NTFS   Partition    465 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 3:
===============
 
 
Disk ID: 00000001
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary            931 GB      0 B
 
======================================================================================================
 
Disk: 3
There is no partition selected.
 
There is no partition selected.
Please select a partition and try again.
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: CD4D826D
 
Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: CD4D83BC
 
Partition : GPT Partition Type
==============================
Partitions of Disk 2:
===============
Disk ID: 00000000
 
Partition: GPT Partition Type.
 
==============================
Partitions of Disk 3:
===============
Disk ID: 73736572
Partition 1: (Not Active) - (Size=866 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=932 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00 ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)
 
 
****** End Of Log ****** 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 03:06 PM

Thanks John.

We are going to see if there is a backup of your Chrome Preferences file. We will poke around for Spybot leftovers as well.

Please do this.

===================================================

Unhide Files and Folders

--------------------
  • Click the Start button, then Control Panel
  • For Windows 8/10 right click on the Windows button and select Control Panel
  • Click Folder Options
  • Select the View Tab
  • Under the Hidden files and folders heading select Show hidden files, folders. and drives.
  • If checked, uncheck: Hide extensions for known file types
  • If checked, uncheck: Hide protected operating system files (Recommended) option

Unhide2.jpg

  • Select Yes on the warning screen to confirm the change

UnhideWarningScreen.jpg

  • Select OK
===================================================

Recovering Chrome Preference File Settings

--------------------
  • Right click on the Start button and select Open Windows Explorer
  • Navigate to the following location

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

  • Right click on the Preferences file in the right hand pane and select Restore previous versions
  • If a Previous Version is available prior to the onset of your symptoms select that version
  • Check to see if you get the corrupted Profile message again
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista and above:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*spybot*
:folderfind
*spybot*
:regfind
*spybot*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome results?
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 03:26 PM

Hey Gary,

 

No previous versions of Chrome preferences in there.

 

I've restarted Chrome a couple of times and there doesn't seem to be any messages for now.

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:18 on 13/03/2016 by John
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*spybot*"
C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-av-update.exe --a---- 542264 bytes [22:02 08/03/2016] [16:05 25/03/2015] B5457E15B904E9AD5245FD1536C7D7C1
C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe --a---- 578056 bytes [22:02 08/03/2016] [09:57 20/05/2014] F10DC0556BDF4AF01E76A54980C871CF
C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe --a---- 250744 bytes [22:02 08/03/2016] [00:00 25/08/2014] 20126C09FAD8F8C1EE2056095D9029D6
C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe --a---- 246160 bytes [22:02 08/03/2016] [00:00 01/10/2014] E1E4DB780571A82DF922F878641016E1
C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-windows-upgrade-installer.exe --a---- 1778776 bytes [22:02 08/03/2016] [16:41 28/07/2015] 9DF4BD88C9DE41ACEEF155BB50295DEE
C:\Users\John\AppData\Roaming\Microsoft\HTML Help\Spybot2.chw --a---- 15540 bytes [22:05 08/03/2016] [22:05 08/03/2016] 7118AEAE65165E67252629D3BB8BCCC4
C:\Windows\System32\winevt\Logs\Spybot - Search and Destroy.evtx --a--c- 69632 bytes [22:01 08/03/2016] [21:09 11/03/2016] A55FE49683C29388694AF6AC8D49B480
C:\Windows\Temp\TSpybotUpdaterThread.log --a---- 349 bytes [23:56 12/03/2016] [23:56 12/03/2016] 8D75D580E4E674EDE4DF01C85F740CFC
 
========== folderfind ==========
 
Searching for "*spybot*"
C:\Program Files\Common Files\AV\Spybot - Search and Destroy d------ [22:02 08/03/2016]
C:\Program Files (x86)\Spybot - Search & Destroy 2 d-a---- [22:01 08/03/2016]
C:\ProgramData\Spybot - Search & Destroy d------ [22:01 08/03/2016]
C:\Users\All Users\Spybot - Search & Destroy d------ [22:01 08/03/2016]
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy d------ [22:01 08/03/2016]
 
========== regfind ==========
 
Searching for "*spybot*"
No data found.
 
-= EOF =-


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 03:36 PM

Hi John,

Very good, we will monitor Chrome while we continue to do some work.

Please do this.

