Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER showing rootkit infection.


  • This topic is locked This topic is locked
9 replies to this topic

#1 RichardPacino

RichardPacino

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 23 August 2016 - 03:30 PM

Hello everybody,

 

I would really appreciate if somebody could help me out. I have a new laptop about a month old. I practice a very safe surfing habits. I installed a variety of security scanning tools. I have AVAST free in aggressive mode, MBAE, EMET and Sandboxie installed. I haven't gone to any unsafe websites. Although I know that GMER should be run only for specific reasons I ran it just being curious. Sure enough it found quite a few rootkits. No other scanner such as Malwarebytes Antirootkit or TDSS killer found anything. I wonder if this is false positive or I actually caught something.

 

Thank you for your help.

 

 

 

Here is the GMER log:

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-21 13:03:36
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 ST1000LM024_HN-M101MBB rev.2BA30001 931.51GB
Running: 9736y1e5.exe; Driver: C:\Users\Richard\AppData\Local\Temp\kgwdrkog.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [8048:2724]                                                                                           ffffaf87ddd96c20
 
---- Services - GMER 2.2 ----
 
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [AUTO] CDPUserSvc_50ba6                                           <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] MessagingService_50ba6                                   <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [AUTO] OneSyncSvc_50ba6                                           <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] PimIndexMaintenanceSvc_50ba6                             <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] UnistoreSvc_50ba6                                        <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] UserDataSvc_50ba6                                        <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] WpnUserService_50ba6                                     <-- ROOTKIT !!!
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Diagnostics\Performance@ActiveShutdownDCL                                                     C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC38540_00_07DE_F0^456F72F7F65F5955ED38CD32431817DF@Timestamp  0xD0 0x05 0xF9 0x12 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                   573411524
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                3975
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                              2622
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime                                                         14969
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime                                                       939
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime                                                           1769
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp                                                 5014
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime                                                   579
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime                                                          354
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime                                                     807
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp                                        5948
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime                                                            361
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime                                                    405
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime                                                           53
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime                                                      10
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp                                             6783
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp                                        6889
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp                                               13565
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime                                            6864
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState                                            14929
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime                                                      6390
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime                                                           164
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime                                                      13341
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime                                               5758
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime                                                    58
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime                                            23
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime                                                        1298
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime                                                     80
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed                                                    449995
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten                                                      0x81 0x48 0x02 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed                                                      58619
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten                                                        0xED 0x4A 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate                                                          107
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate                                                       28
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate                                                          109
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate                                                    82
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime                                                       228
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime                                                     25
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime                                                      291
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime                                                    32
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime                                                   588
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime                                                          205
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime                                                 6737
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp                                                 0x97 0x25 0xF4 0x06 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName                                                              Global\MMF_BITS37d4d6c4-4fb8-4b24-8409-90c455e9d27b
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\48e244c483fc                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@Type                                                                        224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@Start                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@ErrorControl                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@DisplayName                                                                 CDPUserSvc_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6@Description                                                                 @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6\Security                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6\Security@Security                                                           0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_50ba6                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\e0-91-f5-6d-d8-08@ClientLocalPort                              57979
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\e0-91-f5-6d-d8-08@AddressCreationTimestamp                     0xD4 0x77 0xCA 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\e0-91-f5-6d-d8-08@NatDetectionTimestamp                        0x64 0x4C 0xC9 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\e0-91-f5-6d-d8-08@TeredoAddress                                2001:0:5ef5:79fd:1452:1d84:9c38:ace7
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@Type                                                                  224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@Start                                                                 3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@ErrorControl                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@ImagePath                                                             C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@DisplayName                                                           MessagingService_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@FailureActions                                                        0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6@Description                                                           @%SystemRoot%\system32\MessagingService.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\Security                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\Security@Security                                                     0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0@Type                                                    7
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0@Action                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0@Guid                                                    0x16 0x28 0x7A 0x2D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0@Data0                                                   0x75 0x18 0xBC 0xA3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6\TriggerInfo\0@DataType0                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_50ba6                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@Type                                                                        224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@Start                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@ErrorControl                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@DisplayName                                                                 Sync Host_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6@Description                                                                 @%SystemRoot%\system32\APHostRes.dll,-10001
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6\Security                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6\Security@Security                                                           0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_50ba6                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@Type                                                            224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@Start                                                           3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@ErrorControl                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@ImagePath                                                       C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@DisplayName                                                     Contact Data_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@FailureActions                                                  0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6@Description                                                     @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6\Security                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6\Security@Security                                               0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_50ba6                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                     ?Sun?, ?Aug ?21 ?16, 10:54:24 AM??:????????????????????????????
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                     1928
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                    32
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                227
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6433d767-5ea8-4804-b21a-b7aac7c729d7}@LeaseObtainedTime         1471800833
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6433d767-5ea8-4804-b21a-b7aac7c729d7}@T1                        1471844033
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6433d767-5ea8-4804-b21a-b7aac7c729d7}@T2                        1471876433
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6433d767-5ea8-4804-b21a-b7aac7c729d7}@LeaseTerminatesTime       1471887233
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@Type                                                                       224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@Start                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@ErrorControl                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@ImagePath                                                                  C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@DisplayName                                                                User Data Storage_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6\Security                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_50ba6                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@Type                                                                       224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@Start                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@ErrorControl                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@ImagePath                                                                  C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@DisplayName                                                                User Data Access_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6\Security                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_50ba6                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                 0x71 0x08 0x62 0x0B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                      0x71 0x70 0x26 0x6D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                       0x71 0xA0 0x9D 0xA9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@Type                                                                    224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@Start                                                                   3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@ErrorControl                                                            0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@ImagePath                                                               C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@DisplayName                                                             Windows Push Notifications User Service_50ba6
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@FailureActions                                                          0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6@Description                                                             @%SystemRoot%\system32\WpnUserService.dll,-2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6\Security                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6\Security@Security                                                       0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_50ba6                                                                         
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                  0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                              0x64 0x62 0x03 0x00 ...
 
---- Disk sectors - GMER 2.2 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                               unknown MBR code
 
---- EOF - GMER 2.2 ----
 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 26 August 2016 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

#3 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 26 August 2016 - 12:28 PM

Hello Nasdaq,

 

Thank you for your time. I really appreciate it.

 

 

 

