Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP says Possible Alureon/TDSS, fake adobe flash download pop-up today


  • This topic is locked This topic is locked
21 replies to this topic

#1 jksmith

jksmith

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 29 March 2016 - 12:19 PM

Hello,

I originally posted in the Am I infected forum here. Last Monday, 3/21 my ISP cox communications sent me an email stating that I may be infected with Alureon/TDSS. I called 3 times and did everything they suggested. I ran MalewareBytes, Norton Power Eraser, Microsoft Safety Scanner, TDSSKiller, and Roguekiller. Plus my usual real time scanning Antivirus- MCafee Security suite.

 

Today while on my local news website, another window suddenly opened and contained a fake adobe flash update. I noticed right away because I hadn't clicked anything and it even appeared to take me to a different website. The domain was aaliyamericanapparel.com. I immediately shut down the fake installer and pressed the back button which took me back to the news article I was reading.

 

I have 1 desktop and another laptop that needs checking. My desktop also has a seagate external harddrive connected to it which is holding my backed up photos. Here is the Farbar scan for the desktop.....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by smithfamily (administrator) on JNK-PC (29-03-2016 11:37:12)
Running from C:\Users\smithfamily\Downloads
Loaded Profiles: smithfamily (Available Profiles: smithfamily)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Pokki) C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Pokki) C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Pokki) C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13654744 2013-09-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7d0a7f7-5876-4b87-b325-f7599b47dca3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> DefaultScope {421510FD-B576-11E4-8299-F80F41B5EF73} URL =
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> {66E603D5-98AB-4658-B128-1D44D4734348} URL =
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Profiles\zhzbn8vd.default-1446481634122
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-454114346-3557102269-332868837-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\smithfamily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-23] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Profiles\zhzbn8vd.default-1446481634122\searchplugins\McSiteAdvisor.xml [2016-03-19]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2015-12-20] (CPUID)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-28] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 11:37 - 2016-03-29 11:38 - 00020204 _____ C:\Users\smithfamily\Downloads\FRST.txt
2016-03-29 11:35 - 2016-03-29 11:37 - 00000000 ____D C:\FRST
2016-03-29 11:34 - 2016-03-29 11:34 - 02374144 _____ (Farbar) C:\Users\smithfamily\Downloads\FRST64.exe
2016-03-28 20:02 - 2016-03-28 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-28 11:22 - 2016-03-28 11:22 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-28 11:21 - 2016-03-28 12:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-28 11:20 - 2016-03-28 11:20 - 19655240 _____ C:\Users\smithfamily\Downloads\RogueKiller.exe
2016-03-25 08:50 - 2016-03-25 08:50 - 00000000 ____H C:\Users\smithfamily\Documents\Default.rdp
2016-03-23 21:32 - 2016-03-23 21:34 - 00000000 ____D C:\Users\smithfamily\Documents\Nancydrewgames
2016-03-23 21:21 - 2016-03-23 21:22 - 00000000 ____D C:\Users\smithfamily\Documents\SG-Classes
2016-03-23 21:18 - 2016-03-23 21:18 - 00000000 ____D C:\Users\smithfamily\Downloads\PhotoArrangementReplayClass
2016-03-23 15:25 - 2016-03-23 13:42 - 00001102 _____ C:\WINDOWS\ntbtlog.txt
2016-03-23 15:23 - 2016-03-23 15:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-23 15:21 - 2016-03-23 15:21 - 00000000 ____D C:\WINDOWS\pss
2016-03-23 08:39 - 2016-03-23 15:26 - 00000000 ____D C:\NPE
2016-03-23 08:38 - 2016-03-23 15:32 - 00000000 ____D C:\Users\smithfamily\AppData\Local\NPE
2016-03-23 08:38 - 2016-03-23 08:38 - 03088296 _____ (Symantec Corporation) C:\Users\smithfamily\Downloads\NPE.exe
2016-03-22 09:17 - 2016-03-23 11:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 09:17 - 2016-03-22 09:17 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 09:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 09:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 09:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 09:15 - 2016-03-22 09:16 - 22851472 _____ (Malwarebytes ) C:\Users\smithfamily\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-22 08:12 - 2016-03-22 08:13 - 00264038 _____ C:\TDSSKiller.3.1.0.9_22.03.2016_08.12.25_log.txt
2016-03-22 08:11 - 2016-03-22 08:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\smithfamily\Downloads\tdsskiller.exe
2016-03-21 23:11 - 2016-03-21 23:11 - 139756304 _____ (Microsoft Corporation) C:\Users\smithfamily\Downloads\msert.exe
2016-03-20 02:24 - 2016-03-20 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 16:36 - 2016-03-19 16:36 - 00000000 ____D C:\Users\smithfamily\Documents\BiblioplanForFamilies
2016-03-19 16:35 - 2016-03-25 08:58 - 00000000 ____D C:\Users\smithfamily\AppData\Local\ElevatedDiagnostics
2016-03-19 09:19 - 2016-03-22 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 08:07 - 2016-03-18 08:07 - 00591144 _____ ( ) C:\Users\smithfamily\Downloads\DocXViewerSetup1.2.exe
2016-03-18 08:07 - 2016-03-18 08:07 - 00000707 _____ C:\Users\Public\Desktop\DocX Viewer.lnk
2016-03-18 08:07 - 2016-03-18 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epingsoft
2016-03-18 08:07 - 2016-03-18 08:07 - 00000000 ____D C:\epingsoft
2016-03-09 08:14 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 08:14 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 08:14 - 2016-02-24 04:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 08:14 - 2016-02-24 04:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 08:14 - 2016-02-24 04:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 08:14 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 08:14 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 08:14 - 2016-02-24 04:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 08:14 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 08:14 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 08:14 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 08:14 - 2016-02-24 03:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 08:14 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 08:14 - 2016-02-24 03:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 08:14 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 08:14 - 2016-02-24 03:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 08:14 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 08:14 - 2016-02-24 03:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 08:14 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 08:14 - 2016-02-24 03:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 08:14 - 2016-02-24 03:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 08:14 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 08:14 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 08:14 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 08:14 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 08:14 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 08:14 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 08:14 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 08:14 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 08:14 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 08:14 - 2016-02-24 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 08:14 - 2016-02-24 02:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 08:14 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 08:14 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 08:14 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 08:14 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 08:14 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 08:14 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 08:14 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 08:14 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 08:14 - 2016-02-24 01:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 08:14 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 08:14 - 2016-02-24 01:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 08:14 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 08:14 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 08:14 - 2016-02-24 01:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 08:14 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 08:14 - 2016-02-24 01:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 08:14 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 08:14 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 08:14 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 08:14 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 08:14 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 08:14 - 2016-02-24 01:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 08:14 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 08:14 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 08:14 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 08:14 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 08:14 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 08:14 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 08:14 - 2016-02-24 01:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 08:14 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 08:14 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 08:14 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 08:14 - 2016-02-24 01:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 08:14 - 2016-02-24 01:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 08:14 - 2016-02-24 01:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 08:14 - 2016-02-24 00:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 08:14 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 08:14 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 08:14 - 2016-02-24 00:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 08:14 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 08:14 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 08:14 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 08:14 - 2016-02-24 00:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 08:14 - 2016-02-24 00:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 08:14 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 08:14 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 08:14 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 08:14 - 2016-02-23 23:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 08:13 - 2016-02-24 04:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 08:13 - 2016-02-24 04:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 08:13 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 08:13 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 08:13 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 08:13 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 08:13 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 08:13 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 08:13 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 08:13 - 2016-02-24 02:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 08:13 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 08:13 - 2016-02-24 02:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 08:13 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 08:13 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 08:13 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 08:13 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 08:13 - 2016-02-24 02:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 08:13 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 08:13 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 08:13 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 08:13 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 08:13 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 08:13 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 08:13 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 08:13 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 08:13 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 08:13 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 08:13 - 2016-02-24 02:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 08:13 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 08:13 - 2016-02-24 02:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 08:13 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 08:13 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 08:13 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 08:13 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 08:13 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 08:13 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 08:13 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 08:13 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 08:13 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 08:13 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 08:13 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 08:13 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 08:13 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 08:13 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 08:13 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 08:13 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 08:13 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 08:13 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 08:13 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 08:13 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 08:13 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 08:13 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 08:13 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 08:13 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 08:13 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 08:13 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 08:13 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-05 14:38 - 2016-03-05 14:38 - 00002087 _____ C:\Users\Public\Desktop\Play The Deadly Device.lnk
2016-03-02 06:28 - 2016-03-02 06:28 - 25813732 _____ C:\Users\smithfamily\Downloads\KAagard_GnomeGarden.zip
2016-03-02 00:13 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 00:13 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 00:12 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 00:12 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 00:12 - 2016-02-23 06:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 00:12 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 00:12 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 00:12 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 00:12 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 00:12 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 00:12 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 00:12 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 00:12 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 00:12 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 00:12 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 00:12 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 00:12 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 00:12 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 00:12 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 00:12 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 00:12 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 00:12 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 00:12 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 00:12 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 00:12 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 00:12 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 00:12 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 00:12 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 00:12 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 00:12 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 00:12 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 00:12 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 00:12 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 00:12 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 00:12 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 00:12 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 00:12 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 00:12 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 00:12 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 00:12 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 00:12 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 00:12 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 00:12 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 00:12 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 00:12 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 00:12 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 00:12 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 00:12 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 00:12 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 00:12 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 00:12 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 00:12 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 00:12 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 00:12 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 00:12 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 00:12 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 00:12 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 00:12 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 00:12 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 00:12 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 00:12 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 00:12 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 00:12 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 00:12 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 00:12 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 00:12 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 00:12 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 00:12 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 00:12 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 00:12 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 00:12 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 00:12 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 00:12 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 00:12 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 00:12 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 00:12 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 00:12 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 00:12 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 00:12 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 00:12 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 00:12 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 00:12 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 00:12 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 00:12 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 00:12 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 00:12 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 00:12 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 00:12 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 00:11 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 00:11 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 00:11 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 00:11 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 00:11 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 00:11 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 00:11 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 00:11 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 00:11 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 00:11 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 00:11 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 00:11 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 00:11 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 00:11 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 00:11 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 00:11 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 00:11 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 00:11 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 00:11 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 00:11 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 00:11 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 00:11 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 00:11 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 00:11 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 00:11 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 00:11 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 00:11 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 00:11 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 00:11 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 00:11 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 00:11 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 00:11 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 00:11 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 00:11 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 00:11 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 00:11 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 00:11 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 00:11 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 00:11 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 00:11 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 00:11 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 00:11 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 00:11 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 00:11 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 00:11 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 00:11 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 00:11 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 00:11 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 00:11 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 00:11 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 00:11 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 00:11 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 00:11 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 00:11 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 00:11 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 00:11 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 00:11 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 00:11 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 00:11 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 11:22 - 2015-07-07 09:11 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-29 10:53 - 2014-04-26 18:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-29 08:04 - 2015-10-20 16:49 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DE234DC7-B1DB-4470-A481-73B0BE9678FD}
2016-03-29 03:50 - 2014-04-26 17:09 - 00000000 ____D C:\Users\smithfamily\AppData\Local\SweetLabs App Platform
2016-03-28 17:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-28 17:31 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-28 16:22 - 2015-07-07 09:11 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-28 05:56 - 2014-04-26 17:09 - 00000000 ____D C:\Users\smithfamily\AppData\Roaming\Adobe
2016-03-25 10:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-25 09:52 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-25 09:52 - 2015-09-12 08:15 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-25 09:47 - 2015-12-17 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-25 09:47 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-25 09:47 - 2015-09-12 08:26 - 00000000 __SHD C:\Users\smithfamily\IntelGraphicsProfiles
2016-03-25 09:46 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-25 08:14 - 2014-04-26 18:31 - 00001163 _____ C:\Users\smithfamily\Desktop\firefox.lnk
2016-03-24 08:53 - 2014-04-26 18:38 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-23 21:42 - 2015-09-17 07:47 - 00000000 ____D C:\Users\smithfamily\Documents\SG-SSCphotos
2016-03-23 21:37 - 2015-06-11 17:00 - 00000000 ____D C:\Users\smithfamily\Documents\Homeschool Resources
2016-03-23 09:14 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 08:38 - 2014-02-26 20:00 - 00000000 ____D C:\ProgramData\Norton
2016-03-22 09:42 - 2014-04-26 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-22 09:41 - 2015-12-17 04:36 - 00000000 ____D C:\Users\smithfamily
2016-03-20 02:24 - 2015-07-07 09:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-12 09:04 - 2014-04-26 18:25 - 00002507 _____ C:\Users\smithfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-03-12 04:22 - 2015-10-30 17:03 - 00003400 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-03-11 13:16 - 2015-09-12 08:33 - 00002421 _____ C:\Users\smithfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 13:16 - 2015-09-12 08:33 - 00000000 ___RD C:\Users\smithfamily\OneDrive
2016-03-10 03:34 - 2015-12-17 04:29 - 00308784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 11:36 - 2014-04-29 05:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 11:31 - 2014-04-29 05:04 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 02:12 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 02:12 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 14:38 - 2015-02-17 14:35 - 00001838 _____ C:\Users\Public\Desktop\Her Interactive.com.lnk
2016-03-05 14:22 - 2015-02-17 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive
2016-03-05 14:22 - 2015-02-17 14:29 - 00000000 ____D C:\Program Files (x86)\Her Interactive
2016-03-04 08:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-03 05:12 - 2014-04-26 17:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 03:32 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-03 03:32 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-03 03:32 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-29 10:24 - 2013-12-19 23:21 - 00000000 ____D C:\ProgramData\McAfee

==================== Files in the root of some directories =======

2014-05-01 12:07 - 2014-05-01 12:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-17 04:32 - 2015-12-17 04:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-26 17:22 - 2014-04-26 17:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\smithfamily\AppData\Local\Temp\dllnt_dump.dll
C:\Users\smithfamily\AppData\Local\Temp\oct80F.tmp.exe
C:\Users\smithfamily\AppData\Local\Temp\octDE98.tmp.exe
C:\Users\smithfamily\AppData\Local\Temp\octEB44.tmp.exe
C:\Users\smithfamily\AppData\Local\Temp\octFE0A.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-27 07:36

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 29 March 2016 - 12:29 PM

Malwarebytes scan logs

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Remediation Database, 2016.2.12.1, 2016.3.18.1,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Domain Database, 2016.2.16.8, 2016.3.21.11,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Malware Database, 2016.2.16.6, 2016.3.22.6,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
Scan, 3/22/2016 9:41 AM, SYSTEM, JNK-PC, Manual, Start:3/22/2016 9:18 AM, Duration:22 min 1 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections,

(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/22/2016
Scan Time: 9:18 AM
Logfile: malwarebytes2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.22.06
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: smithfamily

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421701
Time Elapsed: 22 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{421510FD-B576-11E4-8299-F80F41B5EF73}, Quarantined, [418da5e50792d66038c04ec88a7a1fe1],

Registry Values: 4
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{421510FD-B576-11E4-8299-F80F41B5EF73}|FaviconURL, http://homepage-web.com/favicon.ico, Quarantined, [418da5e50792d66038c04ec88a7a1fe1]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{421510FD-B576-11E4-8299-F80F41B5EF73}|FaviconURLFallback, http://homepage-web.com/favicon.ico, Quarantined, [a22c6426f1a8e353728665b1d0349967]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{421510FD-B576-11E4-8299-F80F41B5EF73}|TopResultURL, http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, Quarantined, [3698ff8bd2c7f64064941df98e76ff01]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{421510FD-B576-11E4-8299-F80F41B5EF73}|URL, http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, Quarantined, [428c6e1ca3f65adc08f048ce27ddb050]

Registry Data: 1
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://homepage-web.com/?s=acer&m=start, Good: (www.google.com), Bad: (http://homepage-web.com/?s=acer&m=start),Replaced,[6f5fa4e6fb9e072f3f93021fc0457a86]

Folders: 6
PUP.Optional.iWin, C:\ProgramData\iWin Games, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\drm, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\drm\data, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\chrome, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\opal, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],

Files: 10
PUP.Optional.WebSearch, C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Profiles\zhzbn8vd.default-1446481634122\searchplugins\Web Search.xml, Quarantined, [fad4741659403ff735a7310a20e4e41c],
PUP.Optional.iWin, C:\ProgramData\iWin Games\ftstart.dat, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\chrome.manifest, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\install.rdf, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\iWinArcadeLauncher.exe, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\version, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\firefox\chrome\iwinarcade.jar, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\opal\Flash.ocx, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\opal\FlashPlayerControl.dll, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],
PUP.Optional.iWin, C:\ProgramData\iWin Games\opal\opal.ver, Quarantined, [4e8037533b5e0630cfd2fa0635cee11f],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/23/2016
Scan Time: 9:40 AM
Logfile: malwarebytes3.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.23.03
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: smithfamily