===================================================

Hiding Hidden Files and Folders

-------------------
  • Click Start, Control Panel (or Settings then Control Panel), then select Folder Options
  • For Windows 8/10 right click on the Windows button and select Control Panel
  • Select the View Tab
  • Under the Hidden files and folders heading, uncheck Show hidden files and folders
  • Check: Hide extensions for known file types and check the Hide protected operating system files (recommended) option

hidefilesandfolders.jpg

  • Click Yes to confirm, then OK
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\John\AppData\Roaming\Microsoft\HTML Help\Spybot2.chw
C:\Windows\System32\winevt\Logs\Spybot - Search and Destroy.evtx
C:\Windows\Temp\TSpybotUpdaterThread.log
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C:\ProgramData\Spybot - Search & Destroy
C:\Users\All Users\Spybot - Search & Destroy
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 04:13 PM

Hey Gary,

 

The Spybot message to re-install after a Windows 10 upgrade did not appear after reboot.

 

Here is the FRST Fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by John (2016-03-13 20:54:19) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Amy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\John\AppData\Roaming\Microsoft\HTML Help\Spybot2.chw
C:\Windows\System32\winevt\Logs\Spybot - Search and Destroy.evtx
C:\Windows\Temp\TSpybotUpdaterThread.log
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C:\ProgramData\Spybot - Search & Destroy
C:\Users\All Users\Spybot - Search & Destroy
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy
emptytemp:
*****************
 
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\Users\John\AppData\Roaming\Microsoft\HTML Help\Spybot2.chw => moved successfully
C:\Windows\System32\winevt\Logs\Spybot - Search and Destroy.evtx => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"C:\Users\All Users\Spybot - Search & Destroy" => not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy => moved successfully
EmptyTemp: => 711 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:54:31 ====
 
 
I will run the ESET scanner tomorrow evening after work.  As it might run for a few hours and it's currently just after 9pm in sunny Scotland, that's probably a good idea!
 
If there is anything else I can do out of the sequence you have given, I can do that now if you like.   Otherwise, thanks very much again, I'll report back tomorrow after the scan.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 04:54 PM

Scotland! I love Scotland.....

You can run the Security Check now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 13 March 2016 - 04:59 PM

Great, here's the Checkup.txt contents...

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360 Premier   
Windows Defender     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 Alienware Command Center ThermalsWindowsService.exe  
 Alienware Command Center ThermalController.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 13 March 2016 - 05:03 PM

That looks great. I was going to suggest we monitor your computer for a day or so to make sure everything is stable. So delaying the ESET until tomorrow works perfectly.

I look forward to getting an update. Have a nice evening and we will touch base tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 14 March 2016 - 03:49 PM

Hey Gary,

 

ESET Online Scanner hasn't found any threats, all good  :thumbup2:

 

Nothing unusual happening on the pc this evening, but I've had minimal use whilst the scanner was running.  I just left it alone.

 

Norton has repeatedly blocked unauthorised access, not sure if this is relevant or not...

 

 

Unauthorized access blocked (Access Process Data).

No action required.

Actor: C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

Target: C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe

Target PID: 3048

 

 

I've had a look online and by all accounts the wmiprvse.exe file is a safe Windows process.  But, there is also mention that a virus could mask itself as that file dependant on where it is, specifically within the system32 foler.

 

At the moment in task manager, there are three instances of the file running.  Each has a 'user name' of System, Network Service, Local Service.

 

Again, not sure if it's relevant, but thought I'd mention it.



#14 Jackkane

Jackkane
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 14 March 2016 - 04:02 PM

I've also just noticed inside task manager's startup programmes that 'Test' is starting up.  There are no publisher details and when right clicking it, the only options are 'disable' and 'search online'.  'Properties is greyed out.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 14 March 2016 - 06:04 PM

That should be a legitimate file but we can double check before making it an exclusion.

Please do these things.
===================================================

Task Manager Startup Entry Information - Windows 10

--------------------
  • Right click on the Task Bar at the bottom of the screen and select Task Manager
  • Right click on Name and place a check mark on Command Line
  • Locate Test under the Name column
  • Provide the information listed under Command line
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Command line information
  • Virustotal link

Edited by Oh My!, 14 March 2016 - 07:17 PM.
Modified instructions

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users