RogueKiller V12.5.1.0 (x64) [Aug 22 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Richard [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/26/2016 09:33:04 (Duration : 00:23:16)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3155308761-3230256961-1135891752-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3155308761-3230256961-1135891752-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3155308761-3230256961-1135891752-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3155308761-3230256961-1135891752-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 8775de5261114dd3df75b4666856349f
[BSP] d3bc722b64ab5e8416a756a29ddc7d1e : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 931433 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1908373504 | Size: 829 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1910071296 | Size: 21214 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Richard (administrator) on DESKTOP-LGVE44F (26-08-2016 10:07:56)
Running from C:\Users\Richard\Desktop
Loaded Profiles: Richard (Available Profiles: Richard & Visitor & RBC)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4263544 2016-06-24] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2306896 2016-08-19] (VoodooSoft, LLC )
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-24] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HostsMan] => C:\Program Files (x86)\HostsMan\hm.exe [8161280 2015-11-20] (abelhadigital.com)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3155308761-3230256961-1135891752-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [798864 2016-08-09] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-24] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk [2016-08-19]
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Richard\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6433d767-5ea8-4804-b21a-b7aac7c729d7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c70e8313-288c-4a06-be90-1a164ac8d6b0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3155308761-3230256961-1135891752-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM-x32 -> {1377BF5B-7100-413F-BCFA-80170BF94AB6} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3155308761-3230256961-1135891752-1001 -> {1377BF5B-7100-413F-BCFA-80170BF94AB6} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hs669nqe.default
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-08-02] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-30]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-30]
CHR Extension: (uBlock Origin) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-21]
CHR Extension: (HTTPS Everywhere) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-08-01]
CHR Extension: (Disconnect) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30]
CHR Extension: (ScriptSafe) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-08-22]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-21]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-06] () [File not signed]
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-07-06] (Advanced Micro Devices) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-24] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2269440 2015-07-10] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-07-28] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-08-09] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268912 2016-06-24] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-07-14] (Advanced Micro Devices, Inc.)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [105296 2016-08-19] (VoodooSoft, LLC )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [18968 2015-07-14] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-07-14] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-07-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-07-14] (Advanced Micro Devices, Inc. )
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-24] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-14] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\DRIVERS\bcbtums.sys [186152 2015-12-18] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7551240 2016-01-30] (Broadcom Corporation)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-08-26] (Sysinternals - www.sysinternals.com)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-09] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205456 2016-08-09] (Sandboxie Holdings, LLC)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [76408 2016-06-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [79984 2016-06-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-26] ()
R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-26 10:07 - 2016-08-26 10:08 - 00021329 _____ C:\Users\Richard\Desktop\FRST.txt
2016-08-26 10:07 - 2016-08-26 10:07 - 00000000 ____D C:\FRST
2016-08-26 10:06 - 2016-08-26 10:06 - 02396160 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2016-08-26 10:00 - 2016-08-26 10:00 - 00006414 _____ C:\Users\Richard\Desktop\ReportRogue.txt
2016-08-26 09:33 - 2016-08-26 09:33 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-26 09:32 - 2016-08-26 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-26 09:32 - 2016-08-26 09:32 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-26 09:31 - 2016-08-26 09:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-26 02:11 - 2016-08-26 10:07 - 00000000 ____D C:\ProgramData\VoodooShield
2016-08-26 02:11 - 2016-08-26 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-08-26 02:11 - 2016-08-26 02:11 - 00000000 ____D C:\Program Files\VoodooShield
2016-08-26 02:11 - 2016-08-18 18:17 - 00029808 _____ (VoodooSoft, LLC) C:\WINDOWS\system32\Drivers\vsscanner.sys
2016-08-26 01:54 - 2016-08-26 01:54 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-08-26 00:29 - 2016-08-26 00:33 - 00000000 ____D C:\Users\Richard\SecurityScans
2016-08-26 00:28 - 2016-08-26 00:28 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2016-08-26 00:28 - 2016-08-26 00:28 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2016-08-26 00:09 - 2016-08-26 00:10 - 00191040 _____ C:\Users\Richard\Desktop\WinSecurity.diagcab
2016-08-25 22:58 - 2016-08-26 09:33 - 00027690 _____ C:\WINDOWS\ntbtlog.txt
2016-08-25 22:33 - 2016-08-25 22:33 - 00001596 _____ C:\Users\Richard\Desktop\aswMBR.txt
2016-08-25 22:33 - 2016-08-25 22:33 - 00000512 _____ C:\Users\Richard\Desktop\MBR.dat
2016-08-25 21:39 - 2016-08-25 21:39 - 00006726 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_21.39.21_log.txt
2016-08-25 21:33 - 2016-08-25 21:38 - 00783742 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_21.33.52_log.txt
2016-08-25 21:31 - 2016-08-25 21:31 - 00006770 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_21.31.01_log.txt
2016-08-25 20:26 - 2016-08-25 20:26 - 00001351 _____ C:\Users\Richard\Desktop\AdwCleaner[C2].txt
2016-08-25 12:16 - 2016-08-25 12:17 - 00003694 _____ C:\Users\Richard\Desktop\Rkill.txt
2016-08-25 10:45 - 2016-08-26 01:24 - 00002248 _____ C:\WINDOWS\Sandboxie.ini
2016-08-25 10:45 - 2016-08-25 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-08-25 10:45 - 2016-08-25 10:45 - 00000000 ____D C:\Program Files\Sandboxie
2016-08-25 10:44 - 2016-08-25 10:45 - 05482512 _____ (Sandboxie Holdings, LLC) C:\Users\Richard\Downloads\SandboxieInstall64-513-5.exe
2016-08-24 13:36 - 2016-08-05 21:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 13:36 - 2016-08-05 21:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 13:36 - 2016-08-05 21:30 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-08-24 13:36 - 2016-08-05 21:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 13:36 - 2016-08-05 21:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 13:36 - 2016-08-05 21:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 13:36 - 2016-08-05 21:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 13:36 - 2016-08-05 21:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 13:36 - 2016-08-05 20:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 13:36 - 2016-08-05 20:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 13:36 - 2016-08-05 20:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 13:36 - 2016-08-05 20:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 13:36 - 2016-08-05 20:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 13:36 - 2016-08-05 20:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 13:36 - 2016-08-05 20:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 13:36 - 2016-08-05 20:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 13:36 - 2016-08-05 20:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 13:36 - 2016-08-05 20:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 13:36 - 2016-08-05 20:35 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-08-24 13:36 - 2016-08-05 20:33 - 01304576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-08-24 13:36 - 2016-08-05 20:33 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-08-24 13:36 - 2016-08-05 20:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 13:36 - 2016-08-05 20:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 13:36 - 2016-08-05 20:24 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-24 13:36 - 2016-08-05 20:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 13:36 - 2016-08-05 20:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 13:36 - 2016-08-05 02:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 13:36 - 2016-08-05 02:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 13:36 - 2016-08-05 02:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 13:36 - 2016-08-05 02:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 13:36 - 2016-08-05 01:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 13:36 - 2016-08-05 01:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 13:36 - 2016-08-05 01:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 13:36 - 2016-08-05 01:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 13:35 - 2016-08-05 21:32 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-08-24 13:35 - 2016-08-05 21:32 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-08-24 13:35 - 2016-08-05 21:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 13:35 - 2016-08-05 21:30 - 07814496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-24 13:35 - 2016-08-05 21:30 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-08-24 13:35 - 2016-08-05 21:30 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-08-24 13:35 - 2016-08-05 21:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 13:35 - 2016-08-05 21:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 13:35 - 2016-08-05 21:26 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-08-24 13:35 - 2016-08-05 21:24 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-08-24 13:35 - 2016-08-05 21:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 13:35 - 2016-08-05 21:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 13:35 - 2016-08-05 21:18 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-08-24 13:35 - 2016-08-05 21:18 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-24 13:35 - 2016-08-05 21:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 13:35 - 2016-08-05 21:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 13:35 - 2016-08-05 21:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 13:35 - 2016-08-05 21:16 - 01099104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-08-24 13:35 - 2016-08-05 21:16 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-08-24 13:35 - 2016-08-05 21:16 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-08-24 13:35 - 2016-08-05 21:16 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-08-24 13:35 - 2016-08-05 21:16 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-08-24 13:35 - 2016-08-05 21:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-24 13:35 - 2016-08-05 21:16 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-08-24 13:35 - 2016-08-05 21:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 13:35 - 2016-08-05 21:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 13:35 - 2016-08-05 21:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 13:35 - 2016-08-05 21:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 02537816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-08-24 13:35 - 2016-08-05 21:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 13:35 - 2016-08-05 21:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 13:35 - 2016-08-05 21:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 13:35 - 2016-08-05 21:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 13:35 - 2016-08-05 21:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 13:35 - 2016-08-05 21:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 13:35 - 2016-08-05 20:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-24 13:35 - 2016-08-05 20:49 - 22570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-24 13:35 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-24 13:35 - 2016-08-05 20:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 13:35 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 13:35 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-24 13:35 - 2016-08-05 20:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-24 13:35 - 2016-08-05 20:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 13:35 - 2016-08-05 20:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 13:35 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 13:35 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 13:35 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 13:35 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 13:35 - 2016-08-05 20:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 13:35 - 2016-08-05 20:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 13:35 - 2016-08-05 20:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 13:35 - 2016-08-05 20:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 13:35 - 2016-08-05 20:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 13:35 - 2016-08-05 20:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 13:35 - 2016-08-05 20:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 13:35 - 2016-08-05 20:44 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-08-24 13:35 - 2016-08-05 20:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 13:35 - 2016-08-05 20:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 13:35 - 2016-08-05 20:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 13:35 - 2016-08-05 20:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 13:35 - 2016-08-05 20:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 13:35 - 2016-08-05 20:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-08-24 13:35 - 2016-08-05 20:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 13:35 - 2016-08-05 20:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 13:35 - 2016-08-05 20:42 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-08-24 13:35 - 2016-08-05 20:42 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-08-24 13:35 - 2016-08-05 20:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 13:35 - 2016-08-05 20:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 13:35 - 2016-08-05 20:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 13:35 - 2016-08-05 20:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 13:35 - 2016-08-05 20:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-08-24 13:35 - 2016-08-05 20:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 13:35 - 2016-08-05 20:40 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-08-24 13:35 - 2016-08-05 20:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 13:35 - 2016-08-05 20:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 13:35 - 2016-08-05 20:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 13:35 - 2016-08-05 20:39 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-24 13:35 - 2016-08-05 20:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 13:35 - 2016-08-05 20:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 13:35 - 2016-08-05 20:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 13:35 - 2016-08-05 20:38 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-24 13:35 - 2016-08-05 20:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 13:35 - 2016-08-05 20:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 13:35 - 2016-08-05 20:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-24 13:35 - 2016-08-05 20:36 - 19422720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-24 13:35 - 2016-08-05 20:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 13:35 - 2016-08-05 20:35 - 09127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-24 13:35 - 2016-08-05 20:35 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-24 13:35 - 2016-08-05 20:34 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-24 13:35 - 2016-08-05 20:34 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-08-24 13:35 - 2016-08-05 20:34 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-08-24 13:35 - 2016-08-05 20:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-08-24 13:35 - 2016-08-05 20:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-08-24 13:35 - 2016-08-05 20:33 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-24 13:35 - 2016-08-05 20:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 13:35 - 2016-08-05 20:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-08-24 13:35 - 2016-08-05 20:32 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 02710528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 13:35 - 2016-08-05 20:31 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-08-24 13:35 - 2016-08-05 20:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 13:35 - 2016-08-05 20:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 13:35 - 2016-08-05 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 13:35 - 2016-08-05 20:30 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 13:35 - 2016-08-05 20:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 13:35 - 2016-08-05 20:28 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-08-24 13:35 - 2016-08-05 20:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 13:35 - 2016-08-05 20:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 13:35 - 2016-08-05 20:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 13:35 - 2016-08-05 20:27 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-08-24 13:35 - 2016-08-05 20:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-08-24 13:35 - 2016-08-05 20:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 13:35 - 2016-08-05 20:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 13:35 - 2016-08-05 20:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 13:35 - 2016-08-05 20:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 13:35 - 2016-08-05 20:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 13:35 - 2016-08-05 20:24 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-24 13:35 - 2016-08-05 20:24 - 02314752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-24 13:35 - 2016-08-05 20:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 13:35 - 2016-08-05 20:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 13:35 - 2016-08-05 20:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 13:35 - 2016-08-05 20:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 13:35 - 2016-08-05 20:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-24 13:35 - 2016-08-05 20:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 13:35 - 2016-08-05 20:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 13:35 - 2016-08-05 01:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-08-24 13:35 - 2016-08-05 01:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-08-24 13:35 - 2016-08-05 01:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 13:35 - 2016-08-05 01:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 13:35 - 2016-08-05 01:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 13:35 - 2016-08-05 01:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-24 13:35 - 2016-08-05 01:07 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-08-24 13:35 - 2016-08-05 01:07 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-08-24 13:10 - 2016-08-24 13:10 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-24 13:10 - 2016-08-24 13:10 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-23 12:19 - 2016-08-23 12:19 - 00003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 12:55 - 2016-08-22 12:55 - 00000102 _____ C:\Users\Richard\Desktop\PANDA.txt
2016-08-22 10:20 - 2016-08-22 10:20 - 00000000 ____D C:\ProgramData\Emsisoft
2016-08-22 09:11 - 2016-08-22 09:16 - 01432804 _____ C:\TDSSKiller.3.1.0.11_22.08.2016_09.11.29_log.txt
2016-08-22 09:09 - 2016-08-22 09:09 - 00006768 _____ C:\TDSSKiller.3.1.0.11_22.08.2016_09.09.00_log.txt
2016-08-21 23:40 - 2016-08-21 23:40 - 00342900 _____ C:\WINDOWS\Minidump\082116-32562-01.dmp
2016-08-21 23:40 - 2016-08-21 23:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-21 14:09 - 2016-08-21 14:09 - 00000684 _____ C:\Users\Richard\Desktop\SANDBOXIE.txt
2016-08-21 13:56 - 2016-08-21 13:56 - 00006602 _____ C:\TDSSKiller.3.1.0.11_21.08.2016_13.56.15_log.txt
2016-08-21 13:39 - 2016-08-21 13:39 - 00000089 _____ C:\Users\Richard\Desktop\GMER contact.txt
2016-08-21 13:04 - 2016-08-21 13:04 - 00025683 _____ C:\Users\Richard\Desktop\GMER results.txt
2016-08-21 12:24 - 2016-08-22 08:54 - 00380928 _____ C:\Users\Richard\Downloads\9736y1e5.exe
2016-08-21 11:13 - 2016-08-26 09:59 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-08-21 11:13 - 2016-08-21 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-08-21 11:05 - 2016-08-21 11:09 - 277059872 _____ (Emsisoft Ltd. ) C:\Users\Richard\Downloads\EmsisoftAntiMalwareSetup.exe
2016-08-21 09:24 - 2016-08-21 09:25 - 00000560 _____ C:\TDSSKiller.3.1.0.9_21.08.2016_09.24.53_log.txt
2016-08-21 09:23 - 2016-08-21 09:24 - 00006602 _____ C:\TDSSKiller.3.1.0.11_21.08.2016_09.23.49_log.txt
2016-08-21 09:22 - 2016-08-21 09:23 - 00006290 _____ C:\TDSSKiller.3.1.0.9_21.08.2016_09.22.55_log.txt
2016-08-21 09:21 - 2016-08-21 09:22 - 00006602 _____ C:\TDSSKiller.3.1.0.11_21.08.2016_09.21.50_log.txt
2016-08-21 09:20 - 2016-08-21 09:21 - 00006290 _____ C:\TDSSKiller.3.1.0.9_21.08.2016_09.20.58_log.txt
2016-08-21 09:10 - 2016-08-21 09:13 - 00000000 ____D C:\Users\RBC\AppData\Local\CrashDumps
2016-08-20 13:36 - 2016-08-20 13:36 - 00001734 _____ C:\Users\RBC\Desktop\Crystal Security - Shortcut.lnk
2016-08-20 13:35 - 2016-08-25 08:27 - 00001242 _____ C:\Users\Richard\Desktop\Crystal Security.exe - Shortcut.lnk
2016-08-20 13:34 - 2016-08-22 09:32 - 00001716 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\Crystal Security.exe - Shortcut.lnk