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 453106
Time Elapsed: 1 hr, 22 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/23/2016 9:40 AM, SYSTEM, JNK-PC, Manual, Domain Database, 2016.3.21.11, 2016.3.23.2,
Update, 3/23/2016 9:40 AM, SYSTEM, JNK-PC, Manual, Malware Database, 2016.3.22.6, 2016.3.23.3,
Scan, 3/23/2016 11:03 AM, SYSTEM, JNK-PC, Manual, Start:3/23/2016 9:40 AM, Duration:1 hr 22 min 55 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 3/23/2016 11:08 AM, SYSTEM, JNK-PC, Manual, Domain Database, 2016.3.23.2, 2016.3.23.3,
Update, 3/23/2016 11:08 AM, SYSTEM, JNK-PC, Manual, Malware Database, 2016.3.23.3, 2016.3.23.4,
Scan, 3/23/2016 3:09 PM, SYSTEM, JNK-PC, Manual, Start:3/23/2016 11:08 AM, Duration:4 hr 0 min 41 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/23/2016
Scan Time: 11:08 AM
Logfile: malewarebytes5.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.23.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: smithfamily

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 812318
Time Elapsed: 4 hr, 0 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#3 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 29 March 2016 - 12:30 PM

TDSS KILLER LOG

 

08:12:25.0477 0x0380  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
08:12:25.0510 0x0380  UEFI system
08:12:38.0677 0x0380  ============================================================
08:12:38.0677 0x0380  Current date / time: 2016/03/22 08:12:38.0677
08:12:38.0677 0x0380  SystemInfo:
08:12:38.0677 0x0380  
08:12:38.0677 0x0380  OS Version: 10.0.10586 ServicePack: 0.0
08:12:38.0677 0x0380  Product type: Workstation
08:12:38.0677 0x0380  ComputerName: JNK-PC
08:12:38.0678 0x0380  UserName: smithfamily
08:12:38.0678 0x0380  Windows directory: C:\WINDOWS
08:12:38.0678 0x0380  System windows directory: C:\WINDOWS
08:12:38.0678 0x0380  Running under WOW64
08:12:38.0678 0x0380  Processor architecture: Intel x64
08:12:38.0678 0x0380  Number of processors: 4
08:12:38.0678 0x0380  Page size: 0x1000
08:12:38.0678 0x0380  Boot type: Normal boot
08:12:38.0678 0x0380  ============================================================
08:12:39.0128 0x0380  KLMD registered as C:\WINDOWS\system32\drivers\77652747.sys
08:12:39.0877 0x0380  System UUID: {5E5036CC-8997-2570-04CC-1CB8EFD4A043}
08:12:40.0783 0x0380  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:12:40.0794 0x0380  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:12:40.0807 0x0380  ============================================================
08:12:40.0807 0x0380  \Device\Harddisk0\DR0:
08:12:40.0807 0x0380  GPT partitions:
08:12:40.0841 0x0380  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E583294D-F35B-4C67-8782-D50E4C4CC5AA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
08:12:40.0841 0x0380  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F70A14D3-7D43-488D-A1CC-3C38E17260A8}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
08:12:40.0841 0x0380  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {14506284-068B-4966-80E3-2C94675AE941}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
08:12:40.0841 0x0380  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3998014B-2B92-4D56-A991-60B843830781}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x725C7800
08:12:40.0841 0x0380  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9D309BB5-2652-41FB-844B-1B7FF4C90F9B}, Name: Basic data partition, StartLBA 0x72766000, BlocksNum 0x1FA0800
08:12:40.0841 0x0380  MBR partitions:
08:12:40.0841 0x0380  \Device\Harddisk1\DR1:
08:12:40.0862 0x0380  MBR partitions:
08:12:40.0863 0x0380  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
08:12:40.0863 0x0380  ============================================================
08:12:40.0876 0x0380  C: <-> \Device\Harddisk0\DR0\Partition4
08:12:40.0877 0x0380  E: <-> \Device\Harddisk1\DR1\Partition1
08:12:40.0877 0x0380  ============================================================
08:12:40.0877 0x0380  Initialize success
08:12:40.0877 0x0380  ============================================================
08:12:56.0685 0x070c  ============================================================
08:12:56.0685 0x070c  Scan started
08:12:56.0685 0x070c  Mode: Manual;
08:12:56.0685 0x070c  ============================================================
08:12:56.0685 0x070c  KSN ping started
08:12:59.0059 0x070c  KSN ping finished: true
08:13:01.0135 0x070c  ================ Scan system memory ========================
08:13:01.0135 0x070c  System memory - ok
08:13:01.0136 0x070c  ================ Scan services =============================
08:13:01.0358 0x070c  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
08:13:01.0368 0x070c  1394ohci - ok
08:13:01.0425 0x070c  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
08:13:01.0430 0x070c  3ware - ok
08:13:01.0478 0x070c  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
08:13:01.0503 0x070c  ACPI - ok
08:13:01.0522 0x070c  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
08:13:01.0528 0x070c  acpiex - ok
08:13:01.0547 0x070c  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
08:13:01.0549 0x070c  acpipagr - ok
08:13:01.0572 0x070c  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
08:13:01.0574 0x070c  AcpiPmi - ok
08:13:01.0590 0x070c  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
08:13:01.0592 0x070c  acpitime - ok
08:13:01.0739 0x070c  [ 4451CC2275B04043EC2BCC757AF97291, A07781C5C9AD344BF2B5F8E7ED0ACD804113B6BC02D082717E493768E6ABC393 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
08:13:01.0746 0x070c  AdobeActiveFileMonitor8.0 - ok
08:13:01.0817 0x070c  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:13:01.0821 0x070c  AdobeARMservice - ok
08:13:01.0910 0x070c  [ 99B993BD0F4C033D832B50D5E83BEBEC, A091635B2B428A51400468353F52D3FF35095460D3FA8CB29E2C4A804D87B845 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:13:01.0920 0x070c  AdobeFlashPlayerUpdateSvc - ok
08:13:01.0987 0x070c  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
08:13:02.0037 0x070c  ADP80XX - ok
08:13:02.0090 0x070c  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
08:13:02.0116 0x070c  AFD - ok
08:13:02.0138 0x070c  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
08:13:02.0142 0x070c  agp440 - ok
08:13:02.0167 0x070c  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
08:13:02.0175 0x070c  ahcache - ok
08:13:02.0200 0x070c  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
08:13:02.0203 0x070c  AJRouter - ok
08:13:02.0231 0x070c  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
08:13:02.0236 0x070c  ALG - ok
08:13:02.0257 0x070c  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
08:13:02.0262 0x070c  AmdK8 - ok
08:13:02.0282 0x070c  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
08:13:02.0288 0x070c  AmdPPM - ok
08:13:02.0311 0x070c  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
08:13:02.0315 0x070c  amdsata - ok
08:13:02.0343 0x070c  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
08:13:02.0353 0x070c  amdsbs - ok
08:13:02.0372 0x070c  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
08:13:02.0375 0x070c  amdxata - ok
08:13:02.0413 0x070c  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
08:13:02.0419 0x070c  AppID - ok
08:13:02.0442 0x070c  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
08:13:02.0445 0x070c  AppIDSvc - ok
08:13:02.0462 0x070c  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
08:13:02.0467 0x070c  Appinfo - ok
08:13:02.0519 0x070c  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:13:02.0522 0x070c  Apple Mobile Device - ok
08:13:02.0560 0x070c  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
08:13:02.0586 0x070c  AppReadiness - ok
08:13:02.0690 0x070c  [ 3DF25A56F18D2AB4CF58C1300C8CD323, 34A20004A93BC0F22BF99E56E6657CF0A68B64B375A66408FB1E26ADA7A72FC4 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
08:13:02.0777 0x070c  AppXSvc - ok
08:13:02.0807 0x070c  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
08:13:02.0813 0x070c  arcsas - ok
08:13:02.0832 0x070c  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
08:13:02.0834 0x070c  AsyncMac - ok
08:13:02.0851 0x070c  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
08:13:02.0853 0x070c  atapi - ok
08:13:02.0892 0x070c  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
08:13:02.0903 0x070c  AudioEndpointBuilder - ok
08:13:02.0967 0x070c  [ 9610CE53A9ED0789C8B669A5F86008F7, 9EE4B3F8528B20682595DDBDB0FF9F98FD8B957EE4C335FDD4382AE30D3C2EA0 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
08:13:02.0999 0x070c  Audiosrv - ok
08:13:03.0024 0x070c  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
08:13:03.0030 0x070c  AxInstSV - ok
08:13:03.0066 0x070c  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
08:13:03.0092 0x070c  b06bdrv - ok
08:13:03.0112 0x070c  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
08:13:03.0116 0x070c  BasicDisplay - ok
08:13:03.0124 0x070c  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
08:13:03.0127 0x070c  BasicRender - ok
08:13:03.0150 0x070c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
08:13:03.0152 0x070c  bcmfn - ok
08:13:03.0165 0x070c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
08:13:03.0167 0x070c  bcmfn2 - ok
08:13:03.0205 0x070c  [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
08:13:03.0222 0x070c  BDESVC - ok
08:13:03.0247 0x070c  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:13:03.0249 0x070c  Beep - ok
08:13:03.0298 0x070c  [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE             C:\WINDOWS\System32\bfe.dll
08:13:03.0332 0x070c  BFE - ok
08:13:03.0400 0x070c  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
08:13:03.0452 0x070c  BITS - ok
08:13:03.0533 0x070c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:13:03.0560 0x070c  Bonjour Service - ok
08:13:03.0571 0x070c  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
08:13:03.0576 0x070c  bowser - ok
08:13:03.0629 0x070c  [ 9972A886D911234F833A265D5D641D30, E64199AB64CC60C75371D8421031DC02818C852427C4F66AD3DF7DCDF33952B1 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
08:13:03.0655 0x070c  BrokerInfrastructure - ok
08:13:03.0672 0x070c  [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser         C:\WINDOWS\System32\browser.dll
08:13:03.0678 0x070c  Browser - ok
08:13:03.0718 0x070c  [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
08:13:03.0729 0x070c  BrYNSvc - ok
08:13:03.0751 0x070c  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
08:13:03.0753 0x070c  BthAvrcpTg - ok
08:13:03.0775 0x070c  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
08:13:03.0779 0x070c  BthHFEnum - ok
08:13:03.0802 0x070c  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
08:13:03.0804 0x070c  bthhfhid - ok
08:13:03.0834 0x070c  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
08:13:03.0850 0x070c  BthHFSrv - ok
08:13:03.0867 0x070c  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
08:13:03.0871 0x070c  BTHMODEM - ok
08:13:03.0896 0x070c  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\WINDOWS\system32\bthserv.dll
08:13:03.0901 0x070c  bthserv - ok
08:13:03.0914 0x070c  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
08:13:03.0916 0x070c  buttonconverter - ok
08:13:03.0947 0x070c  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
08:13:03.0952 0x070c  CapImg - ok
08:13:04.0095 0x070c  [ 0979E21A43F8F53945818D0E54FDF4C0, 1689C2F0FA646432814FC4FFA3D4514BC406E7E7DF11619B47C3EFF540809F94 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
08:13:04.0196 0x070c  CCDMonitorService - ok
08:13:04.0231 0x070c  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NARA      C:\WINDOWS\system32\drivers\NARAx64\0405000.009\ccSetx64.sys
08:13:04.0237 0x070c  ccSet_NARA - ok
08:13:04.0258 0x070c  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
08:13:04.0263 0x070c  cdfs - ok
08:13:04.0296 0x070c  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
08:13:04.0308 0x070c  CDPSvc - ok
08:13:04.0322 0x070c  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
08:13:04.0329 0x070c  cdrom - ok
08:13:04.0355 0x070c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
08:13:04.0363 0x070c  CertPropSvc - ok
08:13:04.0406 0x070c  [ D7BB4B5C3339D23901BD6265171918D5, 77F8BD68ED0DC6F5B248A98B424D2F22CDA7EDF515F3B1F6BA02B4FC8BE84DF6 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
08:13:04.0410 0x070c  cfwids - ok
08:13:04.0427 0x070c  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
08:13:04.0429 0x070c  circlass - ok
08:13:04.0450 0x070c  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
08:13:04.0464 0x070c  CLFS - ok
08:13:04.0521 0x070c  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
08:13:04.0546 0x070c  ClipSVC - ok
08:13:04.0578 0x070c  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
08:13:04.0581 0x070c  CmBatt - ok
08:13:04.0623 0x070c  [ A1105260EEEE3DBD8D38FD054B22BD00, CA943B0B03527B07690CAFFD53F8ABF14FB3974DAAA1036E54815BD0DAF803D8 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
08:13:04.0649 0x070c  CNG - ok
08:13:04.0667 0x070c  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
08:13:04.0669 0x070c  cnghwassist - ok
08:13:04.0720 0x070c  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
08:13:04.0723 0x070c  CompositeBus - ok
08:13:04.0731 0x070c  COMSysApp - ok
08:13:04.0748 0x070c  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
08:13:04.0751 0x070c  condrv - ok
08:13:04.0794 0x070c  [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
08:13:04.0829 0x070c  CoreMessagingRegistrar - ok
08:13:04.0919 0x070c  [ 4C69FF8400D51D0008A8C8327FB4CEAD, F8970C33452B9ADF243E4019C801811DD43D2828865056166F131A42957CF907 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
08:13:04.0953 0x070c  cphs - ok
08:13:05.0007 0x070c  [ FE820A5F99B092C3660762C6FC6C64E0, 1E16A01EF44E4C56E87ABFBE03B2989B0391B172C3EC162783AD640BE65AB961 ] cpuz136         C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys
08:13:05.0009 0x070c  cpuz136 - ok
08:13:05.0050 0x070c  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
08:13:05.0055 0x070c  CryptSvc - ok
08:13:05.0064 0x070c  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
08:13:05.0067 0x070c  dam - ok
08:13:05.0138 0x070c  dbupdate - ok
08:13:05.0144 0x070c  dbupdatem - ok
08:13:05.0194 0x070c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:13:05.0223 0x0de4  Object required for P2P: [ 99B993BD0F4C033D832B50D5E83BEBEC ] AdobeFlashPlayerUpdateSvc
08:13:05.0238 0x070c  DcomLaunch - ok
08:13:05.0269 0x070c  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
08:13:05.0278 0x070c  DcpSvc - ok
08:13:05.0310 0x070c  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
08:13:05.0335 0x070c  defragsvc - ok
08:13:05.0370 0x070c  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
08:13:05.0396 0x070c  DeviceAssociationService - ok
08:13:05.0426 0x070c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
08:13:05.0434 0x070c  DeviceInstall - ok
08:13:05.0449 0x070c  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
08:13:05.0453 0x070c  DevQueryBroker - ok
08:13:05.0465 0x070c  [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
08:13:05.0472 0x070c  Dfsc - ok
08:13:05.0500 0x070c  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
08:13:05.0513 0x070c  Dhcp - ok
08:13:05.0539 0x070c  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
08:13:05.0541 0x070c  diagnosticshub.standardcollector.service - ok
08:13:05.0633 0x070c  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
08:13:05.0701 0x070c  DiagTrack - ok
08:13:05.0716 0x070c  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
08:13:05.0721 0x070c  disk - ok
08:13:05.0752 0x070c  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
08:13:05.0777 0x070c  DmEnrollmentSvc - ok
08:13:05.0797 0x070c  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
08:13:05.0799 0x070c  dmvsc - ok
08:13:05.0819 0x070c  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
08:13:05.0823 0x070c  dmwappushservice - ok
08:13:05.0852 0x070c  [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:13:05.0865 0x070c  Dnscache - ok
08:13:05.0893 0x070c  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:13:05.0904 0x070c  dot3svc - ok
08:13:05.0927 0x070c  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
08:13:05.0935 0x070c  DPS - ok
08:13:05.0956 0x070c  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
08:13:05.0958 0x070c  drmkaud - ok
08:13:05.0977 0x070c  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
08:13:05.0987 0x070c  DsmSvc - ok
08:13:06.0023 0x070c  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
08:13:06.0031 0x070c  DsSvc - ok
08:13:06.0117 0x070c  [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
08:13:06.0193 0x070c  DXGKrnl - ok
08:13:06.0215 0x070c  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
08:13:06.0222 0x070c  Eaphost - ok
08:13:06.0366 0x070c  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
08:13:06.0492 0x070c  ebdrv - ok
08:13:06.0510 0x070c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\WINDOWS\System32\lsass.exe
08:13:06.0515 0x070c  EFS - ok
08:13:06.0526 0x070c  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
08:13:06.0530 0x070c  EhStorClass - ok
08:13:06.0549 0x070c  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
08:13:06.0554 0x070c  EhStorTcgDrv - ok
08:13:06.0577 0x070c  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
08:13:06.0584 0x070c  embeddedmode - ok
08:13:06.0616 0x070c  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
08:13:06.0632 0x070c  EntAppSvc - ok
08:13:06.0646 0x070c  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
08:13:06.0649 0x070c  ErrDev - ok
08:13:06.0690 0x070c  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
08:13:06.0707 0x070c  EventSystem - ok
08:13:06.0734 0x070c  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
08:13:06.0746 0x070c  exfat - ok
08:13:06.0765 0x070c  [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
08:13:06.0778 0x070c  fastfat - ok
08:13:06.0828 0x070c  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:13:06.0863 0x070c  Fax - ok
08:13:06.0879 0x070c  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
08:13:06.0882 0x070c  fdc - ok
08:13:06.0900 0x070c  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
08:13:06.0904 0x070c  fdPHost - ok
08:13:06.0933 0x070c  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
08:13:06.0936 0x070c  FDResPub - ok
08:13:06.0960 0x070c  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
08:13:06.0966 0x070c  fhsvc - ok
08:13:06.0998 0x070c  [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
08:13:07.0002 0x070c  FileCrypt - ok
08:13:07.0012 0x070c  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
08:13:07.0016 0x070c  FileInfo - ok
08:13:07.0030 0x070c  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
08:13:07.0033 0x070c  Filetrace - ok
08:13:07.0107 0x070c  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:13:07.0137 0x070c  FLEXnet Licensing Service - ok
08:13:07.0159 0x070c  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
08:13:07.0161 0x070c  flpydisk - ok
08:13:07.0181 0x070c  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:13:07.0195 0x070c  FltMgr - ok
08:13:07.0269 0x070c  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\WINDOWS\system32\FntCache.dll
08:13:07.0339 0x070c  FontCache - ok
08:13:07.0422 0x070c  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:13:07.0425 0x070c  FontCache3.0.0.0 - ok
08:13:07.0449 0x070c  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
08:13:07.0452 0x070c  FsDepends - ok
08:13:07.0460 0x070c  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:13:07.0463 0x070c  Fs_Rec - ok
08:13:07.0501 0x070c  [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
08:13:07.0524 0x070c  fvevol - ok
08:13:07.0542 0x070c  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
08:13:07.0545 0x070c  gagp30kx - ok
08:13:07.0582 0x070c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:13:07.0585 0x070c  GEARAspiWDM - ok
08:13:07.0599 0x070c  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
08:13:07.0602 0x070c  gencounter - ok
08:13:07.0616 0x070c  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
08:13:07.0618 0x070c  genericusbfn - ok
08:13:07.0638 0x070c  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
08:13:07.0645 0x070c  GPIOClx0101 - ok
08:13:07.0709 0x070c  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
08:13:07.0752 0x070c  gpsvc - ok
08:13:07.0764 0x070c  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
08:13:07.0766 0x070c  GpuEnergyDrv - ok
08:13:07.0776 0x070c  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
08:13:07.0780 0x070c  HDAudBus - ok
08:13:07.0793 0x070c  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
08:13:07.0795 0x070c  HidBatt - ok
08:13:07.0817 0x070c  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
08:13:07.0822 0x070c  HidBth - ok
08:13:07.0839 0x070c  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
08:13:07.0842 0x070c  hidi2c - ok
08:13:07.0855 0x070c  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
08:13:07.0858 0x070c  hidinterrupt - ok
08:13:07.0872 0x25bc  Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
08:13:07.0877 0x070c  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
08:13:07.0881 0x0de4  Object send P2P result: true
08:13:07.0881 0x070c  HidIr - ok
08:13:07.0904 0x070c  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
08:13:07.0908 0x070c  hidserv - ok
08:13:07.0917 0x070c  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
08:13:07.0920 0x070c  HidUsb - ok
08:13:07.0961 0x070c  [ E7AF59F1E0352F5EBEC4ECD32103D405, 0E02E031799F407A1BCE926D46471E7EFB8820359CBDE73759219B86C1882EB8 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
08:13:07.0969 0x070c  HipShieldK - ok
08:13:08.0010 0x070c  [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
08:13:08.0027 0x070c  HomeGroupListener - ok
08:13:08.0069 0x070c  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
08:13:08.0095 0x070c  HomeGroupProvider - ok
08:13:08.0157 0x070c  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
08:13:08.0183 0x070c  HomeNetSvc - ok
08:13:08.0206 0x070c  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
08:13:08.0210 0x070c  HpSAMD - ok
08:13:08.0275 0x070c  [ 318E816717431D3C23DC82779900C744, 363702CC8A5B5FBF5E8CE2DA5C48D52CBD6244C9398B164EFDF1A4B0FAF592E6 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
08:13:08.0317 0x070c  HTTP - ok
08:13:08.0337 0x070c  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
08:13:08.0339 0x070c  hwpolicy - ok
08:13:08.0358 0x070c  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
08:13:08.0361 0x070c  hyperkbd - ok
08:13:08.0377 0x070c  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
08:13:08.0382 0x070c  i8042prt - ok
08:13:08.0402 0x070c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
08:13:08.0406 0x070c  iai2c - ok
08:13:08.0433 0x070c  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
08:13:08.0440 0x070c  iaLPSS2i_I2C - ok
08:13:08.0458 0x070c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
08:13:08.0460 0x070c  iaLPSSi_GPIO - ok
08:13:08.0479 0x070c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
08:13:08.0485 0x070c  iaLPSSi_I2C - ok
08:13:08.0527 0x070c  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
08:13:08.0552 0x070c  iaStorAV - ok
08:13:08.0587 0x070c  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
08:13:08.0604 0x070c  iaStorV - ok
08:13:08.0640 0x070c  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
08:13:08.0657 0x070c  ibbus - ok
08:13:08.0700 0x070c  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
08:13:08.0707 0x070c  ICCS - ok
08:13:08.0739 0x070c  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
08:13:08.0749 0x070c  icssvc - ok
08:13:08.0756 0x070c  IEEtwCollectorService - ok
08:13:08.0920 0x070c  [ D440A4CC07DECA9C9E61A005C53666DB, 1BDFB81E7A41C794AA629490186691E988A393EBA4A81304CDA1F9C47CD32F0B ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
08:13:09.0057 0x070c  igfx - ok
08:13:09.0091 0x070c  [ CD4815866A54609462B197503E381F86, 616083B42DF358630889CD911A17DE70D91F1BE7186235A01A677A380615A8D8 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
08:13:09.0116 0x070c  igfxCUIService1.0.0.0 - ok
08:13:09.0171 0x070c  [ 12F8D27ED8623DDDC09A549EDADCBAC9, D3A3F0588D9CAF1027D8BC14601E2A6AB7E5924A2C23C90D38A9E14538DB02A9 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
08:13:09.0214 0x070c  IKEEXT - ok
08:13:09.0250 0x070c  [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
08:13:09.0253 0x070c  intaud_WaveExtensible - ok
08:13:09.0407 0x070c  [ A189C5F684DE5D1A0084138ADB383DDD, E351C730AAEE606F0AE86545998AD6323BDFA66CEAD0CA9F3931FFA8465406F6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
08:13:09.0542 0x070c  IntcAzAudAddService - ok
08:13:09.0601 0x070c  [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
08:13:09.0627 0x070c  IntcDAud - ok
08:13:09.0707 0x070c  [ 768DD5CB66952BC4A3BD474757AEE34F, 5A1F91FC8028D84FD83591D60CB7E3B24425C3B0FFF5A9BB0F7CE2E17AAB92D4 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
08:13:09.0741 0x070c  Intel® Capability Licensing Service Interface - ok
08:13:09.0778 0x070c  [ 7C9ED65324CF268ACBA8024257F782D8, 1DC43DBA3612E26454D7786DEB0538B44A736B67EC99642B4CC574D8A03E0DC7 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
08:13:09.0806 0x070c  Intel® Capability Licensing Service TCP IP Interface - ok
08:13:09.0830 0x070c  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
08:13:09.0832 0x070c  intelide - ok
08:13:09.0847 0x070c  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
08:13:09.0850 0x070c  intelpep - ok
08:13:09.0868 0x070c  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
08:13:09.0873 0x070c  intelppm - ok
08:13:09.0882 0x070c  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
08:13:09.0884 0x070c  IoQos - ok
08:13:09.0900 0x070c  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:13:09.0905 0x070c  IpFilterDriver - ok
08:13:09.0962 0x070c  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
08:13:10.0005 0x070c  iphlpsvc - ok
08:13:10.0026 0x070c  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
08:13:10.0031 0x070c  IPMIDRV - ok
08:13:10.0052 0x070c  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
08:13:10.0058 0x070c  IPNAT - ok
08:13:10.0108 0x070c  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:13:10.0134 0x070c  iPod Service - ok
08:13:10.0167 0x070c  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
08:13:10.0170 0x070c  IRENUM - ok
08:13:10.0181 0x070c  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
08:13:10.0183 0x070c  isapnp - ok
08:13:10.0211 0x070c  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
08:13:10.0221 0x070c  iScsiPrt - ok
08:13:10.0255 0x070c  [ DD1F43B86AD84E53203F92FD3EF3AEB6, 9DE2BA80B315E56DF2E74EAA65F4ECB8324DFC19E30EB56EDDF08340AB100E87 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
08:13:10.0258 0x070c  iwdbus - ok
08:13:10.0299 0x070c  [ D6909FD8847CCCCB6D07C69B71DD61FE, 120740198D91D3757140336D9B4BAFB24EE4B8F6B03175A671370BA53DEB17A0 ] iWinTrusted     C:\Program Files (x86)\iWin Games\iWinTrusted.exe
08:13:10.0308 0x070c  iWinTrusted - ok
08:13:10.0318 0x070c  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
08:13:10.0322 0x070c  kbdclass - ok
08:13:10.0330 0x070c  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
08:13:10.0333 0x070c  kbdhid - ok
08:13:10.0341 0x070c  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
08:13:10.0344 0x070c  kdnic - ok
08:13:10.0357 0x070c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
08:13:10.0361 0x070c  KeyIso - ok
08:13:10.0375 0x070c  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
08:13:10.0381 0x070c  KSecDD - ok
08:13:10.0419 0x070c  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
08:13:10.0425 0x070c  KSecPkg - ok
08:13:10.0434 0x070c  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
08:13:10.0436 0x070c  ksthunk - ok
08:13:10.0474 0x070c  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
08:13:10.0508 0x070c  KtmRm - ok
08:13:10.0529 0x25bc  Object send P2P result: true
08:13:10.0538 0x070c  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
08:13:10.0563 0x070c  LanmanServer - ok
08:13:10.0598 0x070c  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
08:13:10.0615 0x070c  LanmanWorkstation - ok
08:13:10.0632 0x070c  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
08:13:10.0636 0x070c  lfsvc - ok
08:13:10.0651 0x070c  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
08:13:10.0655 0x070c  LicenseManager - ok
08:13:10.0664 0x070c  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
08:13:10.0668 0x070c  lltdio - ok
08:13:10.0690 0x070c  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
08:13:10.0707 0x070c  lltdsvc - ok
08:13:10.0728 0x070c  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
08:13:10.0732 0x070c  lmhosts - ok
08:13:10.0758 0x070c  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
08:13:10.0764 0x070c  LSI_SAS - ok
08:13:10.0781 0x070c  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
08:13:10.0786 0x070c  LSI_SAS2i - ok
08:13:10.0805 0x070c  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
08:13:10.0809 0x070c  LSI_SAS3i - ok
08:13:10.0831 0x070c  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
08:13:10.0835 0x070c  LSI_SSS - ok
08:13:10.0875 0x070c  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
08:13:10.0910 0x070c  LSM - ok
08:13:10.0924 0x070c  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
08:13:10.0929 0x070c  luafv - ok
08:13:10.0964 0x070c  [ 88B38A7435DFA9B7E8F94F5D5FE999D2, FF4EBB6CE013D0EA62FEDA5FBBD1205D9A6F684E701F40039A95A4EF4145DC16 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
08:13:10.0970 0x070c  MapsBroker - ok
08:13:11.0005 0x070c  [ 0D3CF8B876F55291B137B972891C1575, 2E7D0A54D5B2211D340EB56F3D5FCB8362E75415A3C75F553643BA55888DC690 ] MBI             C:\WINDOWS\system32\drivers\MBI.sys
08:13:11.0007 0x070c  MBI - ok
08:13:11.0059 0x070c  [ FDFAFD06F78C40F1A61897777D76A512, A5D972CBB6F60A732F0C9620B2C4D392D86D9EA02286F757AC7E828CE516AAA7 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
08:13:11.0064 0x070c  McAfee SiteAdvisor Service - ok
08:13:11.0141 0x070c  [ DB0B5D190F92DE7ED732EC51DCB4D49B, 975A5A63479F5F70F3D384A74C4B0EE5154A6E1627304603ECA5FF34F280E40C ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
08:13:11.0175 0x070c  McAPExe - ok
08:13:11.0279 0x070c  [ 5660057DD2849F798434123891F612F2, 7F421A3A74BD6D1A32D8F4858D7DF456352AEF1EF7D17160BD8F4B49C0AFDCF4 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
08:13:11.0347 0x070c  mccspsvc - ok
08:13:11.0382 0x070c  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
08:13:11.0396 0x070c  McMPFSvc - ok
08:13:11.0424 0x070c  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McNaiAnn        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:13:11.0438 0x070c  McNaiAnn - ok
08:13:11.0503 0x070c  [ 1E911C91938467BC94389711BE4CDFF6, 2FD6679D0AB2982B19A4498ACF1F628FBD7638249D03ADB141308955A86FB288 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
08:13:11.0537 0x070c  McODS - ok
08:13:11.0561 0x070c  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] mcpltsvc        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:13:11.0575 0x070c  mcpltsvc - ok
08:13:11.0597 0x070c  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McProxy         C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:13:11.0611 0x070c  McProxy - ok
08:13:11.0630 0x070c  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
08:13:11.0634 0x070c  megasas - ok
08:13:11.0673 0x070c  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
08:13:11.0699 0x070c  megasr - ok
08:13:11.0717 0x070c  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
08:13:11.0723 0x070c  MessagingService - ok
08:13:11.0818 0x070c  [ 67CD258ECEA02ADA4D57592AE720F452, D4A1A4CC2749BF2FA798D7A2661D367F45124BE08A31ABBBA58B48BCE83EE62C ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
08:13:11.0835 0x070c  mfeaack - ok
08:13:11.0857 0x070c  [ E3084E1F0A542DF32312B7D2FE52D6E1, D0988DAB235A8D1F51C2DCB33BCECB047C3F3CED309267691D750BC41F578B36 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
08:13:11.0870 0x070c  mfeavfk - ok
08:13:11.0882 0x070c  [ B6573DD495385DDB9B304812C23D17AA, 8DD70B450B59B155348C54F67E16715DA7518F59F345F29C50CC5C64741153FC ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
08:13:11.0886 0x070c  mfeelamk - ok
08:13:11.0918 0x070c  [ 0A8120FB835F5FC47609F7C7744343C2, 2748C15997BCF0C47F784C2F037730370B0FCF79FE03CC2ACA8A98B2956D5DC8 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:13:11.0927 0x070c  mfefire - ok
08:13:11.0978 0x070c  [ 5203A63B8FDB8E072BDFA036D63589C3, F81601F50DE177D10B804D69321225DCCCD9C61394A43A6EC647F71FCFE4921F ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
08:13:12.0004 0x070c  mfefirek - ok
08:13:12.0064 0x070c  [ 578AE1184B6342A06E7020BE866472D5, 53CB9E37EBDFA1137F56860ABE6EE0F82532733254D654A4982087E0D3FE765E ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
08:13:12.0098 0x070c  mfehidk - ok
08:13:12.0138 0x070c  [ 29CAAED140D5A9E837E1188FA2EF0FD0, 51E806B927B1F0C0E0FB3DEA9F8ED99350F74285276660FF68F4460D2D8D3E1A ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
08:13:12.0152 0x070c  mfemms - ok
08:13:12.0208 0x070c  [ 9DC97E684A0F4AAF726D54B6B252315C, 1420F084ABC20619F9A8D1D5A30ADEA0A21432D0327634C97A58FA62452DC781 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
08:13:12.0234 0x070c  mfencbdc - ok
08:13:12.0257 0x070c  [ 984C0003040946578022D3A5405652D9, E52E5EB4F2A50573854BB8BC37326B75138278E6F96E32937AFB01AB359307A9 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
08:13:12.0262 0x070c  mfencrk - ok
08:13:12.0283 0x070c  [ 3DAB795016D323756804111C7EF2D3C2, 442AE21463109D0866ABD5423B2B5FE672934D76B3940F3DA1FBC48EDBE218EC ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
08:13:12.0286 0x070c  mfesapsn - ok
08:13:12.0322 0x070c  [ C76DEBD4675A90C6A9CECA4E12F9295C, 91AACFC1C1B345D212354C33383A654C6D51BF3F676455C7068B7DD96E8F2476 ] mfevtp          C:\Windows\system32\mfevtps.exe
08:13:12.0334 0x070c  mfevtp - ok
08:13:12.0351 0x070c  [ F0E1B2EF49D967B17256F2334E93005A, 05A34ED584CD4D4E8722638D76F6E24B3EDAC605ABBBAB7812958AFA0CAA3B88 ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
08:13:12.0361 0x070c  mfewfpk - ok
08:13:12.0404 0x070c  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
08:13:12.0439 0x070c  mlx4_bus - ok
08:13:12.0474 0x070c  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
08:13:12.0477 0x070c  MMCSS - ok
08:13:12.0491 0x070c  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
08:13:12.0494 0x070c  Modem - ok
08:13:12.0502 0x070c  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
08:13:12.0505 0x070c  monitor - ok
08:13:12.0526 0x070c  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
08:13:12.0530 0x070c  mouclass - ok
08:13:12.0538 0x070c  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
08:13:12.0541 0x070c  mouhid - ok
08:13:12.0553 0x070c  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
08:13:12.0558 0x070c  mountmgr - ok
08:13:12.0581 0x070c  [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:13:12.0587 0x070c  MozillaMaintenance - ok
08:13:12.0597 0x070c  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
08:13:12.0601 0x070c  mpsdrv - ok
08:13:12.0657 0x070c  [ 553F19DC6F3F73545CB17FCD7A8AE37B, 49ABB625EB9C2981254EEA1FE7858DF630BA2D65653CC91CD4FEEACF69C5392F ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
08:13:12.0700 0x070c  MpsSvc - ok
08:13:12.0735 0x070c  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
08:13:12.0741 0x070c  MRxDAV - ok
08:13:12.0787 0x070c  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:13:12.0812 0x070c  mrxsmb - ok
08:13:12.0845 0x070c  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
08:13:12.0856 0x070c  mrxsmb10 - ok
08:13:12.0871 0x070c  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
08:13:12.0881 0x070c  mrxsmb20 - ok
08:13:12.0901 0x070c  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
08:13:12.0906 0x070c  MsBridge - ok
08:13:12.0934 0x070c  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
08:13:12.0943 0x070c  MSDTC - ok
08:13:12.0959 0x070c  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:13:12.0961 0x070c  Msfs - ok
08:13:12.0979 0x070c  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
08:13:12.0983 0x070c  msgpiowin32 - ok
08:13:12.0995 0x070c  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
08:13:12.0997 0x070c  mshidkmdf - ok
08:13:13.0013 0x070c  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
08:13:13.0016 0x070c  mshidumdf - ok
08:13:13.0023 0x070c  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
08:13:13.0025 0x070c  msisadrv - ok
08:13:13.0064 0x070c  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
08:13:13.0072 0x070c  MSiSCSI - ok
08:13:13.0080 0x070c  msiserver - ok
08:13:13.0099 0x070c  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
08:13:13.0101 0x070c  MSKSSRV - ok
08:13:13.0111 0x070c  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
08:13:13.0115 0x070c  MsLldp - ok
08:13:13.0132 0x070c  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
08:13:13.0134 0x070c  MSPCLOCK - ok
08:13:13.0147 0x070c  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
08:13:13.0149 0x070c  MSPQM - ok
08:13:13.0168 0x070c  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
08:13:13.0181 0x070c  MsRPC - ok
08:13:13.0197 0x070c  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
08:13:13.0201 0x070c  mssmbios - ok
08:13:13.0212 0x070c  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
08:13:13.0215 0x070c  MSTEE - ok
08:13:13.0226 0x070c  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
08:13:13.0228 0x070c  MTConfig - ok
08:13:13.0245 0x070c  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
08:13:13.0251 0x070c  Mup - ok
08:13:13.0271 0x070c  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
08:13:13.0275 0x070c  mvumis - ok
08:13:13.0310 0x070c  [ 536A0806CE2061A2157E65D4D8ABF30C, F9893F66505E3F748365CD4625B34357531804BDFE33E57285C0106C03F7916C ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
08:13:13.0336 0x070c  NativeWifiP - ok
08:13:13.0418 0x070c  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
08:13:13.0452 0x070c  NAUpdate - ok
08:13:13.0487 0x070c  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
08:13:13.0498 0x070c  NcaSvc - ok
08:13:13.0526 0x070c  [ 7467BD76D6ED5981E6C3DBFEB50F0F4D, 237E1C2E15D5F3BAC49B09E1CD0EAE56A6998AE1FF560A4F7A7EFFEB46884798 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
08:13:13.0544 0x070c  NcbService - ok
08:13:13.0555 0x070c  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
08:13:13.0562 0x070c  NcdAutoSetup - ok
08:13:13.0587 0x070c  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
08:13:13.0591 0x070c  ndfltr - ok
08:13:13.0661 0x070c  [ AFAECF904F1C343EBD50F91BC8D0DBE8, FABAE70F62895708415B8E176A880D2D20D46D9A14C3D41D371B905CE4D64BA0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
08:13:13.0701 0x070c  NDIS - ok
08:13:13.0740 0x070c  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
08:13:13.0743 0x070c  NdisCap - ok
08:13:13.0762 0x070c  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
08:13:13.0769 0x070c  NdisImPlatform - ok
08:13:13.0797 0x070c  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:13:13.0799 0x070c  NdisTapi - ok
08:13:13.0816 0x070c  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
08:13:13.0820 0x070c  Ndisuio - ok
08:13:13.0838 0x070c  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
08:13:13.0840 0x070c  NdisVirtualBus - ok
08:13:13.0863 0x070c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
08:13:13.0871 0x070c  NdisWan - ok
08:13:13.0905 0x070c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:13:13.0911 0x070c  ndiswanlegacy - ok