2016-08-20 09:00 - 2016-08-20 09:00 - 00006602 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_09.00.00_log.txt
2016-08-20 01:48 - 2016-08-20 01:48 - 00006602 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_01.48.28_log.txt
2016-08-20 01:45 - 2016-08-20 01:45 - 00000560 _____ C:\TDSSKiller.3.1.0.9_20.08.2016_01.45.14_log.txt
2016-08-20 01:44 - 2016-08-20 01:44 - 00000560 _____ C:\TDSSKiller.3.1.0.9_20.08.2016_01.44.33_log.txt
2016-08-20 01:44 - 2016-08-20 01:44 - 00000560 _____ C:\TDSSKiller.3.1.0.9_20.08.2016_01.44.08_log.txt
2016-08-20 01:42 - 2016-08-20 01:43 - 00006602 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_01.42.51_log.txt
2016-08-20 01:40 - 2016-08-20 01:40 - 00006602 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_01.40.33_log.txt
2016-08-20 01:39 - 2016-08-20 01:39 - 00000434 _____ C:\TDSSKiller.3.1.0.9_20.08.2016_01.39.36_log.txt
2016-08-20 01:36 - 2016-08-20 01:38 - 00088118 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_01.36.51_log.txt
2016-08-20 01:35 - 2016-08-20 01:35 - 04656735 _____ C:\Users\Richard\Desktop\tdsskiller.zip
2016-08-20 01:35 - 2016-08-20 01:35 - 00000434 _____ C:\TDSSKiller.3.1.0.9_20.08.2016_01.35.07_log.txt
2016-08-20 00:40 - 2016-08-20 00:40 - 00001058 _____ C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-08-20 00:38 - 2016-08-21 09:10 - 00000000 ____D C:\Users\RBC\AppData\Local\ConnectedDevicesPlatform
2016-08-20 00:38 - 2016-08-20 00:38 - 00000020 ___SH C:\Users\RBC\ntuser.ini
2016-08-20 00:31 - 2016-08-20 00:46 - 00000000 ____D C:\Users\Richard\AppData\Local\ConnectedDevicesPlatform
2016-08-20 00:19 - 2016-08-20 00:18 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-19 23:57 - 2016-08-19 23:40 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-19 23:53 - 2016-08-19 23:53 - 00000020 ___SH C:\Users\Richard\ntuser.ini
2016-08-19 23:53 - 2016-08-19 23:53 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-19 23:52 - 2016-08-19 23:13 - 00000000 ____D C:\Windows.old
2016-08-19 23:51 - 2016-08-19 23:51 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-19 23:51 - 2016-08-19 23:51 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-19 23:51 - 2016-08-19 23:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-19 23:51 - 2016-08-19 23:51 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-19 23:51 - 2016-08-19 23:51 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-19 23:49 - 2016-08-20 09:19 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\ConnectedDevicesPlatform
2016-08-19 23:49 - 2016-08-19 23:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-19 23:49 - 2016-08-19 23:49 - 00000020 ___SH C:\Users\Visitor.DESKTOP-LGVE44F\ntuser.ini
2016-08-19 23:46 - 2016-08-19 23:46 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-19 23:46 - 2016-08-19 23:46 - 00000000 ____D C:\Program Files\MSBuild
2016-08-19 23:46 - 2016-08-19 23:46 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-19 23:46 - 2016-08-19 23:46 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-19 23:45 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-19 23:45 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 23:45 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-19 23:45 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-19 23:45 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 23:45 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\USOShared
2016-08-19 23:36 - 2016-08-19 23:39 - 00015243 _____ C:\WINDOWS\diagwrn.xml
2016-08-19 23:36 - 2016-08-19 23:39 - 00015243 _____ C:\WINDOWS\diagerr.xml
2016-08-19 23:29 - 2016-08-25 23:50 - 00003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRichard
2016-08-19 23:29 - 2016-08-25 22:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 23:29 - 2016-08-24 13:10 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-19 23:29 - 2016-08-19 23:29 - 00003504 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Update {32071542-992C-4840-8D20-1A9B7BEE3D88}
2016-08-19 23:29 - 2016-08-19 23:29 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-19 23:29 - 2016-08-19 23:29 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 23:29 - 2016-08-19 23:29 - 00003326 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Invitation {32071542-992C-4840-8D20-1A9B7BEE3D88}
2016-08-19 23:29 - 2016-08-19 23:29 - 00003314 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E0D5EC7A-DBD5-404C-A80E-4C2E96EE2FCB}
2016-08-19 23:29 - 2016-08-19 23:29 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 23:29 - 2016-08-19 23:29 - 00002490 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2016-08-19 23:29 - 2016-08-19 23:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-19 23:18 - 2016-08-19 23:18 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-19 23:18 - 2016-08-19 23:18 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-08-19 23:18 - 2016-08-19 23:18 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-08-19 23:18 - 2016-08-19 23:18 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-08-19 23:18 - 2016-08-19 23:18 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-08-19 23:12 - 2016-08-19 23:20 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-19 23:08 - 2016-08-26 00:29 - 00000000 ____D C:\Users\Richard
2016-08-19 23:08 - 2016-08-25 10:28 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F
2016-08-19 23:08 - 2016-08-20 13:36 - 00000000 ____D C:\Users\RBC
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Visitor.DESKTOP-LGVE44F\My Documents
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Visitor.DESKTOP-LGVE44F\Documents\My Videos
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Visitor.DESKTOP-LGVE44F\Documents\My Pictures
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Visitor.DESKTOP-LGVE44F\Documents\My Music
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Richard\My Documents
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Richard\Documents\My Videos
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Richard\Documents\My Pictures
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\Richard\Documents\My Music
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\RBC\My Documents
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\RBC\Documents\My Videos
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\RBC\Documents\My Pictures
2016-08-19 23:08 - 2016-08-19 23:08 - 00000000 _SHDL C:\Users\RBC\Documents\My Music
2016-08-19 23:03 - 2016-08-19 23:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-08-19 23:03 - 2016-08-19 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-19 23:02 - 2016-08-25 22:57 - 00065536 _____ C:\WINDOWS\psp_storage.bin
2016-08-19 23:02 - 2016-08-19 23:02 - 00012317 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-08-19 23:02 - 2016-08-19 23:02 - 00001839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play.lnk
2016-08-19 23:02 - 2016-08-19 23:02 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-19 23:02 - 2016-08-19 23:02 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-19 23:02 - 2016-08-19 23:02 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 23:02 - 2016-08-19 23:02 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-08-19 23:02 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-19 23:01 - 2016-08-19 23:13 - 00000000 ____D C:\Program Files\AMD
2016-08-19 23:01 - 2016-08-19 23:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_AMDASF_01011.Wdf
2016-08-19 23:01 - 2016-08-19 23:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2016-08-19 23:01 - 2016-08-19 23:01 - 00000000 ____D C:\Program Files\Synaptics
2016-08-19 23:01 - 2016-08-19 23:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-19 22:59 - 2016-08-26 09:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-19 22:59 - 2016-08-26 00:33 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-19 22:59 - 2016-08-25 22:58 - 00200144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-19 10:28 - 2016-08-19 10:28 - 00000000 ____D C:\Users\RBC\AppData\Roaming\abelhadigital.com
2016-08-18 14:34 - 2016-08-18 14:34 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\ATI
2016-08-18 14:34 - 2016-08-18 14:34 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\ATI
2016-08-18 14:34 - 2016-08-18 14:34 - 00000000 ____D C:\ProgramData\ATI
2016-08-18 11:33 - 2016-08-18 11:33 - 00025813 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage5.pdf
2016-08-18 11:32 - 2016-08-18 11:32 - 00023868 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage6.pdf
2016-08-18 11:31 - 2016-08-18 11:31 - 00028251 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage3.pdf
2016-08-18 11:29 - 2016-08-18 11:29 - 00028211 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage4.pdf
2016-08-18 11:28 - 2016-08-18 11:28 - 00027686 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage2.pdf
2016-08-18 11:26 - 2016-08-18 11:26 - 00038957 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\massage1.pdf
2016-08-18 11:25 - 2016-08-18 11:25 - 00069924 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio6.pdf
2016-08-18 11:23 - 2016-08-18 11:23 - 00044793 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio4.pdf
2016-08-18 11:22 - 2016-08-18 11:22 - 00063965 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio5.pdf
2016-08-18 11:21 - 2016-08-18 11:21 - 00042426 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio1.pdf
2016-08-18 11:21 - 2016-08-18 11:16 - 00039348 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio3.pdf
2016-08-18 11:19 - 2016-08-18 11:19 - 00042758 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\physio2.pdf
2016-08-18 11:13 - 2016-08-18 11:13 - 00023209 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\chiropractor1.pdf
2016-08-18 11:13 - 2016-08-18 11:09 - 00042478 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\chiropractor2.pdf
2016-08-10 20:28 - 2016-08-14 13:33 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\BILLS
2016-08-10 09:35 - 2016-08-10 09:35 - 00000000 ____D C:\Users\RBC\Desktop\BILLS
2016-08-09 13:17 - 2016-08-21 10:27 - 00001187 _____ C:\Users\RBC\Desktop\Mozilla Firefox.lnk
2016-08-09 11:34 - 2016-08-09 11:34 - 00000000 ____D C:\Users\RBC\AppData\Local\Comms
2016-08-09 10:52 - 2016-08-19 10:20 - 00000000 ____D C:\Program Files (x86)\Crystal Security
2016-08-09 10:52 - 2016-08-09 10:52 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Crystal Security
2016-08-09 10:50 - 2016-08-09 10:51 - 01076224 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Downloads\crystal_security_3.5.0.190_setup.msi
2016-08-09 08:13 - 2016-08-09 08:13 - 00000000 ____D C:\Users\RBC\AppData\Local\CEF
2016-08-09 08:05 - 2016-08-09 08:23 - 00000000 ____D C:\Users\RBC\AppData\Local\Mozilla
2016-08-09 08:05 - 2016-08-09 08:05 - 00000000 ____D C:\Users\RBC\AppData\Roaming\Mozilla
2016-08-08 02:28 - 2016-08-24 12:54 - 00002343 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\Google Chrome.lnk
2016-08-08 02:28 - 2016-08-08 02:28 - 00001038 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\EPSON Scan.lnk
2016-08-08 02:24 - 2016-08-26 09:09 - 00001549 _____ C:\Users\Richard\Desktop\Google Chrome.lnk
2016-08-08 02:21 - 2016-08-08 02:21 - 00002104 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\Skype.lnk
2016-08-08 02:16 - 2016-08-21 10:29 - 00000000 ____D C:\Users\RBC\AppData\Local\ClassicShell
2016-08-08 02:16 - 2016-08-01 00:22 - 00002145 _____ C:\Users\RBC\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2016-08-08 02:13 - 2016-08-20 00:40 - 00002368 _____ C:\Users\RBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-08 02:13 - 2016-08-20 00:40 - 00000000 ___RD C:\Users\RBC\OneDrive
2016-08-08 02:13 - 2016-08-08 02:13 - 00000000 ____D C:\Users\RBC\AppData\Roaming\AVAST Software
2016-08-08 02:12 - 2016-08-21 09:08 - 00000000 ____D C:\Users\RBC\Documents\YouCam
2016-08-08 02:12 - 2016-08-08 02:12 - 00000000 ____D C:\Users\RBC\AppData\Roaming\Epson
2016-08-08 02:12 - 2016-08-08 02:12 - 00000000 ____D C:\Users\RBC\AppData\Roaming\Crystal Security
2016-08-08 02:12 - 2016-08-08 02:12 - 00000000 ____D C:\Users\RBC\AppData\Local\Publishers
2016-08-08 02:12 - 2016-08-08 02:12 - 00000000 ____D C:\Users\RBC\AppData\Local\ActiveSync
2016-08-08 02:11 - 2016-08-08 02:11 - 00000000 ____D C:\Users\RBC\AppData\Local\Hewlett-Packard
2016-08-08 02:11 - 2016-08-08 02:11 - 00000000 ____D C:\Users\RBC\AppData\Local\CyberLink
2016-08-08 02:10 - 2016-08-21 09:09 - 00000000 ____D C:\Users\RBC\AppData\Local\Packages
2016-08-08 02:10 - 2016-08-08 02:10 - 00000000 ____D C:\Users\RBC\AppData\Roaming\Synaptics
2016-08-08 02:10 - 2016-08-08 02:10 - 00000000 ____D C:\Users\RBC\AppData\Roaming\Adobe
2016-08-08 02:10 - 2016-08-08 02:10 - 00000000 ____D C:\Users\RBC\AppData\Local\VirtualStore
2016-08-08 02:10 - 2016-08-08 02:10 - 00000000 ____D C:\Users\RBC\AppData\Local\TileDataLayer
2016-08-08 02:10 - 2016-08-08 02:10 - 00000000 ____D C:\Users\RBC\AppData\Local\Google
2016-08-08 02:10 - 2016-07-30 02:05 - 00000000 ____D C:\Users\RBC\Documents\hp.system.package.metadata
2016-08-08 02:10 - 2016-07-30 02:05 - 00000000 ____D C:\Users\RBC\Documents\hp.applications.package.appdata
2016-08-06 08:59 - 2016-08-06 09:03 - 00811280 _____ C:\TDSSKiller.3.1.0.9_06.08.2016_08.59.18_log.txt
2016-08-06 08:56 - 2016-08-06 08:57 - 00006434 _____ C:\TDSSKiller.3.1.0.9_06.08.2016_08.56.40_log.txt
2016-08-05 23:24 - 2016-08-10 20:27 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\DEMANOVKA PROJECT
2016-08-05 17:53 - 2016-08-05 17:53 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Macromedia
2016-08-05 17:00 - 2016-08-20 09:31 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\CrashDumps
2016-08-04 20:21 - 2016-08-04 20:21 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Documents\Avatar
2016-08-04 20:20 - 2016-08-04 20:20 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\CyberLink
2016-08-04 19:53 - 2016-08-04 19:53 - 00002188 _____ C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\Google Earth.lnk
2016-08-04 19:53 - 2016-08-04 19:53 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\LocalLow\Google
2016-08-03 20:23 - 2016-08-14 13:37 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Desktop\VISA PROJECT
2016-08-03 20:17 - 2016-08-03 20:17 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\SUPERAntiSpyware.com
2016-08-03 18:40 - 2016-08-25 10:27 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Skype
2016-08-03 18:40 - 2016-08-03 18:40 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Tracing
2016-08-03 16:07 - 2016-08-03 16:07 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Documents\Custom Office Templates
2016-08-03 16:06 - 2016-08-03 16:06 - 00000000 __RHD C:\MSOCache
2016-08-03 16:02 - 2016-08-03 16:02 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\NetworkTiles
2016-08-03 13:49 - 2016-08-03 13:49 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\LocalLow\Adobe
2016-08-03 13:49 - 2016-08-03 13:49 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Comms
2016-08-03 13:49 - 2016-08-03 13:49 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Adobe
2016-08-03 13:44 - 2016-08-04 21:27 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Epson
2016-08-03 13:44 - 2016-08-03 13:44 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Crystal Security
2016-08-03 13:44 - 2016-08-03 13:44 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\abelhadigital.com
2016-08-03 10:04 - 2016-08-25 22:59 - 00000000 ____D C:\NPE
2016-08-03 09:21 - 2016-08-21 23:40 - 1030475625 _____ C:\WINDOWS\MEMORY.DMP
2016-08-03 03:53 - 2016-08-03 03:53 - 00000000 ____D C:\Users\Richard\Documents\CyberLink
2016-08-03 03:52 - 2016-08-03 03:52 - 00000000 ____D C:\Users\Richard\AppData\Roaming\CyberLink
2016-08-02 23:59 - 2016-08-03 00:03 - 00781946 _____ C:\TDSSKiller.3.1.0.9_02.08.2016_23.59.55_log.txt
2016-08-02 23:44 - 2016-08-02 23:58 - 00006434 _____ C:\TDSSKiller.3.1.0.9_02.08.2016_23.44.09_log.txt
2016-08-02 09:57 - 2016-08-02 09:57 - 03590144 _____ C:\Users\Richard\Downloads\EpsonConnect140.exe
2016-08-02 09:24 - 2016-08-02 09:24 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Leadertech
2016-08-02 09:22 - 2016-08-19 22:22 - 00000951 _____ C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {32071542-992C-4840-8D20-1A9B7BEE3D88}.job
2016-08-02 09:22 - 2016-08-19 22:22 - 00000765 _____ C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {32071542-992C-4840-8D20-1A9B7BEE3D88}.job
2016-08-02 09:22 - 2016-08-02 09:22 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-08-02 09:20 - 2016-08-02 09:31 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Epson
2016-08-02 09:20 - 2016-08-02 09:20 - 00000000 ____D C:\Program Files\EPSON
2016-08-02 09:19 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-08-02 09:19 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-08-02 09:19 - 2016-08-02 09:57 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-08-02 09:19 - 2016-08-02 09:19 - 00000000 ____D C:\Program Files\EpsonNet
2016-08-02 09:19 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2016-08-02 09:19 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2016-08-02 09:19 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2016-08-02 09:19 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2016-08-02 09:19 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2016-08-02 09:19 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2016-08-02 09:19 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2016-08-02 09:19 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2016-08-02 09:19 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2016-08-02 09:18 - 2016-08-02 09:53 - 00000000 ____D C:\Program Files (x86)\epson
2016-08-02 09:18 - 2016-08-02 09:51 - 00000000 ____D C:\ProgramData\EPSON
2016-08-02 09:18 - 2013-10-22 04:04 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMBKDE.DLL
2016-08-02 09:18 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BKDE.DLL
2016-08-02 09:18 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-08-02 09:16 - 2016-08-02 09:24 - 00000081 _____ C:\WINDOWS\WF-3640.ini
2016-08-02 08:47 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-08-02 08:47 - 2016-08-02 08:47 - 00000000 ____D C:\Program Files (x86)\EMET 5.5
2016-08-02 08:46 - 2016-08-02 08:47 - 26816512 _____ C:\Users\Richard\Downloads\EMET Setup.msi
2016-08-01 23:55 - 2016-08-01 23:55 - 00000000 ____D C:\Users\Richard\Documents\Custom Office Templates
2016-08-01 23:18 - 2016-08-01 23:18 - 00000000 ____D C:\Users\Richard\Tracing
2016-08-01 23:17 - 2016-08-24 13:29 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Skype
2016-08-01 23:17 - 2016-08-24 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-01 23:17 - 2016-08-24 13:20 - 00000000 ____D C:\ProgramData\Skype
2016-08-01 23:17 - 2016-08-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-01 23:16 - 2016-08-01 23:16 - 01463416 _____ (Skype Technologies S.A.) C:\Users\Richard\Downloads\SkypeSetup.exe
2016-08-01 23:04 - 2016-08-01 23:44 - 00006268 _____ C:\TDSSKiller.3.1.0.9_01.08.2016_23.04.10_log.txt
2016-08-01 22:49 - 2016-08-01 22:49 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-08-01 22:49 - 2016-08-01 22:49 - 00000000 ____D C:\Users\Richard\AppData\LocalLow\Google
2016-08-01 22:48 - 2016-08-01 22:49 - 00987728 _____ (Google Inc.) C:\Users\Richard\Downloads\GoogleEarthSetup.exe
2016-08-01 22:42 - 2016-08-24 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-01 22:42 - 2016-08-24 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-01 22:42 - 2016-08-24 13:06 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-01 22:42 - 2016-08-20 01:11 - 00000000 ____D C:\Users\Richard\AppData\Local\Mozilla
2016-08-01 22:42 - 2016-08-01 22:42 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Mozilla
2016-08-01 22:41 - 2016-08-01 22:41 - 00242120 _____ C:\Users\Richard\Downloads\Firefox Setup Stub 47.0.1.exe
2016-08-01 22:34 - 2016-08-01 22:34 - 00000000 ____D C:\Users\Richard\AppData\LocalLow\Adobe
2016-08-01 22:31 - 2016-08-21 10:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 22:30 - 2016-08-01 22:34 - 00000000 ____D C:\ProgramData\Adobe
2016-08-01 22:30 - 2016-08-01 22:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-01 22:29 - 2016-08-01 22:34 - 00000000 ____D C:\Users\Richard\AppData\Local\Adobe
2016-08-01 21:29 - 2016-08-01 21:29 - 05200384 _____ (AVAST Software) C:\Users\Richard\Downloads\aswmbr.exe
2016-08-01 21:23 - 2016-08-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-08-01 21:23 - 2016-08-01 21:23 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-08-01 21:23 - 2015-09-14 14:03 - 00039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2016-08-01 21:23 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-08-01 21:22 - 2016-08-01 21:23 - 35867896 _____ (Panda Security ) C:\Users\Richard\Downloads\PandaCloudCleaner.exe
2016-08-01 21:08 - 2016-08-26 00:13 - 00000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2016-08-01 21:06 - 2016-08-01 21:06 - 06760064 _____ (ESET spol. s r.o.) C:\Users\Richard\Downloads\esetonlinescanner_enu.exe
2016-08-01 21:06 - 2016-08-01 21:06 - 00000000 ____D C:\Users\Richard\AppData\Local\ESET
2016-08-01 20:04 - 2016-08-25 23:06 - 00000000 ____D C:\Users\Richard\AppData\Local\NPE
2016-08-01 20:04 - 2016-08-01 20:04 - 03411640 _____ (Symantec Corporation) C:\Users\Richard\Downloads\NPE.exe
2016-08-01 20:04 - 2016-08-01 20:04 - 00000000 ____D C:\ProgramData\Norton
2016-08-01 19:44 - 2016-08-25 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-01 19:42 - 2016-08-01 19:42 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Richard\Downloads\mbar-1.09.3.1001.exe
2016-08-01 19:39 - 2016-08-25 21:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-01 19:38 - 2016-08-25 21:06 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-01 19:38 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-01 19:38 - 2016-08-01 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-01 19:38 - 2016-08-01 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-01 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-01 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-01 19:37 - 2016-08-01 19:38 - 22851472 _____ (Malwarebytes ) C:\Users\Richard\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-01 19:35 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-01 19:35 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2016-08-01 19:35 - 2016-08-01 19:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-08-01 19:35 - 2016-08-01 19:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-01 19:34 - 2016-08-01 19:34 - 26785704 _____ (SUPERAntiSpyware) C:\Users\Richard\Downloads\SUPERAntiSpyware.exe
2016-08-01 19:32 - 2016-08-26 09:02 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\ClassicShell
2016-08-01 19:32 - 2016-08-01 00:22 - 00002145 _____ C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2016-08-01 19:31 - 2016-08-26 01:30 - 00007597 _____ C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
2016-08-01 19:29 - 2016-08-01 19:29 - 00000017 _____ C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\resmon.resmoncfg
2016-08-01 19:29 - 2016-08-01 19:29 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\CEF
2016-08-01 19:28 - 2016-08-23 12:19 - 00002428 _____ C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-01 19:28 - 2016-08-23 12:19 - 00000000 ___RD C:\Users\Visitor.DESKTOP-LGVE44F\OneDrive
2016-08-01 19:28 - 2016-08-03 17:05 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\MicrosoftEdge
2016-08-01 19:27 - 2016-08-01 19:27 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\AVAST Software
2016-08-01 19:27 - 2016-08-01 19:27 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\ActiveSync
2016-08-01 19:26 - 2016-08-26 02:22 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Documents\YouCam
2016-08-01 19:26 - 2016-08-01 19:26 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Publishers
2016-08-01 19:26 - 2016-08-01 19:26 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Hewlett-Packard
2016-08-01 19:26 - 2016-08-01 19:26 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\CyberLink
2016-08-01 19:25 - 2016-08-20 00:08 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Packages
2016-08-01 19:25 - 2016-08-09 10:51 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\VirtualStore
2016-08-01 19:25 - 2016-08-03 13:49 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Adobe
2016-08-01 19:25 - 2016-08-01 19:25 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Roaming\Synaptics
2016-08-01 19:25 - 2016-08-01 19:25 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\TileDataLayer
2016-08-01 19:25 - 2016-08-01 19:25 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Google
2016-08-01 19:25 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Documents\hp.system.package.metadata
2016-08-01 19:25 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Visitor.DESKTOP-LGVE44F\Documents\hp.applications.package.appdata
2016-08-01 09:04 - 2016-08-25 20:17 - 00000000 ____D C:\AdwCleaner
2016-08-01 02:34 - 2016-08-21 10:33 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-01 02:33 - 2016-08-25 20:05 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-08-01 02:33 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-08-01 02:33 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-08-01 02:33 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-08-01 02:32 - 2016-08-01 02:33 - 04291320 _____ (BrightFort LLC ) C:\Users\Richard\Downloads\spywareblastersetup55.exe
2016-08-01 01:48 - 2016-08-01 01:48 - 00000000 ____D C:\Users\Richard\AppData\Roaming\WildTangent
2016-08-01 01:38 - 2016-08-01 01:38 - 00000000 ____D C:\Users\Richard\AppData\LocalLow\Evernote
2016-08-01 01:21 - 2016-08-01 01:22 - 00006268 _____ C:\TDSSKiller.3.1.0.9_01.08.2016_01.21.37_log.txt
2016-08-01 01:07 - 2016-08-26 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-08-01 01:07 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-08-01 01:07 - 2016-08-03 00:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-08-01 01:06 - 2016-08-01 01:06 - 01858888 _____ (Malwarebytes ) C:\Users\Richard\Downloads\mbae-setup-1.08.1.2563.exe
2016-08-01 00:50 - 2016-08-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
2016-08-01 00:50 - 2016-08-01 00:50 - 00000000 ____D C:\Users\Richard\AppData\Roaming\abelhadigital.com
2016-08-01 00:47 - 2016-08-01 00:48 - 00113418 _____ C:\TDSSKiller.3.1.0.9_01.08.2016_00.47.23_log.txt
2016-08-01 00:47 - 2016-08-01 00:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Richard\Downloads\tdsskiller.exe
2016-08-01 00:31 - 2016-08-26 09:56 - 00000000 ____D C:\Users\Richard\AppData\Local\ClassicShell
2016-08-01 00:31 - 2016-08-01 00:22 - 00002145 _____ C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2016-08-01 00:25 - 2016-08-01 00:25 - 00000000 ____D C:\ProgramData\ClassicShell
2016-08-01 00:22 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-08-01 00:22 - 2016-08-01 00:22 - 07220496 _____ (IvoSoft) C:\Users\Richard\Downloads\ClassicShellSetup_4_3_0.exe
2016-08-01 00:22 - 2016-08-01 00:22 - 00000000 ____D C:\Program Files\Classic Shell
2016-07-31 23:53 - 2016-07-31 23:53 - 00695920 _____ () C:\Users\Richard\Downloads\Everything-1.4.0.713b.x64-Setup.exe
2016-07-31 12:33 - 2016-07-31 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-31 12:32 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-31 12:28 - 2016-08-18 07:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-31 12:28 - 2016-07-31 12:28 - 01129200 _____ (Microsoft Corporation) C:\Users\Richard\Downloads\Setup.X86.en-US_HomeStudentRetail_061d05ad-c832-45bf-8ad5-9fa00a6c7587_TX_PR_ (1).exe
2016-07-31 12:17 - 2016-07-31 12:17 - 01129200 _____ (Microsoft Corporation) C:\Users\Richard\Downloads\Setup.X86.en-US_HomeStudentRetail_061d05ad-c832-45bf-8ad5-9fa00a6c7587_TX_PR_.exe
2016-07-31 12:11 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-07-31 11:55 - 2016-07-31 12:10 - 11374528 _____ (VS Revo Group ) C:\Users\Richard\Downloads\RevoUninProSetup.exe
2016-07-31 11:32 - 2016-08-04 20:20 - 00000000 ____D C:\Users\Public\CyberLink
2016-07-31 10:30 - 2016-07-31 10:31 - 00000000 ___RD C:\Users\TEST\OneDrive
2016-07-31 10:29 - 2016-07-31 10:36 - 00000000 ____D C:\Users\TEST\AppData\Roaming\AVAST Software
2016-07-31 10:29 - 2016-07-31 10:29 - 00000000 ____D C:\Users\TEST\AppData\Local\MicrosoftEdge
2016-07-31 10:29 - 2016-07-31 10:29 - 00000000 ____D C:\Users\TEST\AppData\Local\ActiveSync
2016-07-31 10:28 - 2016-07-31 10:37 - 00000000 ____D C:\Users\TEST\Documents\YouCam
2016-07-31 10:28 - 2016-07-31 10:28 - 00000000 ____D C:\Users\TEST\AppData\Local\Publishers
2016-07-31 10:28 - 2016-07-31 10:28 - 00000000 ____D C:\Users\TEST\AppData\Local\Hewlett-Packard
2016-07-31 10:28 - 2016-07-31 10:28 - 00000000 ____D C:\Users\TEST\AppData\Local\CyberLink
2016-07-31 10:27 - 2016-07-31 11:01 - 00000000 ____D C:\Users\TEST
2016-07-31 10:27 - 2016-07-31 10:39 - 00000000 ____D C:\Users\TEST\AppData\Local\Packages
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 _SHDL C:\Users\TEST\My Documents
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 _SHDL C:\Users\TEST\Documents\My Videos
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 _SHDL C:\Users\TEST\Documents\My Pictures
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 _SHDL C:\Users\TEST\Documents\My Music
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Synaptics
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Adobe
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 ____D C:\Users\TEST\AppData\Local\VirtualStore
2016-07-31 10:27 - 2016-07-31 10:27 - 00000000 ____D C:\Users\TEST\AppData\Local\Google
2016-07-31 10:27 - 2016-07-30 02:05 - 00000000 ____D C:\Users\TEST\Documents\hp.system.package.metadata
2016-07-31 10:27 - 2016-07-30 02:05 - 00000000 ____D C:\Users\TEST\Documents\hp.applications.package.appdata
2016-07-31 10:21 - 2016-07-31 10:21 - 00000000 ____D C:\Users\Richard\AppData\Local\LogMeIn Rescue Applet
2016-07-31 09:53 - 2016-07-31 09:53 - 00000000 ____D C:\Users\Visitor\AppData\Local\CEF
2016-07-31 09:50 - 2016-07-31 09:50 - 00000000 ____D C:\Users\Visitor\AppData\Local\Comms
2016-07-31 08:40 - 2016-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-07-31 08:40 - 2016-07-31 08:40 - 00000000 ____D C:\Users\Richard\AppData\Local\VS Revo Group
2016-07-31 08:40 - 2016-07-31 08:40 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-07-31 08:40 - 2016-07-31 08:40 - 00000000 ____D C:\Program Files\VS Revo Group
2016-07-31 08:36 - 2016-07-31 08:37 - 00000000 ___RD C:\Users\Visitor\OneDrive
2016-07-31 08:36 - 2016-07-31 08:36 - 00000000 ____D C:\Users\Visitor\AppData\Local\MicrosoftEdge
2016-07-31 08:34 - 2016-07-31 09:43 - 00000000 ____D C:\Users\Visitor\Documents\YouCam
2016-07-31 08:34 - 2016-07-31 08:34 - 00000000 ____D C:\Users\Visitor\AppData\Roaming\AVAST Software
2016-07-31 08:34 - 2016-07-31 08:34 - 00000000 ____D C:\Users\Visitor\AppData\Local\ActiveSync
2016-07-31 08:33 - 2016-07-31 08:33 - 00000000 ____D C:\Users\Visitor\AppData\Local\Publishers
2016-07-31 08:33 - 2016-07-31 08:33 - 00000000 ____D C:\Users\Visitor\AppData\Local\Hewlett-Packard
2016-07-31 08:33 - 2016-07-31 08:33 - 00000000 ____D C:\Users\Visitor\AppData\Local\Google
2016-07-31 08:33 - 2016-07-31 08:33 - 00000000 ____D C:\Users\Visitor\AppData\Local\CyberLink
2016-07-31 08:32 - 2016-08-03 13:54 - 00000000 ____D C:\Users\Visitor\AppData\Local\Packages
2016-07-31 08:32 - 2016-07-31 11:01 - 00000000 ____D C:\Users\Visitor
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 _SHDL C:\Users\Visitor\My Documents
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 _SHDL C:\Users\Visitor\Documents\My Videos
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 _SHDL C:\Users\Visitor\Documents\My Pictures
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 _SHDL C:\Users\Visitor\Documents\My Music
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 ____D C:\Users\Visitor\AppData\Roaming\Synaptics
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 ____D C:\Users\Visitor\AppData\Roaming\Adobe
2016-07-31 08:32 - 2016-07-31 08:32 - 00000000 ____D C:\Users\Visitor\AppData\Local\VirtualStore
2016-07-31 08:32 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Visitor\Documents\hp.system.package.metadata
2016-07-31 08:32 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Visitor\Documents\hp.applications.package.appdata
2016-07-30 10:42 - 2016-08-26 00:10 - 00000000 ____D C:\Users\Richard\AppData\Local\ElevatedDiagnostics
2016-07-30 10:20 - 2016-08-01 00:50 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2016-07-30 10:20 - 2016-08-01 00:50 - 00000000 ____D C:\Program Files (x86)\HostsMan
2016-07-30 10:20 - 2016-07-30 10:20 - 00000000 ____D C:\ProgramData\abelhadigital.com
2016-07-30 10:19 - 2016-08-01 00:50 - 03048335 _____ C:\Users\Richard\Downloads\HostsMan_4.6.103_installer.zip
2016-07-30 10:14 - 2016-08-09 08:07 - 00000000 ____D C:\Sandbox
2016-07-30 09:05 - 2016-07-30 09:05 - 00289240 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2016-07-30 09:05 - 2016-07-30 09:05 - 00247768 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2016-07-30 07:42 - 2016-07-30 07:42 - 08969872 _____ (Sandboxie Holdings, LLC) C:\Users\Richard\Downloads\SandboxieInstall.exe
2016-07-30 07:34 - 2016-07-30 07:34 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-07-30 07:34 - 2016-07-30 07:34 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-07-30 07:32 - 2016-07-30 07:32 - 04002104 _____ (Secunia) C:\Users\Richard\Downloads\PSISetup.exe
2016-07-30 07:17 - 2016-07-30 07:17 - 00000000 ____D C:\Users\Richard\AppData\Local\CEF
2016-07-30 07:15 - 2016-08-24 13:10 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-07-30 07:15 - 2016-08-24 13:10 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-07-30 07:15 - 2016-08-24 13:09 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-07-30 07:15 - 2016-07-31 11:05 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-07-30 07:12 - 2016-07-30 07:13 - 06253640 _____ (AVAST Software) C:\Users\Richard\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-07-30 06:31 - 2016-08-03 11:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-07-30 06:02 - 2016-08-09 08:18 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-30 06:01 - 2016-08-19 22:12 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-30 06:01 - 2016-08-19 21:08 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-30 06:01 - 2016-08-01 22:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-30 06:01 - 2016-07-30 06:02 - 00000000 ____D C:\Users\Richard\AppData\Local\Google
2016-07-30 06:01 - 2016-07-30 06:01 - 00987728 _____ (Google Inc.) C:\Users\Richard\Downloads\ChromeSetup.exe
2016-07-30 05:48 - 2016-07-30 05:48 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk
2016-07-30 05:34 - 2016-08-25 23:50 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRichard.job
2016-07-30 05:12 - 2016-08-09 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-30 05:12 - 2016-08-09 11:54 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-30 04:59 - 2016-08-01 01:37 - 00000000 ____D C:\Users\Richard\AppData\Roaming\AVAST Software
2016-07-30 04:35 - 2016-07-30 04:35 - 00000000 ____D C:\Users\Richard\AppData\Local\NetworkTiles
2016-07-30 04:25 - 2016-07-30 06:00 - 00000000 ____D C:\Users\Richard\AppData\Local\MicrosoftEdge
2016-07-30 04:15 - 2016-07-30 04:15 - 00000000 ____D C:\Users\Richard\AppData\Local\Comms
2016-07-30 04:03 - 2016-07-30 04:03 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Macromedia
2016-07-30 04:01 - 2016-08-20 00:33 - 00002380 _____ C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-30 04:01 - 2016-08-20 00:33 - 00000000 ___RD C:\Users\Richard\OneDrive
2016-07-30 03:59 - 2016-08-26 09:04 - 00000000 ____D C:\Users\Richard\Documents\YouCam
2016-07-30 03:58 - 2016-07-30 03:59 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Hewlett-Packard
2016-07-30 03:58 - 2016-07-30 03:59 - 00000000 ____D C:\Users\Richard\AppData\Local\CyberLink
2016-07-30 03:58 - 2016-07-30 03:58 - 00000000 ____D C:\Users\Richard\AppData\Local\HP_Inc
2016-07-30 03:57 - 2016-07-30 05:34 - 00000000 ____D C:\Users\Richard\AppData\Local\Hewlett-Packard
2016-07-30 03:56 - 2016-07-30 03:56 - 00000000 ____D C:\Users\Richard\AppData\Local\Publishers
2016-07-30 03:56 - 2016-07-30 03:56 - 00000000 ____D C:\Users\Richard\AppData\Local\ActiveSync
2016-07-30 03:54 - 2016-08-20 00:47 - 00000000 ____D C:\Users\Richard\AppData\Local\Packages
2016-07-30 03:54 - 2016-08-01 22:34 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Adobe
2016-07-30 03:54 - 2016-07-30 03:54 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Synaptics
2016-07-30 03:54 - 2016-07-30 03:54 - 00000000 ____D C:\Users\Richard\AppData\Local\VirtualStore
2016-07-30 03:54 - 2016-07-30 03:54 - 00000000 ____D C:\Users\Richard\AppData\Local\TileDataLayer
2016-07-30 03:53 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Richard\Documents\hp.system.package.metadata
2016-07-30 03:53 - 2016-07-30 02:05 - 00000000 ____D C:\Users\Richard\Documents\hp.applications.package.appdata
2016-07-30 02:34 - 2016-07-30 02:34 - 00000000 _____ C:\Recovery.txt
2016-07-30 02:34 - 2016-01-30 23:10 - 00000000 __RSH C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6044LTQ_E15WW3MKT601_4A_I80B6_SHP_V81.29_BF.16_T151127_W1101-0_L409_M15821_J1000_7AMD_8BFF_92.00_#160130_N14E44365;10EC8136_(V0Q20UA#ABL)_XMOBILE_CN10_Z_2.MRK
2016-07-30 02:16 - 2016-07-30 02:16 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Videos
2016-07-30 02:16 - 2016-07-30 02:16 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Pictures
2016-07-30 02:16 - 2016-07-30 02:16 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Music
2016-07-30 02:15 - 2016-08-19 23:29 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-30 02:14 - 2016-08-19 23:36 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-07-30 02:14 - 2016-07-30 02:15 - 00000000 ____D C:\WINDOWS\ShellNew
2016-07-30 01:50 - 2016-08-19 23:18 - 00000000 ____D C:\Users\Default.migrated
2016-07-30 01:49 - 2016-07-30 03:54 - 00000000 ___HD C:\system.sav
2016-07-30 01:40 - 2016-07-30 02:34 - 00000000 ___HD C:\$SysReset
2016-07-30 01:40 - 2016-07-30 01:40 - 00000000 ____D C:\ProgramData\SRS Labs
2016-07-28 16:46 - 2015-08-31 00:26 - 00041400 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd6.sys
2016-07-28 16:36 - 2016-07-28 16:34 - 01943624 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 01435152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 01330072 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 01022872 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-07-28 16:36 - 2016-07-28 16:34 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-07-28 16:35 - 2016-07-28 16:34 - 04989482 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-07-28 16:35 - 2016-07-28 16:34 - 04781824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-07-28 16:35 - 2016-07-28 16:34 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 03195648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 03081296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 02894976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-07-28 16:35 - 2016-07-28 16:34 - 01356512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-07-28 16:35 - 2016-07-28 16:34 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-07-28 16:35 - 2016-07-28 16:33 - 02036992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-07-28 16:35 - 2016-07-28 16:33 - 01601952 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-07-28 16:35 - 2016-07-28 16:33 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-07-28 16:35 - 2016-07-28 16:33 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-07-28 16:35 - 2016-07-28 16:33 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-26 09:58 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-26 09:11 - 2016-07-24 01:03 - 02135712 _____ (Sysinternals - www.sysinternals.com) C:\Users\Richard\Desktop\Procmon.exe
2016-08-26 09:09 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-26 01:59 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-26 01:29 - 2015-07-23 06:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-25 23:04 - 2015-07-15 23:09 - 01057408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-25 22:57 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-08-25 22:57 - 2016-01-30 23:06 - 02230235 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-08-25 20:06 - 2016-01-30 23:19 - 00000000 ____D C:\ProgramData\Temp
2016-08-25 15:58 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-25 09:19 - 2015-07-15 23:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-24 13:43 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-24 13:43 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-24 13:43 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 13:43 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-24 13:41 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-20 09:22 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-20 08:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-19 23:57 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-19 23:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-19 23:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-19 23:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-19 23:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-19 23:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-19 23:40 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-19 23:39 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 23:36 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-19 23:35 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-19 23:28 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-19 23:20 - 2016-01-30 23:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-08-19 23:15 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-19 23:15 - 2015-07-23 06:49 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-19 23:14 - 2016-07-16 07:15 - 00000000 ____D C:\WINDOWS\OCR
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-19 23:14 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-19 23:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-19 23:14 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-08-19 23:14 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-08-19 23:14 - 2015-07-23 06:10 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-19 23:13 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-19 23:13 - 2016-01-30 23:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-19 23:13 - 2016-01-30 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-08-19 23:13 - 2016-01-30 22:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-08-19 23:13 - 2016-01-30 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-19 23:12 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-19 23:06 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-19 23:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-19 23:03 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-19 22:17 - 2016-07-16 08:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-03 10:31 - 2015-07-10 04:04 - 00403247 _____ C:\WINDOWS\system32\Drivers\etc\HOSTS.bak
2016-08-03 03:53 - 2016-01-30 23:21 - 00000000 ____D C:\ProgramData\CyberLink
2016-08-02 09:53 - 2016-01-30 22:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-01 01:49 - 2016-01-30 23:27 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-01 01:48 - 2016-01-30 23:27 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-08-01 01:36 - 2016-01-30 23:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-01 01:36 - 2016-01-30 23:19 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-30 06:44 - 2015-07-23 05:29 - 00000000 ___HD C:\hp
2016-07-30 06:24 - 2016-01-30 23:44 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-07-30 05:58 - 2016-01-30 23:19 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-07-30 05:55 - 2016-01-30 23:20 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-07-30 05:54 - 2015-07-13 09:28 - 00000000 ____D C:\SWSetup
2016-07-30 05:49 - 2016-01-30 23:27 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-07-30 03:59 - 2015-07-23 06:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-07-30 02:03 - 2016-01-30 23:06 - 00000000 ____D C:\WINDOWS\tbaseregistry
2016-07-30 01:59 - 2016-01-30 22:55 - 00000000 ____D C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
2016-07-30 01:56 - 2016-01-30 23:19 - 00000000 ____D C:\ProgramData\install_clap
2016-07-30 01:56 - 2016-01-30 23:05 - 00000000 ____D C:\ProgramData\Synaptics
2016-07-30 01:55 - 2016-01-30 23:21 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-07-30 01:55 - 2016-01-30 23:09 - 00000000 ____D C:\ProgramData\Apple
2016-07-30 01:55 - 2016-01-30 22:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-30 01:55 - 2015-07-23 06:10 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-07-30 01:55 - 2015-07-23 06:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-07-30 01:53 - 2016-01-30 23:24 - 00000000 ____D C:\Program Files\CyberLink
2016-07-30 01:53 - 2016-01-30 23:09 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-30 01:53 - 2016-01-30 23:08 - 00000000 ____D C:\Program Files\HP
2016-07-30 01:53 - 2016-01-30 22:59 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-07-30 01:53 - 2015-07-23 06:07 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-07-30 01:50 - 2016-01-30 23:09 - 00000000 ____D C:\Program Files\Bonjour
2016-07-30 01:50 - 2016-01-30 23:02 - 00000000 ____D C:\Program Files\Broadcom
2016-07-30 01:50 - 2016-01-30 23:00 - 00000000 ____D C:\Program Files\ATI Technologies
2016-07-30 01:50 - 2015-07-15 23:09 - 00000000 ____D C:\inetpub
 