08:13:13.0932 0x070c  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
08:13:13.0935 0x070c  ndproxy - ok
08:13:13.0946 0x070c  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
08:13:13.0953 0x070c  Ndu - ok
08:13:13.0978 0x070c  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\WINDOWS\System32\drivers\netaapl64.sys
08:13:13.0980 0x070c  Netaapl - ok
08:13:13.0990 0x070c  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
08:13:13.0994 0x070c  NetBIOS - ok
08:13:14.0016 0x070c  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:13:14.0027 0x070c  NetBT - ok
08:13:14.0048 0x070c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:13:14.0053 0x070c  Netlogon - ok
08:13:14.0091 0x070c  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
08:13:14.0107 0x070c  Netman - ok
08:13:14.0142 0x070c  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
08:13:14.0165 0x070c  netprofm - ok
08:13:14.0204 0x070c  [ 3D58D04A9269CE21B61960544A05573D, 250DB1266EE37BAAA9F9E51434879DB4564A8550FCAB28BAB3308772882850CF ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
08:13:14.0214 0x070c  NetSetupSvc - ok
08:13:14.0260 0x070c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:13:14.0287 0x070c  NetTcpPortSharing - ok
08:13:14.0317 0x070c  [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
08:13:14.0343 0x070c  NgcCtnrSvc - ok
08:13:14.0380 0x070c  [ C64B693DF26EB7BFF25F9BAD8B54D571, 12363E81B329D048E0148739AA542958F7CAF6FF3404BB001AF51850EF84338D ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
08:13:14.0415 0x070c  NgcSvc - ok
08:13:14.0442 0x070c  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
08:13:14.0475 0x070c  NlaSvc - ok
08:13:14.0655 0x070c  [ 4CA6E1F6A83D74A86850726475DC4462, 9BF8D917141A5736E72A9F51F827D24393509896E866F43FFB079F5BF8EF3F81 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:13:14.0817 0x070c  NOBU - ok
08:13:14.0837 0x070c  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:13:14.0840 0x070c  Npfs - ok
08:13:14.0849 0x070c  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
08:13:14.0852 0x070c  npsvctrig - ok
08:13:14.0860 0x070c  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
08:13:14.0866 0x070c  nsi - ok
08:13:14.0874 0x070c  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
08:13:14.0877 0x070c  nsiproxy - ok
08:13:14.0985 0x070c  [ 58BFFEF692A47FCE3FAAEDBC8F3DCBBB, 4F55CDF153306B17EDEA6F621939990667735676CBA460CC3078789C2766EF68 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
08:13:15.0070 0x070c  NTFS - ok
08:13:15.0086 0x070c  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:13:15.0088 0x070c  Null - ok
08:13:15.0109 0x070c  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
08:13:15.0116 0x070c  nvraid - ok
08:13:15.0134 0x070c  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
08:13:15.0141 0x070c  nvstor - ok
08:13:15.0160 0x070c  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
08:13:15.0165 0x070c  nv_agp - ok
08:13:15.0211 0x070c  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
08:13:15.0227 0x070c  OneSyncSvc - ok
08:13:15.0277 0x070c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
08:13:15.0311 0x070c  p2pimsvc - ok
08:13:15.0343 0x070c  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
08:13:15.0368 0x070c  p2psvc - ok
08:13:15.0388 0x070c  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
08:13:15.0392 0x070c  Parport - ok
08:13:15.0405 0x070c  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
08:13:15.0410 0x070c  partmgr - ok
08:13:15.0448 0x070c  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
08:13:15.0474 0x070c  PcaSvc - ok
08:13:15.0494 0x070c  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\WINDOWS\system32\drivers\pci.sys
08:13:15.0506 0x070c  pci - ok
08:13:15.0522 0x070c  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
08:13:15.0524 0x070c  pciide - ok
08:13:15.0551 0x070c  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
08:13:15.0556 0x070c  pcmcia - ok
08:13:15.0566 0x070c  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
08:13:15.0570 0x070c  pcw - ok
08:13:15.0580 0x070c  [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
08:13:15.0586 0x070c  pdc - ok
08:13:15.0649 0x070c  [ 7CADB4ABAE72390951886CF259791F5F, 9A0F4113F4E09911A44843F31E8C7047EEA39611AB490A4CF16FAE9D95310076 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
08:13:15.0656 0x070c  PDFProFiltSrvPP - ok
08:13:15.0697 0x070c  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
08:13:15.0723 0x070c  PEAUTH - ok
08:13:15.0743 0x070c  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
08:13:15.0747 0x070c  percsas2i - ok
08:13:15.0759 0x070c  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
08:13:15.0762 0x070c  percsas3i - ok
08:13:15.0837 0x070c  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
08:13:15.0841 0x070c  PerfHost - ok
08:13:15.0914 0x070c  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
08:13:15.0948 0x070c  PhoneSvc - ok
08:13:15.0983 0x070c  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
08:13:16.0000 0x070c  PimIndexMaintenanceSvc - ok
08:13:16.0094 0x070c  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\WINDOWS\system32\pla.dll
08:13:16.0154 0x070c  pla - ok
08:13:16.0184 0x070c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
08:13:16.0193 0x070c  PlugPlay - ok
08:13:16.0208 0x070c  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
08:13:16.0213 0x070c  PNRPAutoReg - ok
08:13:16.0233 0x070c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
08:13:16.0248 0x070c  PNRPsvc - ok
08:13:16.0292 0x070c  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
08:13:16.0325 0x070c  PolicyAgent - ok
08:13:16.0341 0x070c  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
08:13:16.0350 0x070c  Power - ok
08:13:16.0367 0x070c  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
08:13:16.0372 0x070c  PptpMiniport - ok
08:13:16.0539 0x070c  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
08:13:16.0668 0x070c  PrintNotify - ok
08:13:16.0695 0x070c  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
08:13:16.0701 0x070c  Processor - ok
08:13:16.0736 0x070c  [ A08AAC62EF7A1E291B3E895B5864BB86, 340E6648F9A5F4B7543FDEC5BDAFBDA3DE319B8F998FF2EF60D02EE5EF3D56CB ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
08:13:16.0749 0x070c  ProfSvc - ok
08:13:16.0762 0x070c  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
08:13:16.0769 0x070c  Psched - ok
08:13:16.0795 0x070c  [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
08:13:16.0799 0x070c  PxHlpa64 - ok
08:13:16.0826 0x070c  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
08:13:16.0843 0x070c  QWAVE - ok
08:13:16.0875 0x070c  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
08:13:16.0878 0x070c  QWAVEdrv - ok
08:13:16.0898 0x070c  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:13:16.0900 0x070c  RasAcd - ok
08:13:16.0918 0x070c  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
08:13:16.0923 0x070c  RasAgileVpn - ok
08:13:16.0954 0x070c  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:13:16.0962 0x070c  RasAuto - ok
08:13:16.0998 0x070c  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
08:13:17.0003 0x070c  Rasl2tp - ok
08:13:17.0050 0x070c  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:13:17.0085 0x070c  RasMan - ok
08:13:17.0104 0x070c  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:13:17.0109 0x070c  RasPppoe - ok
08:13:17.0125 0x070c  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
08:13:17.0130 0x070c  RasSstp - ok
08:13:17.0163 0x070c  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:13:17.0180 0x070c  rdbss - ok
08:13:17.0192 0x070c  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
08:13:17.0195 0x070c  rdpbus - ok
08:13:17.0224 0x070c  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
08:13:17.0231 0x070c  RDPDR - ok
08:13:17.0259 0x070c  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
08:13:17.0262 0x070c  RdpVideoMiniport - ok
08:13:17.0278 0x070c  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
08:13:17.0288 0x070c  rdyboost - ok
08:13:17.0340 0x070c  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
08:13:17.0382 0x070c  ReFSv1 - ok
08:13:17.0430 0x070c  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:13:17.0456 0x070c  RemoteAccess - ok
08:13:17.0480 0x070c  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:13:17.0490 0x070c  RemoteRegistry - ok
08:13:17.0550 0x070c  [ AD43141CE6D5074DA1D28B5BCD4E4507, C1A9AA856DD4FEE00BBA329C150E0CBCD1CE13ED0BB7B4AC9B152321CD854212 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
08:13:17.0593 0x070c  RetailDemo - ok
08:13:17.0617 0x070c  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
08:13:17.0624 0x070c  RpcEptMapper - ok
08:13:17.0650 0x070c  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:13:17.0654 0x070c  RpcLocator - ok
08:13:17.0702 0x070c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:13:17.0733 0x070c  RpcSs - ok
08:13:17.0745 0x070c  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
08:13:17.0750 0x070c  rspndr - ok
08:13:17.0810 0x070c  [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168         C:\WINDOWS\System32\drivers\Rt630x64.sys
08:13:17.0844 0x070c  RTL8168 - ok
08:13:17.0888 0x070c  [ 3940780911A7BD1793B7CEEC9E4429C2, 539511D26D2EE348F80D9EFA414FD731983B14D8218E498217E7A0A0E439E41C ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
08:13:17.0903 0x070c  RTSUER - ok
08:13:17.0921 0x070c  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
08:13:17.0923 0x070c  s3cap - ok
08:13:17.0947 0x070c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:13:17.0953 0x070c  SamSs - ok
08:13:17.0970 0x070c  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
08:13:17.0976 0x070c  sbp2port - ok
08:13:17.0997 0x070c  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
08:13:18.0022 0x070c  SCardSvr - ok
08:13:18.0044 0x070c  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
08:13:18.0054 0x070c  ScDeviceEnum - ok
08:13:18.0071 0x070c  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
08:13:18.0074 0x070c  scfilter - ok
08:13:18.0138 0x070c  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:13:18.0172 0x070c  Schedule - ok
08:13:18.0205 0x070c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
08:13:18.0213 0x070c  SCPolicySvc - ok
08:13:18.0248 0x070c  [ 70165A0A2653FB8AFDE3D85000727F29, BAC35D7B0296CAC78EAC4266FC96E292174827E0B24ECAF085228B26A5052911 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
08:13:18.0259 0x070c  sdbus - ok
08:13:18.0282 0x070c  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
08:13:18.0292 0x070c  SDRSVC - ok
08:13:18.0319 0x070c  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
08:13:18.0323 0x070c  sdstor - ok
08:13:18.0358 0x070c  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
08:13:18.0364 0x070c  seclogon - ok
08:13:18.0380 0x070c  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
08:13:18.0387 0x070c  SENS - ok
08:13:18.0450 0x070c  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
08:13:18.0509 0x070c  SensorDataService - ok
08:13:18.0572 0x070c  [ A74C62AE99A015CD6275F0D8D8843886, DF08E0BB1160E054C6B000BC5F62DEF77C6D9E4B5679AD013C313BA14207B589 ] SensorService   C:\WINDOWS\system32\SensorService.dll
08:13:18.0597 0x070c  SensorService - ok
08:13:18.0620 0x070c  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
08:13:18.0630 0x070c  SensrSvc - ok
08:13:18.0647 0x070c  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
08:13:18.0651 0x070c  SerCx - ok
08:13:18.0671 0x070c  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
08:13:18.0677 0x070c  SerCx2 - ok
08:13:18.0693 0x070c  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
08:13:18.0696 0x070c  Serenum - ok
08:13:18.0715 0x070c  [ 88D58E1DAA6C5062DD3A26273106961F, D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B ] Serial          C:\WINDOWS\System32\drivers\serial.sys
08:13:18.0719 0x070c  Serial - ok
08:13:18.0748 0x070c  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
08:13:18.0751 0x070c  sermouse - ok
08:13:18.0794 0x070c  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
08:13:18.0820 0x070c  SessionEnv - ok
08:13:18.0840 0x070c  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
08:13:18.0842 0x070c  sfloppy - ok
08:13:18.0881 0x070c  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:13:18.0906 0x070c  SharedAccess - ok
08:13:18.0951 0x070c  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:13:18.0985 0x070c  ShellHWDetection - ok
08:13:19.0005 0x070c  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
08:13:19.0008 0x070c  SiSRaid2 - ok
08:13:19.0025 0x070c  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
08:13:19.0029 0x070c  SiSRaid4 - ok
08:13:19.0052 0x070c  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
08:13:19.0056 0x070c  smphost - ok
08:13:19.0095 0x070c  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
08:13:19.0129 0x070c  SmsRouter - ok
08:13:19.0153 0x070c  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
08:13:19.0158 0x070c  SNMPTRAP - ok
08:13:19.0181 0x070c  [ 742E9D059ABEC5B2C4D2AEDEE8B6D130, 59E66EED8E50858E3AF337C4CC2B87111571ADDBBF02937DB983A2B67F2B7B5F ] Soluto          C:\WINDOWS\system32\Drivers\Soluto.sys
08:13:19.0185 0x070c  Soluto - ok
08:13:19.0247 0x070c  [ E99DC2DEB1B357C7670D36DEE4ABB8AE, 65A5E245343DDA50772F39DE213E393DFDD73ACD566AE4D8AFF12BAE5B38F520 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
08:13:19.0256 0x070c  SolutoLauncherService - ok
08:13:19.0286 0x070c  [ 9EBB8E4F7FF206A8B8C06B904B399BB6, 905FA4D3BEFAD2509EFADB27F3F043CBA0A231C18640672D5E8DB05B2BCBFF53 ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
08:13:19.0311 0x070c  SolutoService - ok
08:13:19.0343 0x070c  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
08:13:19.0369 0x070c  spaceport - ok
08:13:19.0389 0x070c  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
08:13:19.0393 0x070c  SpbCx - ok
08:13:19.0452 0x070c  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\WINDOWS\System32\spoolsv.exe
08:13:19.0485 0x070c  Spooler - ok
08:13:19.0739 0x070c  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
08:13:19.0937 0x070c  sppsvc - ok
08:13:19.0973 0x070c  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:13:19.0988 0x070c  srv - ok
08:13:20.0020 0x070c  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
08:13:20.0044 0x070c  srv2 - ok
08:13:20.0062 0x070c  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
08:13:20.0072 0x070c  srvnet - ok
08:13:20.0105 0x070c  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:13:20.0121 0x070c  SSDPSRV - ok
08:13:20.0146 0x070c  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
08:13:20.0158 0x070c  SstpSvc - ok
08:13:20.0281 0x070c  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
08:13:20.0384 0x070c  StateRepository - ok
08:13:20.0412 0x070c  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
08:13:20.0414 0x070c  stexstor - ok
08:13:20.0445 0x070c  [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
08:13:20.0447 0x070c  StillCam - ok
08:13:20.0491 0x070c  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
08:13:20.0515 0x070c  stisvc - ok
08:13:20.0529 0x070c  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
08:13:20.0534 0x070c  storahci - ok
08:13:20.0550 0x070c  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
08:13:20.0553 0x070c  storflt - ok
08:13:20.0575 0x070c  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
08:13:20.0579 0x070c  stornvme - ok
08:13:20.0590 0x070c  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
08:13:20.0594 0x070c  storqosflt - ok
08:13:20.0633 0x070c  [ 9953FA89A4E3BC33296DAFB1ACFDC62F, D2F2698834691FF7915BDFFB82DB549354311A5DD7D37BF767F95D407AC4019F ] StorSvc         C:\WINDOWS\system32\storsvc.dll
08:13:20.0667 0x070c  StorSvc - ok
08:13:20.0685 0x070c  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
08:13:20.0688 0x070c  storufs - ok
08:13:20.0703 0x070c  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
08:13:20.0706 0x070c  storvsc - ok
08:13:20.0722 0x070c  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
08:13:20.0727 0x070c  svsvc - ok
08:13:20.0735 0x070c  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
08:13:20.0737 0x070c  swenum - ok
08:13:20.0764 0x070c  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\WINDOWS\System32\swprv.dll
08:13:20.0790 0x070c  swprv - ok
08:13:20.0818 0x070c  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
08:13:20.0822 0x070c  Synth3dVsc - ok
08:13:20.0879 0x070c  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
08:13:20.0931 0x070c  SysMain - ok
08:13:20.0955 0x070c  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
08:13:20.0972 0x070c  SystemEventsBroker - ok
08:13:21.0005 0x070c  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
08:13:21.0015 0x070c  TabletInputService - ok
08:13:21.0046 0x070c  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:13:21.0071 0x070c  TapiSrv - ok
08:13:21.0173 0x070c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
08:13:21.0274 0x070c  Tcpip - ok
08:13:21.0370 0x070c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
08:13:21.0450 0x070c  Tcpip6 - ok
08:13:21.0483 0x070c  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
08:13:21.0486 0x070c  tcpipreg - ok
08:13:21.0527 0x070c  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
08:13:21.0533 0x070c  tdx - ok
08:13:21.0551 0x070c  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
08:13:21.0554 0x070c  terminpt - ok
08:13:21.0614 0x070c  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\WINDOWS\System32\termsrv.dll
08:13:21.0665 0x070c  TermService - ok
08:13:21.0687 0x070c  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
08:13:21.0694 0x070c  Themes - ok
08:13:21.0723 0x070c  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
08:13:21.0749 0x070c  TieringEngineService - ok
08:13:21.0774 0x070c  [ FC971E1D1B5900C231591A7720FCD8B8, DF58C350977019E4A8F381FB35702E9BEA89F6A8C6BF36C56376D36BC8FE630F ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
08:13:21.0795 0x070c  tiledatamodelsvc - ok
08:13:21.0828 0x070c  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
08:13:21.0838 0x070c  TimeBroker - ok
08:13:21.0865 0x070c  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
08:13:21.0873 0x070c  TPM - ok
08:13:21.0893 0x070c  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
08:13:21.0902 0x070c  TrkWks - ok
08:13:21.0945 0x070c  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
08:13:21.0950 0x070c  TrustedInstaller - ok
08:13:21.0970 0x070c  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
08:13:21.0974 0x070c  tsusbflt - ok
08:13:21.0990 0x070c  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
08:13:21.0992 0x070c  TsUsbGD - ok
08:13:22.0005 0x070c  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
08:13:22.0012 0x070c  tunnel - ok
08:13:22.0041 0x070c  [ 72E24CD1662577B38779B5E768C48FEE, 66BFD18CEDEEF358B04B81C65BC12606632FB1B2DAD4EC8405962DE1054D08CA ] TXEIx64         C:\WINDOWS\System32\drivers\TXEIx64.sys
08:13:22.0045 0x070c  TXEIx64 - ok
08:13:22.0077 0x070c  [ 1A9A77ACDAC29C39F50D2A492FD0DB16, E21F2E2BA6EABE0F6B5A1930DDB2CE5A921389A58C08A2D3F66D245E8698E6B4 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
08:13:22.0085 0x070c  tzautoupdate - ok
08:13:22.0101 0x070c  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
08:13:22.0105 0x070c  uagp35 - ok
08:13:22.0122 0x070c  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
08:13:22.0126 0x070c  UASPStor - ok
08:13:22.0145 0x070c  [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
08:13:22.0149 0x070c  UcmCx0101 - ok
08:13:22.0164 0x070c  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
08:13:22.0168 0x070c  UcmUcsi - ok
08:13:22.0182 0x070c  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
08:13:22.0190 0x070c  Ucx01000 - ok