==================== Files in the root of some directories =======
 
2016-08-01 19:31 - 2016-08-26 01:30 - 0007597 _____ () C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Richard\AppData\Local\Temp\libeay32.dll
C:\Users\Richard\AppData\Local\Temp\msvcr120.dll
C:\Users\Richard\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-19 22:58
 
==================== End of FRST.txt ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 27 August 2016 - 08:45 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30]
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 aspnet_state; no ImagePath
C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===


    If you have a CD emulator disable it before running the tools suggested above.

    Disable the CD emulators....

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.
    ===

    Let me know what problems you are having with this computer.


#5 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 27 August 2016 - 12:53 PM

Hi Nasdaq,

 

I got a blue screen when I ran ASWmbr first time. It was fine when I ran it for the second time.

After I disabled CD emulators and Defogger showed Finished nothing happened afterwards. I got a log defogger enable on the screen which I will post.

 

Overall occasionally I have a program which doesn't start when I boot up. It is random and usually it is fixed after a restart or two. Computer takes long time to boot up. I ran GMER just to see if it would find something. Otherwise the computer seems alright, I do not have any strange behaviour occurring.

 

Please find all the logs posted in order as requested.

 

Thank you again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Richard (27-08-2016 08:35:12) Run:1
Running from C:\Users\Richard\Desktop
Loaded Profiles: Richard (Available Profiles: Richard & Visitor & RBC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30]
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 aspnet_state; no ImagePath
C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
aspnet_state => service removed successfully
"C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9088489 B
Java, Flash, Steam htmlcache => 824 B
Windows/system/drivers => 2430064 B
Edge => 6157 B
Chrome => 0 B
Firefox => 101014 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 287646 B
NetworkService => 46710 B
Richard => 12639395 B
Visitor.DESKTOP-LGVE44F => 26576806 B
RBC => 11737568 B
RecycleBin => 5969236 B
EmptyTemp: => 65.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 08:35:39 ====

 

 