08:13:22.0208 0x070c  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
08:13:22.0211 0x070c  UdeCx - ok
08:13:22.0231 0x070c  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
08:13:22.0243 0x070c  udfs - ok
08:13:22.0253 0x070c  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
08:13:22.0256 0x070c  UEFI - ok
08:13:22.0283 0x070c  [ 5F0D997E6FC5A418D7673148CEF72887, 6C142CB8F06E5958045451253C9188CE876A84D08266FFD7F64AAE09964D8431 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
08:13:22.0293 0x070c  Ufx01000 - ok
08:13:22.0316 0x070c  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
08:13:22.0321 0x070c  UfxChipidea - ok
08:13:22.0339 0x070c  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
08:13:22.0344 0x070c  ufxsynopsys - ok
08:13:22.0362 0x070c  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
08:13:22.0369 0x070c  UI0Detect - ok
08:13:22.0384 0x070c  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
08:13:22.0388 0x070c  uliagpkx - ok
08:13:22.0397 0x070c  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
08:13:22.0401 0x070c  umbus - ok
08:13:22.0408 0x070c  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
08:13:22.0410 0x070c  UmPass - ok
08:13:22.0435 0x070c  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
08:13:22.0452 0x070c  UmRdpService - ok
08:13:22.0519 0x070c  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
08:13:22.0571 0x070c  UnistoreSvc - ok
08:13:22.0634 0x070c  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:13:22.0660 0x070c  upnphost - ok
08:13:22.0674 0x070c  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
08:13:22.0677 0x070c  UrsChipidea - ok
08:13:22.0694 0x070c  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
08:13:22.0698 0x070c  UrsCx01000 - ok
08:13:22.0714 0x070c  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
08:13:22.0717 0x070c  UrsSynopsys - ok
08:13:22.0754 0x070c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
08:13:22.0758 0x070c  USBAAPL64 - ok
08:13:22.0771 0x070c  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
08:13:22.0777 0x070c  usbccgp - ok
08:13:22.0815 0x070c  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
08:13:22.0820 0x070c  usbcir - ok
08:13:22.0841 0x070c  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
08:13:22.0846 0x070c  usbehci - ok
08:13:22.0878 0x070c  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
08:13:22.0904 0x070c  usbhub - ok
08:13:22.0927 0x1f08  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
08:13:22.0950 0x070c  [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
08:13:22.0992 0x070c  USBHUB3 - ok
08:13:23.0011 0x070c  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
08:13:23.0014 0x070c  usbohci - ok
08:13:23.0026 0x070c  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
08:13:23.0030 0x070c  usbprint - ok
08:13:23.0068 0x070c  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
08:13:23.0071 0x070c  usbser - ok
08:13:23.0108 0x070c  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
08:13:23.0114 0x070c  USBSTOR - ok
08:13:23.0132 0x070c  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
08:13:23.0135 0x070c  usbuhci - ok
08:13:23.0155 0x070c  [ 325727F01F03C504CF788618A13DC266, 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
08:13:23.0169 0x070c  USBXHCI - ok
08:13:23.0257 0x070c  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
08:13:23.0318 0x070c  UserDataSvc - ok
08:13:23.0404 0x070c  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\WINDOWS\System32\usermgr.dll
08:13:23.0447 0x070c  UserManager - ok
08:13:23.0483 0x070c  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
08:13:23.0498 0x070c  UsoSvc - ok
08:13:23.0514 0x070c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
08:13:23.0519 0x070c  VaultSvc - ok
08:13:23.0528 0x070c  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
08:13:23.0532 0x070c  vdrvroot - ok
08:13:23.0569 0x070c  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\WINDOWS\System32\vds.exe
08:13:23.0596 0x070c  vds - ok
08:13:23.0613 0x070c  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
08:13:23.0621 0x070c  VerifierExt - ok
08:13:23.0666 0x070c  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
08:13:23.0701 0x070c  vhdmp - ok
08:13:23.0718 0x070c  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
08:13:23.0721 0x070c  vhf - ok
08:13:23.0738 0x070c  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
08:13:23.0743 0x070c  vmbus - ok
08:13:23.0760 0x070c  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
08:13:23.0763 0x070c  VMBusHID - ok
08:13:23.0800 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
08:13:23.0826 0x070c  vmicguestinterface - ok
08:13:23.0851 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
08:13:23.0869 0x070c  vmicheartbeat - ok
08:13:23.0894 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
08:13:23.0912 0x070c  vmickvpexchange - ok
08:13:23.0938 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
08:13:23.0955 0x070c  vmicrdv - ok
08:13:23.0980 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
08:13:23.0999 0x070c  vmicshutdown - ok
08:13:24.0025 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
08:13:24.0043 0x070c  vmictimesync - ok
08:13:24.0070 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
08:13:24.0088 0x070c  vmicvmsession - ok
08:13:24.0114 0x070c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
08:13:24.0133 0x070c  vmicvss - ok
08:13:24.0147 0x070c  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
08:13:24.0152 0x070c  volmgr - ok
08:13:24.0173 0x070c  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
08:13:24.0187 0x070c  volmgrx - ok
08:13:24.0210 0x070c  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
08:13:24.0225 0x070c  volsnap - ok
08:13:24.0240 0x070c  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
08:13:24.0244 0x070c  vpci - ok
08:13:24.0269 0x070c  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
08:13:24.0276 0x070c  vsmraid - ok
08:13:24.0346 0x070c  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\WINDOWS\system32\vssvc.exe
08:13:24.0405 0x070c  VSS - ok
08:13:24.0436 0x070c  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
08:13:24.0448 0x070c  VSTXRAID - ok
08:13:24.0465 0x070c  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
08:13:24.0468 0x070c  vwifibus - ok
08:13:24.0484 0x070c  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
08:13:24.0488 0x070c  vwififlt - ok
08:13:24.0518 0x070c  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\WINDOWS\system32\w32time.dll
08:13:24.0543 0x070c  W32Time - ok
08:13:24.0566 0x070c  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
08:13:24.0569 0x070c  WacomPen - ok
08:13:24.0607 0x070c  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\WINDOWS\system32\WalletService.dll
08:13:24.0633 0x070c  WalletService - ok
08:13:24.0654 0x070c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:13:24.0658 0x070c  wanarp - ok
08:13:24.0668 0x070c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:13:24.0672 0x070c  wanarpv6 - ok
08:13:24.0734 0x070c  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
08:13:24.0791 0x070c  wbengine - ok
08:13:24.0855 0x070c  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
08:13:24.0889 0x070c  WbioSrvc - ok
08:13:24.0942 0x070c  [ E9A0D466F6D8EC349DB526146618BCB6, CFD6F3F979E4366A68FBEC3BE90A42BF3D65403A987E80741A720C0622871F32 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
08:13:24.0965 0x070c  Wcmsvc - ok
08:13:24.0999 0x070c  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
08:13:25.0026 0x070c  wcncsvc - ok
08:13:25.0049 0x070c  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
08:13:25.0055 0x070c  WcsPlugInService - ok
08:13:25.0071 0x070c  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
08:13:25.0074 0x070c  WdBoot - ok
08:13:25.0109 0x070c  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
08:13:25.0137 0x070c  Wdf01000 - ok
08:13:25.0167 0x070c  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
08:13:25.0178 0x070c  WdFilter - ok
08:13:25.0196 0x070c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
08:13:25.0204 0x070c  WdiServiceHost - ok
08:13:25.0215 0x070c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
08:13:25.0223 0x070c  WdiSystemHost - ok
08:13:25.0263 0x070c  [ E70DDD8E2245CC67547B0861983912D8, 64C73B1496FFF1F6BB3D877CB5BE54DE35C303AE234B11FC90038DC4F73241D9 ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
08:13:25.0297 0x070c  wdiwifi - ok
08:13:25.0319 0x070c  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
08:13:25.0325 0x070c  WdNisDrv - ok
08:13:25.0357 0x070c  WdNisSvc - ok
08:13:25.0383 0x070c  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:13:25.0400 0x070c  WebClient - ok
08:13:25.0431 0x070c  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
08:13:25.0443 0x070c  Wecsvc - ok
08:13:25.0462 0x070c  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
08:13:25.0468 0x070c  WEPHOSTSVC - ok
08:13:25.0487 0x070c  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
08:13:25.0495 0x070c  wercplsupport - ok
08:13:25.0516 0x070c  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
08:13:25.0526 0x070c  WerSvc - ok
08:13:25.0562 0x070c  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
08:13:25.0569 0x070c  WFPLWFS - ok
08:13:25.0586 0x070c  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
08:13:25.0590 0x1f08  Object send P2P result: true
08:13:25.0590 0x1f08  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
08:13:25.0593 0x070c  WiaRpc - ok
08:13:25.0623 0x070c  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
08:13:25.0637 0x070c  WIMMount - ok
08:13:25.0643 0x070c  WinDefend - ok
08:13:25.0667 0x070c  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
08:13:25.0673 0x070c  WindowsTrustedRT - ok
08:13:25.0682 0x070c  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
08:13:25.0684 0x070c  WindowsTrustedRTProxy - ok
08:13:25.0745 0x070c  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
08:13:25.0780 0x070c  WinHttpAutoProxySvc - ok
08:13:25.0810 0x070c  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
08:13:25.0820 0x070c  WinMad - ok
08:13:25.0883 0x070c  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:13:25.0905 0x070c  Winmgmt - ok
08:13:26.0028 0x070c  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:13:26.0142 0x070c  WinRM - ok
08:13:26.0174 0x070c  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
08:13:26.0178 0x070c  WINUSB - ok
08:13:26.0196 0x070c  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
08:13:26.0200 0x070c  WinVerbs - ok
08:13:26.0320 0x070c  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
08:13:26.0413 0x070c  WlanSvc - ok
08:13:26.0564 0x070c  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
08:13:26.0649 0x070c  wlidsvc - ok
08:13:26.0673 0x070c  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
08:13:26.0675 0x070c  WmiAcpi - ok
08:13:26.0695 0x070c  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
08:13:26.0704 0x070c  wmiApSrv - ok
08:13:26.0732 0x070c  WMPNetworkSvc - ok
08:13:26.0746 0x070c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
08:13:26.0765 0x070c  Wof - ok
08:13:26.0867 0x070c  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
08:13:26.0951 0x070c  workfolderssvc - ok
08:13:26.0978 0x070c  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
08:13:26.0982 0x070c  wpcfltr - ok
08:13:27.0005 0x070c  [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
08:13:27.0013 0x070c  WPDBusEnum - ok
08:13:27.0031 0x070c  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
08:13:27.0034 0x070c  WpdUpFltr - ok
08:13:27.0055 0x070c  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
08:13:27.0062 0x070c  WpnService - ok
08:13:27.0084 0x070c  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:13:27.0086 0x070c  ws2ifsl - ok
08:13:27.0108 0x070c  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
08:13:27.0118 0x070c  wscsvc - ok
08:13:27.0134 0x070c  [ F517CB0182B1DA5C0E0FC6B548FF60CC, F09CA4172D611487F157973C808627F04B0CF0A71CE19D49280BFBEA4AE6027B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
08:13:27.0136 0x070c  WSDPrintDevice - ok
08:13:27.0145 0x070c  [ 3A3294E2E5CBFC51999180C06051DDE9, 2EEE0A5BEBB366E4C12245E8175685CF2173E260B482A8EEB7F8255BA43C6CE3 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
08:13:27.0148 0x070c  WSDScan - ok
08:13:27.0156 0x070c  WSearch - ok
08:13:27.0308 0x070c  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\WINDOWS\System32\WSService.dll
08:13:27.0444 0x070c  WSService - ok
08:13:27.0550 0x070c  [ 722FA682ED9EA8B85FA843A5C8F39E61, 47B09984582E55C22450A851FAF00EBEC76CD46149B19B199916255D553C6BF8 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
08:13:27.0644 0x070c  wuauserv - ok
08:13:27.0660 0x070c  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
08:13:27.0665 0x070c  WudfPf - ok
08:13:27.0679 0x070c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
08:13:27.0688 0x070c  WUDFRd - ok
08:13:27.0713 0x070c  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
08:13:27.0722 0x070c  wudfsvc - ok
08:13:27.0738 0x070c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
08:13:27.0745 0x070c  WUDFWpdFs - ok
08:13:27.0760 0x070c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
08:13:27.0767 0x070c  WUDFWpdMtp - ok
08:13:27.0841 0x070c  [ 417D1526811D9646A7E8779209F11361, 220FE28801474AB26579F2A37D792975D9AAD2384B420BCE52215B1389E08F91 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
08:13:27.0894 0x070c  WwanSvc - ok
08:13:27.0957 0x070c  [ 405A419F4CDAC3C18F91FEDBD146C0A8, 92A6539AE6FC1B140366A0F733FDB784CAFB2359C4E0E2DF80629FEEA2CBFC98 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
08:13:27.0991 0x070c  XblAuthManager - ok
08:13:28.0048 0x070c  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
08:13:28.0100 0x070c  XblGameSave - ok
08:13:28.0138 0x070c  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
08:13:28.0148 0x070c  xboxgip - ok
08:13:28.0217 0x070c  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
08:13:28.0245 0x1f08  Object send P2P result: true
08:13:28.0266 0x1f08  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
08:13:28.0266 0x070c  XboxNetApiSvc - ok
08:13:28.0290 0x070c  [ DBACD4E4FE191D0CE7C624ACA389535E, A706DA0A284398E80AEB6FBE1B5F6C3192C3F4D1C1B7533528D689D163374DDF ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
08:13:28.0293 0x070c  xinputhid - ok
08:13:28.0300 0x070c  ================ Scan global ===============================
08:13:28.0341 0x070c  [ D923EC03E24F7633DED3F2D46AD59A28, C635DB4483E24BE0188583E63B06D0F37BDE7AD944E4D0246A7D19CBC3EA3A6B ] C:\WINDOWS\system32\basesrv.dll
08:13:28.0363 0x070c  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
08:13:28.0386 0x070c  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
08:13:28.0435 0x070c  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
08:13:28.0460 0x070c  [ Global ] - ok
08:13:28.0461 0x070c  ================ Scan MBR ==================================
08:13:28.0489 0x070c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
08:13:28.0510 0x070c  \Device\Harddisk0\DR0 - ok
08:13:28.0538 0x070c  [ 4885AA33C0384681F11AE9EE5B4F707B ] \Device\Harddisk1\DR1
08:13:30.0918 0x1f08  Object send P2P result: true
08:13:30.0932 0x1f08  Object required for P2P: [ AD43141CE6D5074DA1D28B5BCD4E4507 ] RetailDemo
08:13:31.0780 0x070c  \Device\Harddisk1\DR1 - ok
08:13:31.0781 0x070c  ================ Scan VBR ==================================
08:13:31.0786 0x070c  [ C847BC38FFDF3FF043171853CD2EA81D ] \Device\Harddisk0\DR0\Partition1
08:13:31.0855 0x070c  \Device\Harddisk0\DR0\Partition1 - ok
08:13:31.0868 0x070c  [ 6AF94614391045721A21502E9142593D ] \Device\Harddisk0\DR0\Partition2
08:13:31.0922 0x070c  \Device\Harddisk0\DR0\Partition2 - ok
08:13:31.0936 0x070c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
08:13:31.0936 0x070c  \Device\Harddisk0\DR0\Partition3 - ok
08:13:31.0943 0x070c  [ 8BC3C7E7899D99BF80ACD16FAF473A82 ] \Device\Harddisk0\DR0\Partition4
08:13:32.0007 0x070c  \Device\Harddisk0\DR0\Partition4 - ok
08:13:32.0041 0x070c  [ 1E071A1802FA44C2542185D2E7B1D2B5 ] \Device\Harddisk0\DR0\Partition5
08:13:32.0056 0x070c  \Device\Harddisk0\DR0\Partition5 - ok
08:13:32.0062 0x070c  [ 7A54A231E34747082411EACEEFBB0B31 ] \Device\Harddisk1\DR1\Partition1
08:13:32.0082 0x070c  \Device\Harddisk1\DR1\Partition1 - ok
08:13:32.0083 0x070c  ================ Scan generic autorun ======================
08:13:32.0636 0x070c  [ F99A480B86098CA30EB8FDB7495ADCD7, C5C1C5F5DA4EC9A1CE822EE10C2394A8DE05B9E9E0415A47A1D46BDC3819F4F1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
08:13:33.0110 0x070c  RTHDVCPL - ok
08:13:33.0168 0x070c  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
08:13:33.0171 0x070c  HP Software Update - ok
08:13:33.0519 0x070c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
08:13:33.0599 0x1f08  Object send P2P result: true
08:13:33.0604 0x1f08  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
08:13:33.0801 0x070c  OneDriveSetup - ok
08:13:33.0819 0x24c8  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
08:13:34.0135 0x070c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
08:13:34.0359 0x070c  OneDriveSetup - ok
08:13:34.0470 0x070c  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
08:13:34.0478 0x070c  ISUSPM - ok
08:13:34.0599 0x070c  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\OneDrive.exe
08:13:34.0648 0x070c  OneDrive - ok
08:13:34.0699 0x070c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
08:13:34.0708 0x070c  Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 - ok
08:13:34.0733 0x070c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
08:13:34.0741 0x070c  Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1 - ok
08:13:34.0762 0x070c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
08:13:34.0771 0x070c  Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
08:13:34.0772 0x070c  Waiting for KSN requests completion. In queue: 159
08:13:35.0774 0x070c  Waiting for KSN requests completion. In queue: 159
08:13:36.0291 0x1f08  Object send P2P result: true
08:13:36.0490 0x24c8  Object send P2P result: true
08:13:36.0505 0x24c8  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
08:13:36.0774 0x070c  Waiting for KSN requests completion. In queue: 73
08:13:37.0770 0x0c20  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
08:13:37.0775 0x070c  Waiting for KSN requests completion. In queue: 67
08:13:38.0776 0x070c  Waiting for KSN requests completion. In queue: 67
08:13:39.0183 0x24c8  Object send P2P result: true
08:13:39.0777 0x070c  Waiting for KSN requests completion. In queue: 3
08:13:40.0434 0x0c20  Object send P2P result: true
08:13:40.0434 0x0c20  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
08:13:40.0777 0x070c  Waiting for KSN requests completion. In queue: 2
08:13:41.0778 0x070c  Waiting for KSN requests completion. In queue: 2
08:13:42.0779 0x070c  Waiting for KSN requests completion. In queue: 2
08:13:43.0095 0x0c20  Object send P2P result: true
08:13:43.0095 0x0c20  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
08:13:43.0780 0x070c  Waiting for KSN requests completion. In queue: 1
08:13:44.0780 0x070c  Waiting for KSN requests completion. In queue: 1
08:13:45.0751 0x0c20  Object send P2P result: true
08:13:45.0831 0x070c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
08:13:45.0833 0x070c  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51000 ( enabled : updated )
08:13:45.0837 0x070c  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51010 ( enabled )
08:13:48.0356 0x070c  ============================================================
08:13:48.0356 0x070c  Scan finished
08:13:48.0356 0x070c  ============================================================
08:13:48.0374 0x20bc  Detected object count: 0
08:13:48.0374 0x20bc  Actual detected object count: 0
08:13:56.0848 0x193c  Deinitialize success
 