08:51:29.0718 0x2338  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
08:51:29.0718 0x2338  UEFI system
08:51:41.0285 0x2338  ============================================================
08:51:41.0285 0x2338  Current date / time: 2016/08/27 08:51:41.0285
08:51:41.0286 0x2338  SystemInfo:
08:51:41.0286 0x2338 
08:51:41.0286 0x2338  OS Version: 10.0.14393 ServicePack: 0.0
08:51:41.0286 0x2338  Product type: Workstation
08:51:41.0286 0x2338  ComputerName: DESKTOP-LGVE44F
08:51:41.0287 0x2338  UserName: Richard
08:51:41.0287 0x2338  Windows directory: C:\WINDOWS
08:51:41.0287 0x2338  System windows directory: C:\WINDOWS
08:51:41.0287 0x2338  Running under WOW64
08:51:41.0287 0x2338  Processor architecture: Intel x64
08:51:41.0287 0x2338  Number of processors: 4
08:51:41.0287 0x2338  Page size: 0x1000
08:51:41.0287 0x2338  Boot type: Normal boot
08:51:41.0287 0x2338  CodeIntegrityOptions = 0x00000001
08:51:41.0287 0x2338  ============================================================
08:51:41.0659 0x2338  KLMD registered as C:\WINDOWS\system32\drivers\52786858.sys
08:51:41.0660 0x2338  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.82, osProperties = 0x19
08:51:41.0839 0x2338  System UUID: {285AE535-D2D3-D9BD-21C2-135D2A006407}
08:51:42.0323 0x2338  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:51:42.0339 0x2338  ============================================================
08:51:42.0339 0x2338  \Device\Harddisk0\DR0:
08:51:42.0339 0x2338  GPT partitions:
08:51:42.0340 0x2338  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B09C6541-8768-4637-AABB-B3033E7B2311}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
08:51:42.0340 0x2338  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6006165C-E51E-4C41-A669-F22FBB6CF0B8}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x40000
08:51:42.0340 0x2338  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E1D1D434-7EB9-4491-AE6D-E816696040EA}, Name: Basic data partition, StartLBA 0xC2800, BlocksNum 0x71B348DE
08:51:42.0340 0x2338  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3C9A1F15-54F8-4C4B-87D6-C1EFF0B53E95}, Name: , StartLBA 0x71BF7800, BlocksNum 0x19E800
08:51:42.0340 0x2338  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {376A6369-1766-4201-BBA9-018246E23D1B}, Name: Basic data partition, StartLBA 0x71D96000, BlocksNum 0x296F000
08:51:42.0340 0x2338  MBR partitions:
08:51:42.0340 0x2338  ============================================================
08:51:42.0384 0x2338  C: <-> \Device\Harddisk0\DR0\Partition3
08:51:42.0433 0x2338  D: <-> \Device\Harddisk0\DR0\Partition5
08:51:42.0433 0x2338  ============================================================
08:51:42.0433 0x2338  Initialize success
08:51:42.0433 0x2338  ============================================================
08:51:46.0004 0x1d2c  ============================================================
08:51:46.0004 0x1d2c  Scan started
08:51:46.0004 0x1d2c  Mode: Manual;
08:51:46.0004 0x1d2c  ============================================================
08:51:46.0004 0x1d2c  KSN ping started
08:51:46.0194 0x1d2c  KSN ping finished: true
08:51:48.0390 0x1d2c  ================ Scan system memory ========================
08:51:48.0390 0x1d2c  System memory - ok
08:51:48.0391 0x1d2c  ================ Scan services =============================
08:51:48.0476 0x1d2c  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:51:48.0484 0x1d2c  !SASCORE - ok
08:51:48.0634 0x1d2c  1394ohci - ok
08:51:48.0642 0x1d2c  3ware - ok
08:51:49.0016 0x1d2c  [ 02F3BA98D25FD4764CBEFF365EC73113, B8641770BA1782E9A49A217BB142C3CC394CA17C3D2A27422690D336B06D3769 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
08:51:49.0205 0x1d2c  a2AntiMalware - ok
08:51:49.0270 0x1d2c  [ 36E8D1E627D422241D903305B4008E9B, BD4BB52E98302A71A217DDE85102DBFBD04A59CEE9BAD7AF1138BF453889D6EA ] Accelerometer   C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
08:51:49.0272 0x1d2c  Accelerometer - ok
08:51:49.0287 0x1d2c  ACPI - ok
08:51:49.0311 0x1d2c  AcpiDev - ok
08:51:49.0318 0x1d2c  acpiex - ok
08:51:49.0326 0x1d2c  acpipagr - ok
08:51:49.0355 0x1d2c  AcpiPmi - ok
08:51:49.0362 0x1d2c  acpitime - ok
08:51:49.0396 0x1d2c  [ C818B82F7758A985481A6FBF8164A866, 5A0D9FE29CFE974FE9BB0A2039758E022C5D89B176B2F63DD74AB9C99DD71887 ] AdaptiveSleepService c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
08:51:49.0401 0x1d2c  AdaptiveSleepService - ok
08:51:49.0459 0x1d2c  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:51:49.0464 0x1d2c  AdobeARMservice - ok
08:51:49.0479 0x1d2c  ADP80XX - ok
08:51:49.0490 0x1d2c  AFD - ok
08:51:49.0500 0x1d2c  ahcache - ok
08:51:49.0519 0x1d2c  AJRouter - ok
08:51:49.0531 0x1d2c  ALG - ok
08:51:49.0575 0x1d2c  [ 23D869881D465D75D28F05911B73B573, B21E5D7396E2C69D4334D40A3CC1831D3F899AE332E6D358BCF8FC69030BDD6B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
08:51:49.0584 0x1d2c  AMD External Events Utility - ok
08:51:49.0644 0x1d2c  [ 32DAA40D36483EB4689AFDCBAE6CE77D, 74F14EA08892B4AB674AAAD675DA66526A9529C39E15C3167813406C698E3A16 ] amdacpusrsvc    C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
08:51:49.0650 0x1d2c  amdacpusrsvc - ok
08:51:49.0683 0x1d2c  [ EB6D88203754B6C2F17D9E037183E6CB, 5D3DA4B718D6A800E4DAFC2086825456122EEB1F40751D5DE9EF458DCE27C04C ] AmdAS4          C:\WINDOWS\System32\drivers\AmdAS4.sys
08:51:49.0686 0x1d2c  AmdAS4 - ok
08:51:49.0697 0x1d2c  AmdK8 - ok
08:51:49.0740 0x1d2c  [ 63DBE05B7EE2040F3E4C443057150D75, 79614F828B765E6CEDB6E0D6D032935F7C7EE21F0E186549B3A56DD5BA23D77E ] amdkmcsp        C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys
08:51:49.0746 0x1d2c  amdkmcsp - ok
08:51:49.0773 0x1d2c  amdkmdag - ok
08:51:49.0839 0x1d2c  [ DA82A3CAB7083267BBF0F0066354055C, CC676BC80E29B5EFC0C79D523869C903CB60E7F759C0400BE8094354FD034AA6 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
08:51:49.0855 0x1d2c  amdkmdap - ok
08:51:49.0885 0x1d2c  [ A7820769AF79FF16DBF52133C00FEA80, 7D8B0B3A270F819C6E30123111C068598633B0AA9E68893FF4D9ECC457334593 ] amdkmpfd        C:\WINDOWS\system32\drivers\amdkmpfd.sys
08:51:49.0887 0x1d2c  amdkmpfd - ok
08:51:49.0909 0x1d2c  AmdPPM - ok
08:51:49.0987 0x1d2c  [ A6A2F105FCCEF4CC07CD61CC004D8951, 43570B6FE5C82375E66B0C61DD3B72FA570A225CDC1356285259998B3ECD2B53 ] amdpsp          C:\WINDOWS\system32\DRIVERS\amdpsp.sys
08:51:49.0997 0x1d2c  amdpsp - ok
08:51:50.0004 0x1d2c  amdsata - ok
08:51:50.0021 0x1d2c  amdsbs - ok
08:51:50.0028 0x1d2c  amdxata - ok
08:51:50.0034 0x1d2c  AppID - ok
08:51:50.0051 0x1d2c  AppIDSvc - ok
08:51:50.0056 0x1d2c  Appinfo - ok
08:51:50.0074 0x1d2c  applockerfltr - ok
08:51:50.0080 0x1d2c  AppReadiness - ok
08:51:50.0086 0x1d2c  AppXSvc - ok
08:51:50.0092 0x1d2c  arcsas - ok
08:51:50.0128 0x1d2c  [ 9B480B472D6826E7257C90E2D0EE2954, C52C198602D180011A9345AE6F108EC4B1FD91234AF2E6296B2E39C1888B0D4D ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
08:51:50.0131 0x1d2c  aswHwid - ok
08:51:50.0150 0x1d2c  [ 1BB00571CC2C78463ABD7E9C32970758, BF523468754CB1628D66F28B06FAF7C545C5724801B04888517A2FB4BF9582BF ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
08:51:50.0155 0x1d2c  aswMonFlt - ok
08:51:50.0162 0x1d2c  [ 7010B57D708DA5C9686A5923EE621776, 5A554B8941C156EC341C602F34679A7475802B19EE6A99AA29AE2628A123ECB1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
08:51:50.0167 0x1d2c  aswRdr - ok
08:51:50.0174 0x1d2c  [ 937885085BFE5BD08EC1BC0245DD203B, 6DDD89245EEA3B8106C5F2EB6FA8CF525F3B42AA7032276DE78953E06FE7F4B4 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
08:51:50.0177 0x1d2c  aswRvrt - ok
08:51:50.0235 0x1d2c  [ 0589C00EB56A5BEEFE7F1496CD5184FE, 2728E481A610F1FA023D1BBA3E9CC48443213675E6C4A42E084B4851956B742C ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
08:51:50.0253 0x1d2c  aswSnx - ok
08:51:50.0282 0x1d2c  [ 89D228621266365F1D82D73BA48A9D0E, E61E0C61FACDA48801BF8CDF14523C0B1B21B2920B3CF2CCC4212B12548971C8 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
08:51:50.0293 0x1d2c  aswSP - ok
08:51:50.0303 0x1d2c  [ 9C58B6E9663D0A76D00D83E43C765BDF, 3F474932E77318CD450A3A9C89667D2B26A7E3FAB9AA95D97FF3B1979623A7F2 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
08:51:50.0307 0x1d2c  aswStm - ok
08:51:50.0319 0x1d2c  [ 3267ED11A7EE6CA7F30505197B9FEC85, 474B10F03F991FEFC5FDE512F1EA73FE903D2F145393F1EB3E2D5CC9E44E6F3E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
08:51:50.0325 0x1d2c  aswVmm - ok
08:51:50.0331 0x1d2c  AsyncMac - ok
08:51:50.0337 0x1d2c  atapi - ok
08:51:50.0375 0x1d2c  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
08:51:50.0379 0x1d2c  AtiHDAudioService - ok
08:51:50.0409 0x1d2c  AudioEndpointBuilder - ok
08:51:50.0415 0x1d2c  Audiosrv - ok
08:51:50.0483 0x1d2c  [ F4E0580B5789474385E7ACB189C4AF2C, DB5BE2C852AC102AB8EB186362E582E250B843BA52B3B71AF08A5FDA8A6F91AF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:51:50.0489 0x1d2c  avast! Antivirus - ok
08:51:50.0497 0x1d2c  AxInstSV - ok
08:51:50.0519 0x1d2c  b06bdrv - ok
08:51:50.0532 0x1d2c  BasicDisplay - ok
08:51:50.0538 0x1d2c  BasicRender - ok
08:51:50.0571 0x1d2c  [ 3E3EB1B6119904D482C5F80DAB1DC3DD, CFD2981105527FA093D58FD718CC3D66C88A9CD799923DC3566A8A057E9EEA77 ] bcbtums         C:\WINDOWS\system32\DRIVERS\bcbtums.sys
08:51:50.0576 0x1d2c  bcbtums - ok
08:51:50.0862 0x1d2c  [ 4455CB2DCAAE2D706F35425DC3FB46B9, F63BEC14A121DA8BCF24E138D517D4D8313C9183D77257FAF7AABCECE42DA11C ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
08:51:51.0017 0x1d2c  BCM43XX - ok
08:51:51.0197 0x1d2c  [ 1C0D4B4E8B14AFC472AC4295A3DDC648, 45970366A1811B36EAE018BFC89E03E2BA9DB2868BCB1B630D642924893086F0 ] BcmBtRSupport   C:\Windows\system32\BtwRSupportService.exe
08:51:51.0254 0x1d2c  BcmBtRSupport - ok
08:51:51.0309 0x1d2c  bcmfn - ok
08:51:51.0315 0x1d2c  bcmfn2 - ok
08:51:51.0329 0x1d2c  BDESVC - ok
08:51:51.0341 0x1d2c  Beep - ok
08:51:51.0356 0x1d2c  BFE - ok
08:51:51.0377 0x1d2c  BITS - ok
08:51:51.0425 0x1d2c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:51:51.0434 0x1d2c  Bonjour Service - ok
08:51:51.0441 0x1d2c  bowser - ok
08:51:51.0460 0x1d2c  BrokerInfrastructure - ok
08:51:51.0467 0x1d2c  Browser - ok
08:51:51.0484 0x1d2c  BthAvrcpTg - ok
08:51:51.0494 0x1d2c  BthHFEnum - ok
08:51:51.0501 0x1d2c  bthhfhid - ok
08:51:51.0520 0x1d2c  BthHFSrv - ok
08:51:51.0525 0x1d2c  BTHMODEM - ok
08:51:51.0546 0x1d2c  BTHPORT - ok
08:51:51.0552 0x1d2c  bthserv - ok
08:51:51.0559 0x1d2c  BTHUSB - ok
08:51:51.0577 0x1d2c  [ 8FE26E249479BD8B305A06DAB93C84F3, E7C66888F22F1A585053444B3BFC0ECA95EFA8E84AD8868DE3E714F80C245BFD ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
08:51:51.0583 0x1d2c  btwampfl - ok
08:51:51.0608 0x1d2c  buttonconverter - ok
08:51:51.0616 0x1d2c  CapImg - ok
08:51:51.0622 0x1d2c  cdfs - ok
08:51:51.0641 0x1d2c  CDPSvc - ok
08:51:51.0647 0x1d2c  CDPUserSvc - ok
08:51:51.0695 0x1d2c  cdrom - ok
08:51:51.0704 0x1d2c  CertPropSvc - ok
08:51:51.0729 0x1d2c  cht4iscsi - ok
08:51:51.0752 0x1d2c  cht4vbd - ok
08:51:51.0785 0x1d2c  circlass - ok
08:51:51.0791 0x1d2c  CLFS - ok
08:51:51.0978 0x1d2c  [ 5A2EF42528D1D2D3C8732FC1A7CDD16D, B961D2F4B7DA5FF68AFCD10FDAC545442FEC8CF05D7D6BB4A00E2F5A2F2950F0 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
08:51:52.0069 0x1d2c  ClickToRunSvc - ok
08:51:52.0096 0x1d2c  ClipSVC - ok
08:51:52.0102 0x1d2c  clreg - ok
08:51:52.0142 0x1d2c  [ 228CB7727EC19833A74DAA5BE8627114, 7ABDEABF648C0CF04C736D9F1056CD54D5913837E1543CC358FDDFA9389934EC ] clwvd6          C:\WINDOWS\system32\DRIVERS\clwvd6.sys
08:51:52.0145 0x1d2c  clwvd6 - ok
08:51:52.0174 0x1d2c  CmBatt - ok
08:51:52.0190 0x1d2c  CNG - ok
08:51:52.0197 0x1d2c  cnghwassist - ok
08:51:52.0272 0x1d2c  CompositeBus - ok
08:51:52.0278 0x1d2c  COMSysApp - ok
08:51:52.0285 0x1d2c  condrv - ok
08:51:52.0291 0x1d2c  CoreMessagingRegistrar - ok
08:51:52.0311 0x1d2c  CryptSvc - ok
08:51:52.0325 0x1d2c  dam - ok
08:51:52.0352 0x1d2c  DcomLaunch - ok
08:51:52.0367 0x1d2c  DcpSvc - ok
08:51:52.0384 0x1d2c  defragsvc - ok
08:51:52.0409 0x1d2c  DeviceAssociationService - ok
08:51:52.0417 0x1d2c  DeviceInstall - ok
08:51:52.0437 0x1d2c  DevQueryBroker - ok
08:51:52.0450 0x1d2c  Dfsc - ok
08:51:52.0457 0x1d2c  Dhcp - ok