 

Roguekiller log

 

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : smithfamily [Administrator]
Started from : C:\Users\smithfamily\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/28/2016 12:09:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c59f63fd-e55d-4c71-aa1c-327579a3955b} | DhcpNameServer : 172.26.38.1 172.26.38.2 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c59f63fd-e55d-4c71-aa1c-327579a3955b} | DhcpNameServer : 172.26.38.1 172.26.38.2 ([X][X])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows\SysWOW64:Win32App_1 -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-21M2NA0 +++++
--- User ---
[MBR] 180efc7b1840668b5eead9939b777b42
[BSP] c1c72f62863b5571d2bb04dc4239c8fa : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 936847 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1920360448 | Size: 16193 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate External Drive USB Device +++++
--- User ---
[MBR] 938f9c2d7f5c4770e0644da45793fbe8
[BSP] 168cbae8621541b896fb86a91d76c8b5 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 152625 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 29 March 2016 - 03:55 PM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system    Run FRST/FRST64 and press the Fix button just once and wait.  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.  When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

Edited by fireman4it, 29 March 2016 - 03:55 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 29 March 2016 - 08:45 PM

YAY! Thanks so much for helping me. :)

 

Here is the FRST64 log

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by smithfamily (2016-03-29 20:21:35) Run:2
Running from C:\Users\smithfamily\Downloads
Loaded Profiles: smithfamily (Available Profiles: smithfamily)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Closeprocesses:
2016-03-12 04:22 - 2015-10-30 17:03 - 00003400 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
HKU\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> DefaultScope {421510FD-B576-11E4-8299-F80F41B5EF73} URL =
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> {66E603D5-98AB-4658-B128-1D44D4734348} URL =
SearchScopes: HKU\S-1-5-21-454114346-3557102269-332868837-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\Program Files\Soluto\Soluto.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
EmptyTEMP:
C:\ProgramData\iWin
Task: {275E4A61-47E6-4AA6-A63D-AEA11410A638} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3120BC90-89F8-4122-AC04-49E5975C9026} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3975775F-3706-4E93-98D9-8C3BC0D5F05A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3AA98CE2-18C7-4DE8-8CA3-850D38F569B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3C0905AA-C649-4989-A6A9-684AFE077681} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DC9FA5B-10D2-4D03-AB1A-F0AC7B1D0A31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D3D5AA2-EED0-4F2D-8054-FE5B27C1C1AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6CEC2B14-7CDC-424A-A4C7-DB272E2E0358} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {71F6C013-83A0-49FC-A486-792432D59BAE} - System32\Tasks\SweetLabs App Platform => C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-03-10] (Pokki)
Task: {88158018-AA29-4D96-867A-8B3D8A135F44} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B151897D-5D74-46B0-847E-1F0DBF4543E9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B794F7E9-E7B4-4706-B82D-EB49CD09DAD7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
CMD: ipconfig /flushdns
2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
irewallRules: [{19694DFE-A2B6-4A82-B2A6-5E48C830D712}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{FD28BD6D-606E-4964-B2FB-C9BB9F6C185B}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{9E92A33C-45CA-4DDB-AFF1-996B21E1B197}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{991273EE-C174-461C-BEB9-7C8E3A5B486E}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{642F2296-0C07-4BCE-8CAB-113386F34A7E}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{25E29839-CCE7-4A6C-8854-BA19AAE82614}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{1EF0454C-A272-48DE-8795-FE6EC1096A4E}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{7A6AEDC8-B1EC-46BA-8981-F3BE1242B7BC}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:50DD4118 [374]

*****************

Processes closed successfully.
"C:\WINDOWS\System32\Tasks\SweetLabs App Platform" => not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path removed successfully
HKU\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66E603D5-98AB-4658-B128-1D44D4734348} => key not found.
HKCR\CLSID\{66E603D5-98AB-4658-B128-1D44D4734348} => key not found.
HKU\S-1-5-21-454114346-3557102269-332868837-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe" => not found.
"C:\Program Files\Soluto\Soluto.exe" => not found.
"C:\Program Files (x86)\iWin Games\iWinTrusted.exe" => not found.
"C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe" => not found.
"C:\Users\smithfamily\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe" => not found.
"C:\Program Files\Soluto\SolutoLauncherService.exe" => not found.
"C:\Program Files\Soluto\SolutoService.exe" => not found.
SolutoLauncherService => service not found.
"C:\ProgramData\iWin" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{275E4A61-47E6-4AA6-A63D-AEA11410A638} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3120BC90-89F8-4122-AC04-49E5975C9026} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3975775F-3706-4E93-98D9-8C3BC0D5F05A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AA98CE2-18C7-4DE8-8CA3-850D38F569B2} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0905AA-C649-4989-A6A9-684AFE077681} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DC9FA5B-10D2-4D03-AB1A-F0AC7B1D0A31} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3D5AA2-EED0-4F2D-8054-FE5B27C1C1AE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEC2B14-7CDC-424A-A4C7-DB272E2E0358} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71F6C013-83A0-49FC-A486-792432D59BAE} => key not found.
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88158018-AA29-4D96-867A-8B3D8A135F44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88158018-AA29-4D96-867A-8B3D8A135F44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B151897D-5D74-46B0-847E-1F0DBF4543E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B151897D-5D74-46B0-847E-1F0DBF4543E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B794F7E9-E7B4-4706-B82D-EB49CD09DAD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B794F7E9-E7B4-4706-B82D-EB49CD09DAD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Program Files\Soluto\PCGDllExportInspector.dll => moved successfully
C:\Program Files\Soluto\PCGDeviceScanLib.dll => moved successfully
irewallRules: [{19694DFE-A2B6-4A82-B2A6-5E48C830D712}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD28BD6D-606E-4964-B2FB-C9BB9F6C185B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E92A33C-45CA-4DDB-AFF1-996B21E1B197} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{991273EE-C174-461C-BEB9-7C8E3A5B486E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{642F2296-0C07-4BCE-8CAB-113386F34A7E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25E29839-CCE7-4A6C-8854-BA19AAE82614} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EF0454C-A272-48DE-8795-FE6EC1096A4E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A6AEDC8-B1EC-46BA-8981-F3BE1242B7BC} => value removed successfully
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":50DD4118" ADS removed successfully.
EmptyTemp: => 14.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:25:16 ====

 

 

and here is the adwCleaner Log

 

# AdwCleaner v5.107 - Logfile created 29/03/2016 at 20:37:40
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : smithfamily - JNK-PC
# Running from : C:\Users\smithfamily\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : iWinTrusted

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\iwin games
[-] Folder Deleted : C:\Program Files (x86)\iWin.com Games
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder Deleted : C:\Users\smithfamily\AppData\Local\SweetLabs App Platform

***** [ Files ] *****

[-] File Deleted : C:\Users\smithfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\smithfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\homepage-web.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\homepage-web.com
[-] Value Deleted : HKU\S-1-5-21-454114346-3557102269-332868837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3526 bytes] - [29/03/2016 20:37:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [3951 bytes] - [29/03/2016 20:33:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3672 bytes] ##########
 

 

 

I appreciate your help.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 30 March 2016 - 07:33 AM

ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 30 March 2016 - 10:10 AM

Thank you.