08:51:52.0488 0x1d2c  diagnosticshub.standardcollector.service - ok
08:51:52.0496 0x1d2c  DiagTrack - ok
08:51:52.0503 0x1d2c  disk - ok
08:51:52.0538 0x1d2c  DmEnrollmentSvc - ok
08:51:52.0545 0x1d2c  dmvsc - ok
08:51:52.0555 0x1d2c  dmwappushservice - ok
08:51:52.0577 0x1d2c  Dnscache - ok
08:51:52.0602 0x1d2c  dot3svc - ok
08:51:52.0607 0x1d2c  DPS - ok
08:51:52.0620 0x1d2c  drmkaud - ok
08:51:52.0625 0x1d2c  DsmSvc - ok
08:51:52.0631 0x1d2c  DsSvc - ok
08:51:52.0639 0x1d2c  DXGKrnl - ok
08:51:52.0646 0x1d2c  EapHost - ok
08:51:52.0662 0x1d2c  ebdrv - ok
08:51:52.0680 0x1d2c  EFS - ok
08:51:52.0686 0x1d2c  EhStorClass - ok
08:51:52.0692 0x1d2c  EhStorTcgDrv - ok
08:51:52.0708 0x1d2c  embeddedmode - ok
08:51:52.0740 0x1d2c  [ 6B0564B6DDD28E36A59A7F322E0AE2D6, D8F73C7406F45ACFE8EB7C7EB9593EF577627A00843316194BDF973E2FB824FE ] EMET_Service    C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
08:51:52.0743 0x1d2c  EMET_Service - ok
08:51:52.0760 0x1d2c  EntAppSvc - ok
08:51:52.0816 0x1d2c  [ F25A2EBFEB9814C048DAC62D0CB8C83B, 5DBF0A98F72DF44B4BD5101C884CE0A6FE9BC00F8CD83765CED885CBC5296D44 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
08:51:52.0823 0x1d2c  epp - ok
08:51:52.0891 0x1d2c  [ 649A7B20A642BC2457E09EC3BB501CFC, E05DDCDE327FB97C161A51D17D9F5817D00CF7577070BE481D9C747CE10BAE22 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
08:51:52.0911 0x1d2c  EpsonCustomerResearchParticipation - ok
08:51:52.0948 0x1d2c  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\WINDOWS\system32\EscSvc64.exe
08:51:52.0960 0x1d2c  EpsonScanSvc - ok
08:51:52.0985 0x1d2c  ErrDev - ok
08:51:53.0041 0x1d2c  [ 32710ECBE3C17C6F769BAC88CD1756FF, BB9B269F0322FFBFAC459EC15BA9410A5FF5CDCBD38F67F8482720ACB1799C2B ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
08:51:53.0045 0x1d2c  ESProtectionDriver - ok
08:51:53.0071 0x1d2c  EventSystem - ok
08:51:53.0083 0x1d2c  exfat - ok
08:51:53.0157 0x1d2c  [ 598DA56417A1610BE6EBD656051DE8F3, D1D27EB524B36D3B2A7BFAAB53AC36830E012C8ED2DAF19087E7F5150EC3C2EC ] farflt          C:\WINDOWS\system32\drivers\farflt.sys
08:51:53.0162 0x1d2c  farflt - ok
08:51:53.0171 0x1d2c  fastfat - ok
08:51:53.0196 0x1d2c  Fax - ok
08:51:53.0208 0x1d2c  fdc - ok
08:51:53.0219 0x1d2c  fdPHost - ok
08:51:53.0229 0x1d2c  FDResPub - ok
08:51:53.0238 0x1d2c  fhsvc - ok
08:51:53.0272 0x1d2c  FileCrypt - ok
08:51:53.0280 0x1d2c  FileInfo - ok
08:51:53.0295 0x1d2c  Filetrace - ok
08:51:53.0302 0x1d2c  flpydisk - ok
08:51:53.0309 0x1d2c  FltMgr - ok
08:51:53.0328 0x1d2c  FontCache - ok
08:51:53.0416 0x1d2c  FontCache3.0.0.0 - ok
08:51:53.0442 0x1d2c  FrameServer - ok
08:51:53.0451 0x1d2c  FsDepends - ok
08:51:53.0464 0x1d2c  Fs_Rec - ok
08:51:53.0475 0x1d2c  fvevol - ok
08:51:53.0483 0x1d2c  gencounter - ok
08:51:53.0490 0x1d2c  genericusbfn - ok
08:51:53.0504 0x1d2c  GPIOClx0101 - ok
08:51:53.0523 0x1d2c  gpsvc - ok
08:51:53.0538 0x1d2c  GpuEnergyDrv - ok
08:51:53.0593 0x1d2c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:53.0598 0x1d2c  gupdate - ok
08:51:53.0608 0x1d2c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:53.0612 0x1d2c  gupdatem - ok
08:51:53.0619 0x1d2c  HDAudBus - ok
08:51:53.0625 0x1d2c  HidBatt - ok
08:51:53.0649 0x1d2c  HidBth - ok
08:51:53.0655 0x1d2c  hidi2c - ok
08:51:53.0661 0x1d2c  hidinterrupt - ok
08:51:53.0682 0x1d2c  HidIr - ok
08:51:53.0688 0x1d2c  hidserv - ok
08:51:53.0709 0x1d2c  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
08:51:53.0712 0x1d2c  HidUsb - ok
08:51:53.0727 0x1d2c  HomeGroupListener - ok
08:51:53.0740 0x1d2c  HomeGroupProvider - ok
08:51:53.0770 0x1d2c  [ 3E28EE56DEC5678EC088752B91C05ADF, 1F80E7162BF80C66C5E58DD40513877579324FE4387044DC2A335F4320E8DFC7 ] hpdskflt        C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
08:51:53.0773 0x1d2c  hpdskflt - ok
08:51:53.0875 0x1d2c  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:51:53.0896 0x1d2c  hpqwmiex - ok
08:51:53.0905 0x1d2c  HpSAMD - ok
08:51:53.0924 0x1d2c  [ 2456CAA57C1DBF8DD4AAB89A293F9F26, 8996E639C3FB13D90DC6304563C69F7C46EC5E053BAFEE0E0A9F999093FC31E9 ] hpsrv           C:\WINDOWS\system32\Hpservice.exe
08:51:53.0935 0x1d2c  hpsrv - ok
08:51:53.0975 0x1d2c  [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
08:51:53.0977 0x1d2c  HPSupportSolutionsFrameworkService - ok
08:51:54.0022 0x1d2c  [ E7F6B3C8F78B4A49E283DB4619B26841, 1653F2CE201A8794D64A5E60B257CB6691D9C4B61CCDA415E0355E56506DFA47 ] HPWMISVC        c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
08:51:54.0038 0x1d2c  HPWMISVC - ok
08:51:54.0047 0x1d2c  HTTP - ok
08:51:54.0082 0x1d2c  HvHost - ok
08:51:54.0100 0x1d2c  hvservice - ok
08:51:54.0107 0x1d2c  hwpolicy - ok
08:51:54.0127 0x1d2c  hyperkbd - ok
08:51:54.0148 0x1d2c  i8042prt - ok
08:51:54.0156 0x1d2c  iagpio - ok
08:51:54.0163 0x1d2c  iai2c - ok
08:51:54.0170 0x1d2c  iaLPSS2i_GPIO2 - ok
08:51:54.0177 0x1d2c  iaLPSS2i_I2C - ok
08:51:54.0185 0x1d2c  iaLPSSi_GPIO - ok
08:51:54.0191 0x1d2c  iaLPSSi_I2C - ok
08:51:54.0198 0x1d2c  iaStorAV - ok
08:51:54.0205 0x1d2c  iaStorV - ok
08:51:54.0213 0x1d2c  ibbus - ok
08:51:54.0237 0x1d2c  icssvc - ok
08:51:54.0255 0x1d2c  IKEEXT - ok
08:51:54.0303 0x1d2c  IndirectKmd - ok
08:51:54.0517 0x1d2c  [ A3FBAA4798BC0DC070540A7A3095FD1F, 56426E38EF9E92C81C51B49BAF2C0A15D0A9B9240287619E2640A9BA67F0B1F9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
08:51:54.0634 0x1d2c  IntcAzAudAddService - ok
08:51:54.0650 0x1d2c  intelide - ok
08:51:54.0658 0x1d2c  intelpep - ok
08:51:54.0671 0x1d2c  intelppm - ok
08:51:54.0676 0x1d2c  iorate - ok
08:51:54.0684 0x1d2c  IpFilterDriver - ok
08:51:54.0700 0x1d2c  iphlpsvc - ok
08:51:54.0713 0x1d2c  IPMIDRV - ok
08:51:54.0724 0x1d2c  IPNAT - ok
08:51:54.0730 0x1d2c  irda - ok
08:51:54.0738 0x1d2c  IRENUM - ok
08:51:54.0744 0x1d2c  irmon - ok
08:51:54.0751 0x1d2c  isapnp - ok
08:51:54.0757 0x1d2c  iScsiPrt - ok
08:51:54.0764 0x1d2c  kbdclass - ok
08:51:54.0770 0x1d2c  kbdhid - ok
08:51:54.0784 0x1d2c  kdnic - ok
08:51:54.0790 0x1d2c  KeyIso - ok
08:51:54.0796 0x1d2c  KSecDD - ok
08:51:54.0804 0x1d2c  KSecPkg - ok
08:51:54.0811 0x1d2c  ksthunk - ok
08:51:54.0829 0x1d2c  KtmRm - ok
08:51:54.0850 0x1d2c  LanmanServer - ok
08:51:54.0856 0x1d2c  LanmanWorkstation - ok
08:51:54.0866 0x1d2c  lfsvc - ok
08:51:54.0889 0x1d2c  LicenseManager - ok
08:51:54.0896 0x1d2c  lltdio - ok
08:51:54.0914 0x1d2c  lltdsvc - ok
08:51:54.0935 0x1d2c  lmhosts - ok
08:51:54.0944 0x1d2c  LSI_SAS - ok
08:51:54.0950 0x1d2c  LSI_SAS2i - ok
08:51:54.0971 0x1d2c  LSI_SAS3i - ok
08:51:54.0979 0x1d2c  LSI_SSS - ok
08:51:54.0992 0x1d2c  LSM - ok
08:51:54.0999 0x1d2c  luafv - ok
08:51:55.0026 0x1d2c  MapsBroker - ok
08:51:55.0183 0x1d2c  [ 03FC3E16DCF3C22AFB26657CAEBAE831, A6BC0B8702131D941D9FF28DC01DFB5560F7E55A1DE835B931DE11F0D52AE7E0 ] MB3Service      C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
08:51:55.0255 0x1d2c  MB3Service - ok
08:51:55.0319 0x1d2c  [ DE111E937CB01E149FD749F67CDA7DD9, 1434FD87072FE4032D40E2B59DA301B0B35A301DAD4A6E7FE53BE8044BD2B465 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
08:51:55.0336 0x1d2c  MbaeSvc - ok
08:51:55.0396 0x1d2c  [ B65EFC9029517B820BF14C94C3499738, 8DD7FEA79A96FD68A88C80770DBF0DF35A61BCA3CBB0FDD2257C7C0B47829F6D ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
08:51:55.0402 0x1d2c  MBAMSwissArmy - ok
08:51:55.0437 0x1d2c  megasas - ok
08:51:55.0444 0x1d2c  megasr - ok
08:51:55.0461 0x1d2c  MessagingService - ok
08:51:55.0515 0x1d2c  mlx4_bus - ok
08:51:55.0535 0x1d2c  MMCSS - ok
08:51:55.0545 0x1d2c  Modem - ok
08:51:55.0554 0x1d2c  monitor - ok
08:51:55.0561 0x1d2c  mouclass - ok
08:51:55.0569 0x1d2c  mouhid - ok
08:51:55.0578 0x1d2c  mountmgr - ok
08:51:55.0631 0x1d2c  [ C01441BA6F99890B7FF6CD0260B7750A, E02FFB1E8A3E423C9392ADAA9DF5FECF800DFAB3E09B74A029106DC337995539 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:51:55.0636 0x1d2c  MozillaMaintenance - ok
08:51:55.0644 0x1d2c  mpsdrv - ok
08:51:55.0667 0x1d2c  MpsSvc - ok
08:51:55.0688 0x1d2c  MRxDAV - ok
08:51:55.0713 0x1d2c  mrxsmb - ok
08:51:55.0720 0x1d2c  mrxsmb10 - ok
08:51:55.0729 0x1d2c  mrxsmb20 - ok
08:51:55.0745 0x1d2c  MsBridge - ok
08:51:55.0761 0x1d2c  MSDTC - ok
08:51:55.0774 0x1d2c  Msfs - ok
08:51:55.0802 0x1d2c  msgpiowin32 - ok
08:51:55.0814 0x1d2c  mshidkmdf - ok
08:51:55.0822 0x1d2c  mshidumdf - ok
08:51:55.0828 0x1d2c  msisadrv - ok
08:51:55.0843 0x1d2c  MSiSCSI - ok
08:51:55.0849 0x1d2c  msiserver - ok
08:51:55.0856 0x1d2c  MSKSSRV - ok
08:51:55.0864 0x1d2c  MsLldp - ok
08:51:55.0871 0x1d2c  MSPCLOCK - ok
08:51:55.0890 0x1d2c  MSPQM - ok
08:51:55.0896 0x1d2c  MsRPC - ok
08:51:55.0907 0x1d2c  mssmbios - ok
08:51:55.0914 0x1d2c  MSTEE - ok
08:51:55.0921 0x1d2c  MTConfig - ok
08:51:55.0928 0x1d2c  Mup - ok
08:51:55.0935 0x1d2c  mvumis - ok
08:51:55.0945 0x1d2c  NativeWifiP - ok
08:51:55.0960 0x1d2c  NcaSvc - ok
08:51:55.0976 0x1d2c  NcbService - ok
08:51:55.0982 0x1d2c  NcdAutoSetup - ok
08:51:55.0989 0x1d2c  ndfltr - ok
08:51:55.0996 0x1d2c  NDIS - ok
08:51:56.0003 0x1d2c  NdisCap - ok
08:51:56.0011 0x1d2c  NdisImPlatform - ok
08:51:56.0017 0x1d2c  NdisTapi - ok
08:51:56.0024 0x1d2c  Ndisuio - ok
08:51:56.0031 0x1d2c  NdisVirtualBus - ok
08:51:56.0040 0x1d2c  NdisWan - ok
08:51:56.0047 0x1d2c  ndiswanlegacy - ok
08:51:56.0055 0x1d2c  ndproxy - ok
08:51:56.0062 0x1d2c  Ndu - ok
08:51:56.0069 0x1d2c  NetAdapterCx - ok
08:51:56.0076 0x1d2c  NetBIOS - ok
08:51:56.0088 0x1d2c  NetBT - ok
08:51:56.0095 0x1d2c  Netlogon - ok
08:51:56.0111 0x1d2c  Netman - ok
08:51:56.0120 0x1d2c  netprofm - ok
08:51:56.0139 0x1d2c  NetSetupSvc - ok
08:51:56.0195 0x1d2c  NetTcpPortSharing - ok
08:51:56.0207 0x1d2c  NgcCtnrSvc - ok
08:51:56.0220 0x1d2c  NgcSvc - ok
08:51:56.0229 0x1d2c  NlaSvc - ok
08:51:56.0238 0x1d2c  Npfs - ok
08:51:56.0257 0x1d2c  npsvctrig - ok
08:51:56.0264 0x1d2c  nsi - ok
08:51:56.0273 0x1d2c  nsiproxy - ok
08:51:56.0286 0x1d2c  NTFS - ok
08:51:56.0294 0x1d2c  Null - ok
08:51:56.0314 0x1d2c  nvraid - ok
08:51:56.0334 0x1d2c  nvstor - ok
08:51:56.0365 0x1d2c  OneSyncSvc - ok
08:51:56.0425 0x1d2c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:56.0433 0x1d2c  ose - ok
08:51:56.0456 0x1d2c  p2pimsvc - ok
08:51:56.0473 0x1d2c  p2psvc - ok
08:51:56.0481 0x1d2c  Parport - ok
08:51:56.0501 0x1d2c  partmgr - ok
08:51:56.0509 0x1d2c  PcaSvc - ok
08:51:56.0517 0x1d2c  pci - ok
08:51:56.0525 0x1d2c  pciide - ok
08:51:56.0534 0x1d2c  pcmcia - ok
08:51:56.0545 0x1d2c  pcw - ok
08:51:56.0554 0x1d2c  pdc - ok
08:51:56.0577 0x1d2c  PEAUTH - ok
08:51:56.0591 0x1d2c  percsas2i - ok
08:51:56.0599 0x1d2c  percsas3i - ok
08:51:56.0661 0x1d2c  PerfHost - ok
08:51:56.0680 0x1d2c  PhoneSvc - ok
08:51:56.0688 0x1d2c  PimIndexMaintenanceSvc - ok
08:51:56.0700 0x1d2c  pla - ok
08:51:56.0726 0x1d2c  PlugPlay - ok
08:51:56.0745 0x1d2c  PNRPAutoReg - ok
08:51:56.0753 0x1d2c  PNRPsvc - ok
08:51:56.0774 0x1d2c  PolicyAgent - ok
08:51:56.0785 0x1d2c  Power - ok
08:51:56.0795 0x1d2c  PptpMiniport - ok
08:51:56.0973 0x1d2c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
08:51:57.0034 0x1d2c  PrintNotify - ok
08:51:57.0069 0x1d2c  Processor - ok
08:51:57.0081 0x1d2c  ProfSvc - ok
08:51:57.0089 0x1d2c  Psched - ok
08:51:57.0123 0x1d2c  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
08:51:57.0126 0x1d2c  PSI - ok
08:51:57.0163 0x1d2c  [ D271C14EE0EEEA27359CD9E14E49F0DE, C69234841EE8E9A584CABF12CE2FA965F038BD30E78C57702B28EF4B3667BD7C ] PSKMAD          C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
08:51:57.0167 0x1d2c  PSKMAD - ok
08:51:57.0191 0x1d2c  QWAVE - ok
08:51:57.0210 0x1d2c  QWAVEdrv - ok
08:51:57.0221 0x1d2c  RasAcd - ok
08:51:57.0242 0x1d2c  RasAgileVpn - ok
08:51:57.0267 0x1d2c  RasAuto - ok
08:51:57.0274 0x1d2c  Rasl2tp - ok
08:51:57.0282 0x1d2c  RasMan - ok
08:51:57.0290 0x1d2c  RasPppoe - ok
08:51:57.0298 0x1d2c  RasSstp - ok
08:51:57.0322 0x1d2c  rdbss - ok
08:51:57.0345 0x1d2c  rdpbus - ok
08:51:57.0353 0x1d2c  RDPDR - ok
08:51:57.0372 0x1d2c  RdpVideoMiniport - ok
08:51:57.0382 0x1d2c  rdyboost - ok
08:51:57.0392 0x1d2c  ReFSv1 - ok
08:51:57.0423 0x1d2c  RemoteAccess - ok
08:51:57.0435 0x1d2c  RemoteRegistry - ok
08:51:57.0462 0x1d2c  RetailDemo - ok
08:51:57.0503 0x1d2c  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