 

Scan log:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 3/30/2016 9:53:13 AM
User account: JNK-PC\smithfamily

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    3/30/2016 9:53:42 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)

Scanned    80931
Found    8

Scan end:    3/30/2016 10:06:01 AM
Scan time:    0:12:19

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     Setting.DisableTaskMgr (A)

Quarantined    4
 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 30 March 2016 - 10:16 AM

Please run Frst as you did the first time you ran it and post the new FRST.txt it produces.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 30 March 2016 - 10:22 AM

When I click to run FRST the addition.txt is not clicked this time. Should I check mark it too before running the scan?

Thanks



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 30 March 2016 - 10:58 AM

Yes, please click addtion.txt and post it also

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 30 March 2016 - 11:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by smithfamily (administrator) on JNK-PC (30-03-2016 11:37:57)
Running from C:\Users\smithfamily\Downloads
Loaded Profiles: smithfamily (Available Profiles: smithfamily)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13654744 2013-09-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\RunOnce: [Uninstall C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7d0a7f7-5876-4b87-b325-f7599b47dca3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Profiles\zhzbn8vd.default-1446481634122
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-454114346-3557102269-332868837-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\smithfamily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-23] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Profiles\zhzbn8vd.default-1446481634122\searchplugins\McSiteAdvisor.xml [2016-03-19]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R4 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-28] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 11:04 - 2016-03-30 11:14 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-03-30 10:07 - 2016-03-30 10:07 - 00000354 _____ C:\Users\smithfamily\Desktop\Scan_160330-100654.txt
2016-03-30 09:46 - 2016-03-30 10:19 - 00000000 ____D C:\EEK
2016-03-30 09:35 - 2016-03-30 09:45 - 223778408 _____ C:\Users\smithfamily\Desktop\EmsisoftEmergencyKit.exe
2016-03-29 20:43 - 2016-03-29 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-29 20:32 - 2016-03-29 20:37 - 00000000 ____D C:\AdwCleaner
2016-03-29 20:31 - 2016-03-29 20:32 - 03102208 _____ C:\Users\smithfamily\Downloads\AdwCleaner.exe
2016-03-29 20:19 - 2016-03-29 20:25 - 00012912 _____ C:\Users\smithfamily\Downloads\Fixlog.txt
2016-03-29 14:32 - 2016-03-29 14:32 - 00000000 ____D C:\Users\smithfamily\Documents\Trail of the Twister
2016-03-29 12:54 - 2016-03-30 11:04 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-03-29 12:26 - 2016-03-29 12:26 - 00001060 _____ C:\malewarebytes5.txt
2016-03-29 12:26 - 2016-03-29 12:26 - 00000804 _____ C:\malwarebytes4.txt
2016-03-29 12:25 - 2016-03-29 12:25 - 00004428 _____ C:\malwarebytes2.txt
2016-03-29 12:25 - 2016-03-29 12:25 - 00001059 _____ C:\malwarebytes3.txt
2016-03-29 12:25 - 2016-03-29 12:25 - 00000714 _____ C:\malewarebytes1.txt
2016-03-29 11:39 - 2016-03-29 11:41 - 00043994 _____ C:\Users\smithfamily\Downloads\Addition.txt
2016-03-29 11:37 - 2016-03-30 11:38 - 00018023 _____ C:\Users\smithfamily\Downloads\FRST.txt
2016-03-29 11:35 - 2016-03-30 11:37 - 00000000 ____D C:\FRST
2016-03-29 11:34 - 2016-03-29 11:34 - 02374144 _____ (Farbar) C:\Users\smithfamily\Downloads\FRST64.exe
2016-03-28 11:22 - 2016-03-28 11:22 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-28 11:21 - 2016-03-28 12:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-28 11:20 - 2016-03-28 11:20 - 19655240 _____ C:\Users\smithfamily\Downloads\RogueKiller.exe
2016-03-25 08:50 - 2016-03-25 08:50 - 00000000 ____H C:\Users\smithfamily\Documents\Default.rdp
2016-03-23 21:32 - 2016-03-23 21:34 - 00000000 ____D C:\Users\smithfamily\Documents\Nancydrewgames
2016-03-23 21:21 - 2016-03-23 21:22 - 00000000 ____D C:\Users\smithfamily\Documents\SG-Classes
2016-03-23 21:18 - 2016-03-23 21:18 - 00000000 ____D C:\Users\smithfamily\Downloads\PhotoArrangementReplayClass
2016-03-23 15:25 - 2016-03-23 13:42 - 00001102 _____ C:\WINDOWS\ntbtlog.txt
2016-03-23 15:23 - 2016-03-23 15:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-23 15:21 - 2016-03-23 15:21 - 00000000 ____D C:\WINDOWS\pss
2016-03-23 08:39 - 2016-03-23 15:26 - 00000000 ____D C:\NPE
2016-03-23 08:38 - 2016-03-29 12:33 - 00000000 ____D C:\Users\smithfamily\AppData\Local\NPE
2016-03-23 08:38 - 2016-03-23 08:38 - 03088296 _____ (Symantec Corporation) C:\Users\smithfamily\Downloads\NPE.exe
2016-03-22 09:17 - 2016-03-29 12:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 09:17 - 2016-03-22 09:17 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 09:17 - 2016-03-22 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 09:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 09:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 09:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 09:15 - 2016-03-22 09:16 - 22851472 _____ (Malwarebytes ) C:\Users\smithfamily\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-22 08:12 - 2016-03-22 08:13 - 00264038 _____ C:\TDSSKiller.3.1.0.9_22.03.2016_08.12.25_log.txt
2016-03-22 08:11 - 2016-03-22 08:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\smithfamily\Downloads\tdsskiller.exe
2016-03-21 23:11 - 2016-03-21 23:11 - 139756304 _____ (Microsoft Corporation) C:\Users\smithfamily\Downloads\msert.exe
2016-03-20 02:24 - 2016-03-20 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 16:36 - 2016-03-19 16:36 - 00000000 ____D C:\Users\smithfamily\Documents\BiblioplanForFamilies
2016-03-19 16:35 - 2016-03-25 08:58 - 00000000 ____D C:\Users\smithfamily\AppData\Local\ElevatedDiagnostics
2016-03-19 09:19 - 2016-03-22 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 08:07 - 2016-03-18 08:07 - 00591144 _____ ( ) C:\Users\smithfamily\Downloads\DocXViewerSetup1.2.exe
2016-03-18 08:07 - 2016-03-18 08:07 - 00000707 _____ C:\Users\Public\Desktop\DocX Viewer.lnk
2016-03-18 08:07 - 2016-03-18 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epingsoft
2016-03-18 08:07 - 2016-03-18 08:07 - 00000000 ____D C:\epingsoft
2016-03-09 08:14 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 08:14 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 08:14 - 2016-02-24 04:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 08:14 - 2016-02-24 04:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 08:14 - 2016-02-24 04:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 08:14 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 08:14 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 08:14 - 2016-02-24 04:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 08:14 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 08:14 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 08:14 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 08:14 - 2016-02-24 03:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 08:14 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 08:14 - 2016-02-24 03:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 08:14 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 08:14 - 2016-02-24 03:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 08:14 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 08:14 - 2016-02-24 03:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 08:14 - 2016-02-24 03:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 08:14 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 08:14 - 2016-02-24 03:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 08:14 - 2016-02-24 03:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 08:14 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 08:14 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 08:14 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 08:14 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 08:14 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 08:14 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 08:14 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 08:14 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 08:14 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 08:14 - 2016-02-24 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 08:14 - 2016-02-24 02:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 08:14 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 08:14 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 08:14 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 08:14 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 08:14 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 08:14 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 08:14 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 08:14 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 08:14 - 2016-02-24 01:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 08:14 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 08:14 - 2016-02-24 01:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 08:14 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 08:14 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 08:14 - 2016-02-24 01:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 08:14 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 08:14 - 2016-02-24 01:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 08:14 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 08:14 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 08:14 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 08:14 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 08:14 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 08:14 - 2016-02-24 01:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 08:14 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 08:14 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 08:14 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 08:14 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 08:14 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 08:14 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 08:14 - 2016-02-24 01:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 08:14 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 08:14 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 08:14 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 08:14 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 08:14 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 08:14 - 2016-02-24 01:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 08:14 - 2016-02-24 01:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 08:14 - 2016-02-24 01:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 08:14 - 2016-02-24 00:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 08:14 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 08:14 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 08:14 - 2016-02-24 00:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 08:14 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 08:14 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 08:14 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 08:14 - 2016-02-24 00:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 08:14 - 2016-02-24 00:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 08:14 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 08:14 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 08:14 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 08:14 - 2016-02-23 23:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 08:13 - 2016-02-24 04:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 08:13 - 2016-02-24 04:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 08:13 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 08:13 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 08:13 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 08:13 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 08:13 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 08:13 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 08:13 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 08:13 - 2016-02-24 02:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 08:13 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 08:13 - 2016-02-24 02:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 08:13 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 08:13 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 08:13 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 08:13 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 08:13 - 2016-02-24 02:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 08:13 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 08:13 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 08:13 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 08:13 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 08:13 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 08:13 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 08:13 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 08:13 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 08:13 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 08:13 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 08:13 - 2016-02-24 02:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 08:13 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 08:13 - 2016-02-24 02:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 08:13 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 08:13 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 08:13 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 08:13 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 08:13 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 08:13 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 08:13 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 08:13 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 08:13 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 08:13 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 08:13 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 08:13 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 08:13 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 08:13 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 08:13 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 08:13 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 08:13 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 08:13 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 08:13 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 08:13 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 08:13 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 08:13 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 08:13 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 08:13 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 08:13 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 08:13 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 08:13 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 08:13 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 08:13 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-05 14:38 - 2016-03-05 14:38 - 00002087 _____ C:\Users\Public\Desktop\Play The Deadly Device.lnk
2016-03-02 06:28 - 2016-03-02 06:28 - 25813732 _____ C:\Users\smithfamily\Downloads\KAagard_GnomeGarden.zip
2016-03-02 00:13 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 00:13 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 00:12 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 00:12 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 00:12 - 2016-02-23 06:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 00:12 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 00:12 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 00:12 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 00:12 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 00:12 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 00:12 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 00:12 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 00:12 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 00:12 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 00:12 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 00:12 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 00:12 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 00:12 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 00:12 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 00:12 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 00:12 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 00:12 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 00:12 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 00:12 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 00:12 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 00:12 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 00:12 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 00:12 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 00:12 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 00:12 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 00:12 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 00:12 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 00:12 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 00:12 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 00:12 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 00:12 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 00:12 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 00:12 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 00:12 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 00:12 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 00:12 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 00:12 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 00:12 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 00:12 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 00:12 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 00:12 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 00:12 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 00:12 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 00:12 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 00:12 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 00:12 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 00:12 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 00:12 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 00:12 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 00:12 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 00:12 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 00:12 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 00:12 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 00:12 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 00:12 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 00:12 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 00:12 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 00:12 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 00:12 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 00:12 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 00:12 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 00:12 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 00:12 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 00:12 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 00:12 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 00:12 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 00:12 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 00:12 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 00:12 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 00:12 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 00:12 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 00:12 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 00:12 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 00:12 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 00:12 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 00:12 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 00:12 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 00:12 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 00:12 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 00:12 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 00:12 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 00:12 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 00:12 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 00:12 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 00:12 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 00:12 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 00:12 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 00:12 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 00:12 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 00:12 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 00:12 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 00:12 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 00:11 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 00:11 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 00:11 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 00:11 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 00:11 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 00:11 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 00:11 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 00:11 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 00:11 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 00:11 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 00:11 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 00:11 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 00:11 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 00:11 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 00:11 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 00:11 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 00:11 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 00:11 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 00:11 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 00:11 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 00:11 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 00:11 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 00:11 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 00:11 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 00:11 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 00:11 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 00:11 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 00:11 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 00:11 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 00:11 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 00:11 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 00:11 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 00:11 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 00:11 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 00:11 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 00:11 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 00:11 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 00:11 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 00:11 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 00:11 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 00:11 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 00:11 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 00:11 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 00:11 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 00:11 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 00:11 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 00:11 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 00:11 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 00:11 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 00:11 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 00:11 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 00:11 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 00:11 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 00:11 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 00:11 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 00:11 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 00:11 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 00:11 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 00:11 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 11:22 - 2015-07-07 09:11 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-30 10:53 - 2014-04-26 18:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-30 09:15 - 2015-10-20 16:49 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DE234DC7-B1DB-4470-A481-73B0BE9678FD}
2016-03-29 20:47 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-29 20:47 - 2015-09-12 08:15 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-29 20:40 - 2015-12-17 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-29 20:40 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-29 20:40 - 2015-09-12 08:26 - 00000000 __SHD C:\Users\smithfamily\IntelGraphicsProfiles
2016-03-29 20:40 - 2015-07-07 09:11 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-29 20:29 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-29 20:21 - 2015-06-11 17:13 - 00000000 ____D C:\Users\smithfamily\AppData\LocalLow\Temp
2016-03-29 20:21 - 2014-02-26 19:56 - 00000000 ____D C:\Program Files\Soluto
2016-03-29 15:38 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-28 05:56 - 2014-04-26 17:09 - 00000000 ____D C:\Users\smithfamily\AppData\Roaming\Adobe
2016-03-25 10:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-25 09:47 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-25 08:14 - 2014-04-26 18:31 - 00001163 _____ C:\Users\smithfamily\Desktop\firefox.lnk
2016-03-24 08:53 - 2014-04-26 18:38 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-23 21:42 - 2015-09-17 07:47 - 00000000 ____D C:\Users\smithfamily\Documents\SG-SSCphotos
2016-03-23 21:37 - 2015-06-11 17:00 - 00000000 ____D C:\Users\smithfamily\Documents\Homeschool Resources
2016-03-23 09:14 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 08:38 - 2014-02-26 20:00 - 00000000 ____D C:\ProgramData\Norton
2016-03-22 09:42 - 2014-04-26 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-22 09:41 - 2015-12-17 04:36 - 00000000 ____D C:\Users\smithfamily
2016-03-20 02:24 - 2015-07-07 09:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-11 13:16 - 2015-09-12 08:33 - 00002421 _____ C:\Users\smithfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 13:16 - 2015-09-12 08:33 - 00000000 ___RD C:\Users\smithfamily\OneDrive
2016-03-10 03:34 - 2015-12-17 04:29 - 00308784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 03:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 11:36 - 2014-04-29 05:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 11:31 - 2014-04-29 05:04 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 02:12 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 02:12 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 14:38 - 2015-02-17 14:35 - 00001838 _____ C:\Users\Public\Desktop\Her Interactive.com.lnk
2016-03-05 14:22 - 2015-02-17 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive
2016-03-05 14:22 - 2015-02-17 14:29 - 00000000 ____D C:\Program Files (x86)\Her Interactive
2016-03-04 08:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-03 05:12 - 2014-04-26 17:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 03:32 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-03 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-03 03:32 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-03 03:32 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-29 10:24 - 2013-12-19 23:21 - 00000000 ____D C:\ProgramData\McAfee

==================== Files in the root of some directories =======

2014-05-01 12:07 - 2014-05-01 12:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-17 04:32 - 2015-12-17 04:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-26 17:22 - 2014-04-26 17:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\smithfamily\AppData\Local\Temp\libeay32.dll
C:\Users\smithfamily\AppData\Local\Temp\msvcr120.dll
C:\Users\smithfamily\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-27 07:36

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by smithfamily (2016-03-30 11:39:56)
Running from C:\Users\smithfamily\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-17 10:05:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-454114346-3557102269-332868837-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-454114346-3557102269-332868837-503 - Limited - Disabled)
Guest (S-1-5-21-454114346-3557102269-332868837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-454114346-3557102269-332868837-1003 - Limited - Enabled)
smithfamily (S-1-5-21-454114346-3557102269-332868837-1001 - Administrator - Enabled) => C:\Users\smithfamily

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1602 A.D. (HKLM-x32\...\1602 A.D.) (Version:  - )
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8102 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amelie's Cafe: Summer Time (HKLM-x32\...\Amelie's Cafe: Summer Time) (Version:  - Alawar Entertainment Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azada (remove only) (HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\Azada) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
Clue (HKLM-x32\...\Clue) (Version:  - )
Crop Busters (HKLM-x32\...\Crop Busters) (Version: 1.0 - Alawar Entertainment Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
DirectX Media Runtime 5.1 (HKLM-x32\...\DirectXMediaRuntime) (Version:  - )
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Setup (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.0.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm Frenzy (HKLM-x32\...\Farm Frenzy) (Version: 1.0 - Alawar Entertainment Inc.)
Farm Frenzy 2 (HKLM-x32\...\Farm Frenzy 2) (Version:  - Alawar Entertainment Inc.)
Farm Frenzy 3 (HKLM-x32\...\Farm Frenzy 3) (Version:  - Alawar Entertainment Inc.)
Fiona Finch and the Finest Flowers (HKLM-x32\...\Fiona Finch and the Finest Flowers) (Version:  - Alawar Entertainment Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Glyph 1.0 (HKLM-x32\...\Glyph) (Version: 1.0 - Merscom)
GoldRush (HKLM-x32\...\{C5C3BBD9-DA4B-4CC9-B885-A10518D7A98F}) (Version: 1.00.0000 - Phantom EFX)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{0213A0FE-2725-4A04-9A37-79502F64D7A9}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Island Farmer (HKLM-x32\...\Island Farmer) (Version:  - Alawar Entertainment Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.93 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Farm Life (HKLM-x32\...\My Farm Life) (Version: 1.0 - Alawar Entertainment Inc.)
MysticForest (HKLM-x32\...\{2AAFE1D7-9066-4183-B267-0398A3533E88}) (Version: 1.00.0000 - Phantom EFX)
Nancy Drew: Alibi in Ashes (HKLM-x32\...\{37CD3467-F747-4D95-BAD3-C8BD8B2CB1BD}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Danger by Design (HKLM-x32\...\{C3D82C0B-3592-4B03-A970-F84C081A8152}) (Version:  - )
Nancy Drew: Ghost of Thornton Hall (HKLM-x32\...\{93C2CDF6-6072-4EF7-8F19-B601E92C9795}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Labyrinth of Lies (HKLM-x32\...\{987269B1-DC45-4A1C-A51F-5020AB513C9B}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Last Train to Blue Moon Canyon (HKLM-x32\...\{EB7A3B64-1373-48AC-902E-F6643F074E3C}) (Version:  - )
Nancy Drew: Sea of Darkness (HKLM-x32\...\{241C6D36-570D-4616-B07F-E460AF6E59D2}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\{06874C62-EC70-4275-9F30-BD81969993A8}) (Version:  - )
Nancy Drew: Secret of the Old Clock (HKLM-x32\...\{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}) (Version:  - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\{10A10C6C-FF5E-40B2-A343-8D69E24167DF}) (Version: 1.0.0 - Her Interactive, Inc.)
Nancy Drew: The Curse of Blackmoor Manor (HKLM-x32\...\{9E38979C-FA65-476D-80C7-72F4EADE726C}) (Version:  - )
Nancy Drew: The Deadly Device (HKLM-x32\...\{BCD434CF-447A-42A8-A4C3-D929fE776EFD}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: The Silent Spy (HKLM-x32\...\{35B438BB-E18B-4FD9-8D56-50BA90C11A71}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Trail of the Twister (HKLM-x32\...\{0240CDAE-20F6-4381-A56E-BD2AE3B4B5D0}) (Version: 1.0.0 - Her Interactive, Inc.)
Nancy Drew: Warnings at Waverly Academy (HKLM-x32\...\{411DAD75-86F2-4C70-8666-EA14BE017690}) (Version: 1.0.0 - Her Interactive, Inc.)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NetZero For Cosmi (HKLM-x32\...\{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}) (Version: 1.0.0 - NetZero, Inc.)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Pirateville (remove only) (HKLM-x32\...\Pirateville) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Ranch Rush (HKLM-x32\...\Ranch Rush) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Risk II (HKLM-x32\...\{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}) (Version: 1.00.000 - )
Sandlot Games Client Services 1.2.2 (HKLM-x32\...\Sandlot Games Client Services 1.2.2_is1) (Version:  - Sandlot Games)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Sheep's Quest (HKLM-x32\...\Sheep's Quest) (Version:  - Alawar Entertainment Inc.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
The mystery of the mummy (HKLM-x32\...\{1FAB0A3A-88AB-44AC-9423-B71AD4491EEE}) (Version: 1.00.0000 - Frogwares)
Train Giant (HKLM-x32\...\{068D5B5F-10EB-4A12-9F37-41C8D2FD78A2}_is1) (Version: 2012 - UIG GmbH)
Treasure Masters, Inc. (HKLM-x32\...\Treasure Masters, Inc.) (Version:  - )
Treasures of the Far East (HKLM-x32\...\{D7E51D77-BB63-4B58-A9D4-AE3F933FF991}) (Version: 1.00.0000 - Phantom EFX)
Unity Web Player (HKU\S-1-5-21-454114346-3557102269-332868837-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VIVA MEDIA GAME CENTER (HKLM-x32\...\VIVAGplayer) (Version:  - )
Water Park Simulator (HKLM-x32\...\Water Park Simulator_is1) (Version:  - Contendo Media GmbH)
World of Goo (HKLM-x32\...\BFG-World of Goo) (Version:  - )
Zoo Giant version 1.0 (HKLM-x32\...\{00D0E307-F20B-4C9A-BC6B-C2F50F0074CF}_is1) (Version: 1.0 - Advanced Mobile Applications)
Zoo Tycoon Expanded (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-454114346-3557102269-332868837-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\smithfamily\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-454114346-3557102269-332868837-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0528AD46-BE07-4171-B111-F5A3BCB7175F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {09875172-8107-49D7-909D-9D3C840A78BE} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-11-07] (Acer Incorporated)
Task: {0D40661A-E6FA-4F32-804F-DAFD04E88CA3} - System32\Tasks\{9E9E7531-EED9-43C8-BB5A-7451BD17E98D} => pcalua.exe -a D:\SHAAuto.exe -d D:\
Task: {1C48B9B5-6C6F-4B58-A30F-63D21EFD8ADF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {1F0CE3DB-F5C2-4041-B6E6-960801746C7C} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-27] (Acer Incorporated)
Task: {556BE15B-EB25-448C-A81D-AC6E6B3856BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5D8A47DB-C9B6-4C95-A8D1-9B3E3B35644C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {760DF685-C384-403B-9800-2C4E08E5F872} - System32\Tasks\DropboxSetup => C:\Program Files (x86)\Dropbox\DropboxSetup\DropboxSetup.exe [2015-06-23] ()
Task: {95EF475F-E185-4C3D-8487-269D0F3BE709} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {98A0966A-C2EC-4BE8-B99C-FB91D832BA7F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {99B514F6-644A-4486-9F40-F6559088AB2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {C0171B34-47AF-4A24-8677-71BC52B268DF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {C4A62859-24B4-4AA8-93EC-5A3914010797} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {D57B7DFE-80E2-41E9-9678-4E46A4B6C9D3} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {D8246B84-B510-4C08-A405-376B64234647} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {E8C7D121-E508-4D19-B5BC-D67C4DDA5391} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {F06B5F8D-40C6-45DB-B33C-2F1C3EF39813} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {FA9F8E87-EFE4-4AEC-845A-0C5FE6A9F125} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FECBDE4F-403E-4DD8-A3E3-952AEE8D5C75} - System32\Tasks\McAfee\McAfee Idle Detection Task

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-03-20 09:36 - 2005-04-21 23:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2016-03-02 00:12 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 00:12 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 19:03 - 2016-01-21 19:03 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 11:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 00:12 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 19:39 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 19:39 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 01:58 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 01:58 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-28 17:31 - 2016-03-28 17:31 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-28 17:31 - 2016-03-28 17:31 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 02:13 - 2016-03-04 02:13 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-20 18:05 - 2016-01-20 18:05 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 03:56 - 2015-12-15 03:57 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-21 19:03 - 2016-01-21 19:03 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 19:03 - 2016-01-21 19:03 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-20 09:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-454114346-3557102269-332868837-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\smithfamily\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87FDAB94-1D81-4E2F-83CA-443EA52ACC65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C23CAD97-1351-4BD9-8798-EFD0159EB710}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F100328-2EF3-46B5-B330-A53C2433830C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F5F0C90D-AFD6-45AD-8B3D-044AE3BD45A5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{81ABF029-79EF-4EEB-8F21-47794ADB92E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E225FBDA-09E8-448B-945D-33B5D7521E53}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BFF1EABB-D5B3-49FC-92FE-E2C4CB78FC01}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C0C24E86-C1AE-409B-A975-9B68DC1F26E3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E6C8B65C-53E1-4237-BE7D-F5A334757682}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{78490168-0C95-4E3A-A56A-B4DA1A5D6F8A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{19694DFE-A2B6-4A82-B2A6-5E48C830D712}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{C004E020-1D50-48B6-987C-F377B74D423E}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{89874C63-28E0-49F4-A3BE-4CE06DAF1EF2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{854A8BAD-C9A7-4429-8F97-D2145B829F69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3BE22556-F568-40EB-8F48-DADEA9E986C3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{EA3973FF-89C2-49B6-9BDA-59A338B0C7DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{BF141781-B028-4A76-8785-07525E3CF991}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F47F4D0D-8975-4F2B-BC1E-97C0E3BB4F6D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6AEB0E82-5261-4532-B8EF-3A2AAD81628C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{91872CD1-9264-4814-9D51-92324B1B431C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5125DB34-7C35-497A-850B-97885E79D942}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0038704E-CB85-4FFE-B98C-0253F2C8DDF0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{63E0B2B6-9298-41DF-AE9A-B54E82F48DCD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{C286EF35-7819-47BD-BE7D-6B3004D58A00}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B03CE9AB-3CCD-4299-A2AE-2EDD689D2B04}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D7379806-3F5C-497B-B5FF-22A5D59543B6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{35A8B14C-40E8-4D33-964E-34CAA56A979D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2EA9D1FF-FDBA-48E0-A831-A570742B1EF2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{9D846EE0-D4F1-46CA-B962-5C11570C40BC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{01139CC1-36D6-4400-8152-7C52C96BDFD1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{31676ACD-D64C-49FC-900A-4E3F0C96535C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{F2E82D06-8841-4D67-B536-0C042E8676A7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{A2AD129D-096F-42FC-A312-E07F74528839}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{8F31F878-4F1B-4F32-9F3E-F9396C684881}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5DA1C2A4-E14C-4388-AE05-284972E69C8B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{560A275D-E476-4430-9951-1A41C89715F5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{498CCB73-A82B-4BBC-9F20-9B8D75FBB34A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{46623087-A860-42B0-93B8-F7860DD22CB7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{3AD77DEC-983F-457A-94DC-9FAD12D80756}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{BCB83603-CF69-4CE7-862D-579C82FC2741}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{438BBC92-3F82-43E3-9F6E-B70A08434C69}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3485581F-567A-4B90-9CB4-7B5481EFFCBE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{1D7511A8-82D5-4273-8355-32A2426E08E6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{406B665F-0846-46EA-95DF-26B479349CB8}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E155E06C-C167-4288-8F48-E21524156A7F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{11A9FDA1-D54C-42C4-A007-9089C1188E3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90D76B81-5CC2-4D8A-B79E-A7A901DC0EC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D0782D7-4683-45EF-B89A-59253F64BA21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EE0B162-66A9-425E-BD6D-E306E4FD51BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F658B06-73F2-45B3-A0BB-955C4410C61E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BDACE9B4-0EE2-4585-91F4-CF13F77BBC6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4FA0F56-143C-4014-B094-6222794C96AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A43BA86-E0E2-4287-9087-8FC4AA642C5D}] => (Allow) LPort=54925
FirewallRules: [{AE50529E-B64A-4D2E-8D2A-1681673AF0C4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

18-03-2016 08:45:10 Scheduled Checkpoint
23-03-2016 09:11:19 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2016 08:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 5.3.2016.1, time stamp: 0x56daf4cd
Faulting module name: FRST64.exe, version: 5.3.2016.1, time stamp: 0x56daf4cd
Exception code: 0xc0000005
Fault offset: 0x0000000000026519
Faulting process id: 0x1ff0
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

Error: (03/29/2016 03:38:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JNK-PC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/28/2016 12:51:11 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/28 12:51:11.000]: [00001732]: Initialize TwdsMain Class failed!

Error: (03/28/2016 12:51:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/28 12:51:10.999]: [00001732]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/28/2016 06:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000002
Fault offset: 0x0000000000071f28
Faulting process id: 0x1f4
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5

Error: (03/28/2016 04:54:35 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/28 04:54:35.424]: [00002848]: Initialize TwdsMain Class failed!

Error: (03/28/2016 04:54:35 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/28 04:54:35.424]: [00002848]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/25/2016 11:45:19 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/25 11:45:19.725]: [00006076]: Initialize TwdsMain Class failed!

Error: (03/25/2016 11:45:19 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/25 11:45:19.724]: [00006076]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/25/2016 11:44:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/03/25 11:44:51.081]: [00000932]: Initialize TwdsMain Class failed!


System errors:
=============
Error: (03/30/2016 10:38:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (03/30/2016 08:15:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (03/29/2016 08:40:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SolutoService service failed to start due to the following error:
%%2

Error: (03/29/2016 08:39:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_449f7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/29/2016 08:39:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/29/2016 08:38:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/29/2016 08:37:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/29/2016 08:37:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/29/2016 08:37:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/29/2016 08:37:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-03-23 11:16:00.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 14:49:02.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 04:55:52.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-10 02:35:34.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 02:36:32.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 05:23:35.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 04:39:30.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 03:35:34.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 04:08:23.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-28 04:30:04.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU J1900 @ 1.99GHz
Percentage of memory in use: 44%
Total physical RAM: 3984.12 MB
Available physical RAM: 2191.69 MB
Total Virtual: 4688.12 MB
Available Virtual: 2607.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.89 GB) (Free:812.04 GB) NTFS
Drive e: (SEA_DISC) (Fixed) (Total:149.01 GB) (Free:61.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E140490F)

Partition: GPT.

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0000141F)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)

==================== End of Addition.txt ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 30 March 2016 - 11:55 AM

1.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



2.
Please run AdwCleaner and MalwareBytes again and post their logs.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 30 March 2016 - 12:37 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by smithfamily (2016-03-30 12:11:04) Run:3
Running from C:\Users\smithfamily\Downloads
Loaded Profiles: smithfamily (Available Profiles: smithfamily)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S2 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
emptytemp:
FirewallRules: [{19694DFE-A2B6-4A82-B2A6-5E48C830D712}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{C004E020-1D50-48B6-987C-F377B74D423E}] => (Allow) C:\Program Files\Soluto\Soluto.exe

*****************

SolutoService => service removed successfully
cpuz136 => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19694DFE-A2B6-4A82-B2A6-5E48C830D712} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C004E020-1D50-48B6-987C-F377B74D423E} => value removed successfully
EmptyTemp: => 257.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:11:24 ====

 

# AdwCleaner v5.107 - Logfile created 30/03/2016 at 12:18:04
# Updated 28/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : smithfamily - JNK-PC
# Running from : C:\Users\smithfamily\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3759 bytes] - [29/03/2016 20:37:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [3951 bytes] - [29/03/2016 20:33:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [750 bytes] - [30/03/2016 12:18:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [822 bytes] ##########
 

 

I ran the quick scan with Malwarebytes. If I need to run the full scan or enable it to scan for rootkits, just let me know. Thanks again for all your help!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2016
Scan Time: 12:22 PM
Logfile: malwarebytes6.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.30.07
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: smithfamily

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395727
Time Elapsed: 10 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 30 March 2016 - 01:07 PM

It Appears That Your Pc Is Now Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 jksmith

jksmith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 30 March 2016 - 01:31 PM

YAY!! YOU ARE AWESOME!! Thank you so much. This has pretty much consumed my life for the past week and a half! I was so frustrated and helpless not knowing how to correct the situation.

And if in fact I even had a virus on my computer. We had no symptoms, the only symptom was the redirect to fake flash player. Cox wouldn't tell me much, and they refused to give me an external ip address or port number for what site triggered the warning from them. That information may have helped me to pinpoint to a certain device since we each do very different things on our devices. So can you please tell me, did I have any evidence of having the Alureon/TDSS virus or was it just other malware/spyware?

 

And would you please help me to make sure that my daughters laptop is safe from malware also? I can run the farbar on it and post the logs if you are willing to help.

Can you also answer a couple of questions for me... I've been doing endless research since we received that email from cox. In all my internet searches and reading as much as I could, I wasn't able to find an answer. And I need to know if I should be worried about possible infections on the android tablets and or iphones traveling over the network to re-infect my pc? We will not be directly plugging our tablets or phones into our computers but I just need to know if a virus/malware could possibly travel over the network?

 

Thanks again! And thanks for the tips on how to remain safe.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users