08:51:57.0507 0x1d2c  Revoflt - ok
08:51:57.0602 0x1d2c  [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
08:51:57.0613 0x1d2c  RichVideo64 - ok
08:51:57.0622 0x1d2c  RmSvc - ok
08:51:57.0644 0x1d2c  RpcEptMapper - ok
08:51:57.0668 0x1d2c  RpcLocator - ok
08:51:57.0677 0x1d2c  RpcSs - ok
08:51:57.0710 0x1d2c  [ C855516CA01E9BF861B014B7A26A4C04, E696A2617A928A93CA5208DAEA3004D88A3FD95D1AB627ACEAD39BA1F40EB95D ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
08:51:57.0720 0x1d2c  RSP2STOR - ok
08:51:57.0743 0x1d2c  rspndr - ok
08:51:57.0810 0x1d2c  [ 12A3D1530E3F67B8664EBA923A3981E4, 8670C39EB0A7C37C17D014A8917493B776DE0829B55EFED13D91B6FA7B81CA11 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
08:51:57.0832 0x1d2c  rt640x64 - ok
08:51:57.0920 0x1d2c  [ AA2C429E47D021A8570C2E5ED9035321, 1324EE557AEDC938C31F65545D5D8CF582BECF02840A44A458303BD07A0E4B4D ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
08:51:57.0935 0x1d2c  RtkAudioService - ok
08:51:57.0973 0x1d2c  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
08:51:57.0983 0x1d2c  RTSUER - ok
08:51:58.0000 0x1d2c  s3cap - ok
08:51:58.0015 0x1d2c  SamSs - ok
08:51:58.0053 0x1d2c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:51:58.0055 0x1d2c  SASDIFSV - ok
08:51:58.0062 0x1d2c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:51:58.0064 0x1d2c  SASKUTIL - ok
08:51:58.0125 0x1d2c  [ 9B22A664138837E722AA510C38D05ABB, 242DBFF32AA8D16337E6CDA717DBC935875B9AEA5DBD95125296D16673969B0F ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
08:51:58.0130 0x1d2c  SbieDrv - ok
08:51:58.0162 0x1d2c  [ 7C22F817DE992440B3C1284BD6A665BD, 119F0BF8ADB0E61FCE4EE5363D9C8AC143F37D716E3CB413EB51F19883E30F06 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
08:51:58.0167 0x1d2c  SbieSvc - ok
08:51:58.0201 0x1d2c  sbp2port - ok
08:51:58.0225 0x1d2c  SCardSvr - ok
08:51:58.0241 0x1d2c  ScDeviceEnum - ok
08:51:58.0264 0x1d2c  scfilter - ok
08:51:58.0274 0x1d2c  Schedule - ok
08:51:58.0282 0x1d2c  scmbus - ok
08:51:58.0290 0x1d2c  scmdisk0101 - ok
08:51:58.0308 0x1d2c  SCPolicySvc - ok
08:51:58.0316 0x1d2c  sdbus - ok
08:51:58.0325 0x1d2c  SDRSVC - ok
08:51:58.0334 0x1d2c  sdstor - ok
08:51:58.0342 0x1d2c  seclogon - ok
08:51:58.0442 0x1d2c  [ BE43B6172AC5961017762AB3C9B9B4C6, 209356410729F5DB8E9CB64B7F32638CE4C1559B5FA10B66C69C0650A0ADD36E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
08:51:58.0478 0x1d2c  Secunia PSI Agent - ok
08:51:58.0521 0x1d2c  [ C85EE9529401BF0467DACEB3D4BD1EAF, 4CB441A39C4FF3417B9046BEB237B3043A105A0112F5A04444F431C7F77C3D4B ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
08:51:58.0540 0x1d2c  Secunia Update Agent - ok
08:51:58.0550 0x1d2c  SENS - ok
08:51:58.0580 0x1d2c  SensorDataService - ok
08:51:58.0607 0x1d2c  SensorService - ok
08:51:58.0616 0x1d2c  SensrSvc - ok
08:51:58.0625 0x1d2c  SerCx - ok
08:51:58.0642 0x1d2c  SerCx2 - ok
08:51:58.0655 0x1d2c  Serenum - ok
08:51:58.0665 0x1d2c  Serial - ok
08:51:58.0675 0x1d2c  sermouse - ok
08:51:58.0700 0x1d2c  SessionEnv - ok
08:51:58.0710 0x1d2c  sfloppy - ok
08:51:58.0749 0x1d2c  SharedAccess - ok
08:51:58.0781 0x1d2c  ShellHWDetection - ok
08:51:58.0797 0x1d2c  shpamsvc - ok
08:51:58.0807 0x1d2c  SiSRaid2 - ok
08:51:58.0816 0x1d2c  SiSRaid4 - ok
08:51:58.0857 0x1d2c  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:51:58.0865 0x1d2c  SkypeUpdate - ok
08:51:58.0899 0x1d2c  [ 9DE49656BECDA7F0446A1605FAA659D2, 443D483BE0CE298A29140197B67BF147BEFAEFB20E9378E4EFB4EE83918AD5F9 ] SmbDrv          C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys
08:51:58.0904 0x1d2c  SmbDrv - ok
08:51:58.0934 0x1d2c  [ 5ED4F1D2802C5507F0C455D8EF5A85A2, 68BB1B45ED573C3E7429A2534DEA24286E2DA33A73CF9619A221B81FAB3079B2 ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
08:51:58.0938 0x1d2c  SmbDrvI - ok
08:51:58.0978 0x1d2c  smphost - ok
08:51:59.0011 0x1d2c  SmsRouter - ok
08:51:59.0039 0x1d2c  SNMPTRAP - ok
08:51:59.0055 0x1d2c  spaceport - ok
08:51:59.0064 0x1d2c  SpbCx - ok
08:51:59.0073 0x1d2c  Spooler - ok
08:51:59.0092 0x1d2c  sppsvc - ok
08:51:59.0099 0x1d2c  srv - ok
08:51:59.0108 0x1d2c  srv2 - ok
08:51:59.0124 0x1d2c  srvnet - ok
08:51:59.0161 0x1d2c  SSDPSRV - ok
08:51:59.0188 0x1d2c  SstpSvc - ok
08:51:59.0218 0x1d2c  StateRepository - ok
08:51:59.0228 0x1d2c  stexstor - ok
08:51:59.0274 0x1d2c  stisvc - ok
08:51:59.0282 0x1d2c  storahci - ok
08:51:59.0300 0x1d2c  storflt - ok
08:51:59.0332 0x1d2c  [ B739FF1C1FAF9D0ADFBFB0FD59A5AB37, F128D872283AD1F91B56667DB885E7404D76B1CC72D6D71382C5DFA19AE433ED ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
08:51:59.0337 0x1d2c  stornvme - ok
08:51:59.0364 0x1d2c  storqosflt - ok
08:51:59.0382 0x1d2c  StorSvc - ok
08:51:59.0390 0x1d2c  storufs - ok
08:51:59.0399 0x1d2c  storvsc - ok
08:51:59.0421 0x1d2c  svsvc - ok
08:51:59.0430 0x1d2c  swenum - ok
08:51:59.0441 0x1d2c  swprv - ok
08:51:59.0497 0x1d2c  Synth3dVsc - ok
08:51:59.0545 0x1d2c  [ BA6AC6999A1706D767B48185EE4E5C1E, 9BFA3FB793B922A690B93E46645B5E637C08B057300BCED56885BB8F5267DA4B ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:51:59.0567 0x1d2c  SynTP - ok
08:51:59.0629 0x1d2c  [ B37B3992B58251150904A51454400825, 3ABBE21EA680A67CBE05658351D9F366C5C0DC8C5679460EF5DDAF87D3DFC811 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
08:51:59.0637 0x1d2c  SynTPEnhService - ok
08:51:59.0661 0x1d2c  SysMain - ok
08:51:59.0691 0x1d2c  SystemEventsBroker - ok
08:51:59.0701 0x1d2c  TabletInputService - ok
08:51:59.0711 0x1d2c  TapiSrv - ok
08:51:59.0801 0x1d2c  [ B4CB306845507AB3D494EEAAD38EC5E4, 8C1D7D4CF90A834B9F7EE7BADD1A84B425DAAF41072CE4987F9F022C8A1ABD39 ] tbaseprovisioning C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
08:51:59.0830 0x1d2c  tbaseprovisioning - ok
08:51:59.0849 0x1d2c  Tcpip - ok
08:51:59.0858 0x1d2c  Tcpip6 - ok
08:51:59.0874 0x1d2c  tcpipreg - ok
08:51:59.0907 0x1d2c  tdx - ok
08:51:59.0928 0x1d2c  terminpt - ok
08:51:59.0944 0x1d2c  TermService - ok
08:51:59.0961 0x1d2c  Themes - ok
08:51:59.0990 0x1d2c  TieringEngineService - ok
08:52:00.0019 0x1d2c  tiledatamodelsvc - ok
08:52:00.0030 0x1d2c  TimeBrokerSvc - ok
08:52:00.0040 0x1d2c  TPM - ok
08:52:00.0050 0x1d2c  TrkWks - ok
08:52:00.0082 0x1d2c  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
08:52:00.0087 0x1d2c  TrueSight - ok
08:52:00.0137 0x1d2c  TrustedInstaller - ok
08:52:00.0151 0x1d2c  tsusbflt - ok
08:52:00.0174 0x1d2c  TsUsbGD - ok
08:52:00.0183 0x1d2c  tunnel - ok
08:52:00.0191 0x1d2c  tzautoupdate - ok
08:52:00.0199 0x1d2c  UASPStor - ok
08:52:00.0207 0x1d2c  UcmCx0101 - ok
08:52:00.0216 0x1d2c  UcmTcpciCx0101 - ok
08:52:00.0225 0x1d2c  UcmUcsi - ok
08:52:00.0240 0x1d2c  Ucx01000 - ok
08:52:00.0249 0x1d2c  UdeCx - ok
08:52:00.0259 0x1d2c  udfs - ok
08:52:00.0268 0x1d2c  UEFI - ok
08:52:00.0278 0x1d2c  Ufx01000 - ok
08:52:00.0289 0x1d2c  UfxChipidea - ok
08:52:00.0299 0x1d2c  ufxsynopsys - ok
08:52:00.0323 0x1d2c  UI0Detect - ok
08:52:00.0334 0x1d2c  umbus - ok
08:52:00.0344 0x1d2c  UmPass - ok
08:52:00.0356 0x1d2c  UmRdpService - ok
08:52:00.0366 0x1d2c  UnistoreSvc - ok
08:52:00.0383 0x1d2c  upnphost - ok
08:52:00.0392 0x1d2c  UrsChipidea - ok
08:52:00.0402 0x1d2c  UrsCx01000 - ok
08:52:00.0412 0x1d2c  UrsSynopsys - ok
08:52:00.0423 0x1d2c  usbccgp - ok
08:52:00.0434 0x1d2c  usbcir - ok
08:52:00.0444 0x1d2c  usbehci - ok
08:52:00.0455 0x1d2c  usbhub - ok
08:52:00.0465 0x1d2c  USBHUB3 - ok
08:52:00.0475 0x1d2c  usbohci - ok
08:52:00.0486 0x1d2c  usbprint - ok
08:52:00.0496 0x1d2c  usbser - ok
08:52:00.0506 0x1d2c  USBSTOR - ok
08:52:00.0515 0x1d2c  usbuhci - ok
08:52:00.0529 0x1d2c  usbvideo - ok
08:52:00.0537 0x1d2c  USBXHCI - ok
08:52:00.0547 0x1d2c  UserDataSvc - ok
08:52:00.0586 0x1d2c  UserManager - ok
08:52:00.0596 0x1d2c  UsoSvc - ok
08:52:00.0607 0x1d2c  VaultSvc - ok
08:52:00.0617 0x1d2c  vdrvroot - ok
08:52:00.0627 0x1d2c  vds - ok
08:52:00.0638 0x1d2c  VerifierExt - ok
08:52:00.0648 0x1d2c  vhdmp - ok
08:52:00.0659 0x1d2c  vhf - ok
08:52:00.0668 0x1d2c  vmbus - ok
08:52:00.0679 0x1d2c  VMBusHID - ok
08:52:00.0705 0x1d2c  vmgid - ok
08:52:00.0718 0x1d2c  vmicguestinterface - ok
08:52:00.0729 0x1d2c  vmicheartbeat - ok
08:52:00.0742 0x1d2c  vmickvpexchange - ok
08:52:00.0761 0x1d2c  vmicrdv - ok
08:52:00.0771 0x1d2c  vmicshutdown - ok
08:52:00.0782 0x1d2c  vmictimesync - ok
08:52:00.0792 0x1d2c  vmicvmsession - ok
08:52:00.0802 0x1d2c  vmicvss - ok
08:52:00.0812 0x1d2c  volmgr - ok
08:52:00.0823 0x1d2c  volmgrx - ok
08:52:00.0833 0x1d2c  volsnap - ok
08:52:00.0842 0x1d2c  volume - ok
08:52:00.0905 0x1d2c  [ 09FCFAE8B048D214F0B2DD0596D89958, FE242391F3325D1F3553B403BC0AA7A0D06C71AEFA79B8EB96ADA0C0193FC3E7 ] VoodooShieldService C:\Program Files\VoodooShield\VoodooShieldService.exe
08:52:00.0909 0x1d2c  VoodooShieldService - ok
08:52:00.0919 0x1d2c  vpci - ok
08:52:00.0933 0x1d2c  vsmraid - ok
08:52:00.0946 0x1d2c  VSS - ok
08:52:00.0980 0x1d2c  [ 88457246BE3C9DE59DDAA36305C013F4, A3DF30EA027AE0A788AAB58E22498004FAB2354E7AA53FACA08198008582D078 ] VSScanner       C:\WINDOWS\system32\DRIVERS\vsscanner.sys
08:52:00.0985 0x1d2c  VSScanner - ok
08:52:00.0994 0x1d2c  VSTXRAID - ok
08:52:01.0003 0x1d2c  vwifibus - ok
08:52:01.0013 0x1d2c  vwififlt - ok
08:52:01.0022 0x1d2c  vwifimp - ok
08:52:01.0040 0x1d2c  W32Time - ok
08:52:01.0049 0x1d2c  WacomPen - ok
08:52:01.0077 0x1d2c  WalletService - ok
08:52:01.0087 0x1d2c  wanarp - ok
08:52:01.0096 0x1d2c  wanarpv6 - ok
08:52:01.0106 0x1d2c  wbengine - ok
08:52:01.0116 0x1d2c  WbioSrvc - ok
08:52:01.0125 0x1d2c  wcifs - ok
08:52:01.0151 0x1d2c  Wcmsvc - ok
08:52:01.0160 0x1d2c  wcncsvc - ok
08:52:01.0170 0x1d2c  wcnfs - ok
08:52:01.0179 0x1d2c  WdBoot - ok
08:52:01.0189 0x1d2c  Wdf01000 - ok
08:52:01.0198 0x1d2c  WdFilter - ok
08:52:01.0208 0x1d2c  WdiServiceHost - ok
08:52:01.0218 0x1d2c  WdiSystemHost - ok
08:52:01.0227 0x1d2c  wdiwifi - ok
08:52:01.0238 0x1d2c  WdNisDrv - ok
08:52:01.0285 0x1d2c  WdNisSvc - ok
08:52:01.0295 0x1d2c  WebClient - ok
08:52:01.0304 0x1d2c  Wecsvc - ok
08:52:01.0313 0x1d2c  WEPHOSTSVC - ok
08:52:01.0324 0x1d2c  wercplsupport - ok
08:52:01.0334 0x1d2c  WerSvc - ok
08:52:01.0343 0x1d2c  WFPLWFS - ok
08:52:01.0353 0x1d2c  WiaRpc - ok
08:52:01.0362 0x1d2c  WIMMount - ok
08:52:01.0371 0x1d2c  WinDefend - ok
08:52:01.0417 0x1d2c  WindowsTrustedRT - ok
08:52:01.0426 0x1d2c  WindowsTrustedRTProxy - ok
08:52:01.0452 0x1d2c  WinHttpAutoProxySvc - ok
08:52:01.0474 0x1d2c  WinMad - ok
08:52:01.0509 0x1d2c  Winmgmt - ok
08:52:01.0537 0x1d2c  WinRM - ok
08:52:01.0560 0x1d2c  WINUSB - ok
08:52:01.0572 0x1d2c  WinVerbs - ok
08:52:01.0599 0x1d2c  [ BD19E2065A51E5E72A58729EE8CAA944, 2E5304B69A0D3ECCF9A1DEA152120493ACC3A77670380CDB24979BF5B56CAC26 ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
08:52:01.0602 0x1d2c  WirelessButtonDriver64 - ok
08:52:01.0622 0x1d2c  wisvc - ok
08:52:01.0656 0x1d2c  WlanSvc - ok
08:52:01.0677 0x1d2c  wlidsvc - ok
08:52:01.0693 0x1d2c  WmiAcpi - ok
08:52:01.0724 0x1d2c  wmiApSrv - ok
08:52:01.0755 0x1d2c  WMPNetworkSvc - ok
08:52:01.0773 0x1d2c  Wof - ok
08:52:01.0796 0x1d2c  workfolderssvc - ok
08:52:01.0813 0x1d2c  WPDBusEnum - ok
08:52:01.0861 0x1d2c  WpdUpFltr - ok
08:52:01.0871 0x1d2c  WpnService - ok
08:52:01.0881 0x1d2c  WpnUserService - ok
08:52:01.0904 0x1d2c  ws2ifsl - ok
08:52:01.0913 0x1d2c  wscsvc - ok
08:52:01.0922 0x1d2c  WSearch - ok
08:52:01.0955 0x1d2c  wuauserv - ok
08:52:01.0965 0x1d2c  WudfPf - ok
08:52:01.0976 0x1d2c  WUDFRd - ok
08:52:01.0989 0x1d2c  wudfsvc - ok
08:52:02.0000 0x1d2c  WwanSvc - ok
08:52:02.0021 0x1d2c  XblAuthManager - ok
08:52:02.0033 0x1d2c  XblGameSave - ok
08:52:02.0049 0x1d2c  xboxgip - ok
08:52:02.0070 0x1d2c  XboxNetApiSvc - ok
08:52:02.0081 0x1d2c  xinputhid - ok
08:52:02.0090 0x1d2c  ================ Scan global ===============================
08:52:02.0141 0x1d2c  [ Global ] - ok
08:52:02.0142 0x1d2c  ================ Scan MBR ==================================
08:52:02.0159 0x1d2c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
08:52:02.0177 0x1d2c  \Device\Harddisk0\DR0 - ok
08:52:02.0178 0x1d2c  ================ Scan VBR ==================================
08:52:02.0182 0x1d2c  [ 89B32DE5A5E9DAF166C70F73AD8F30E7 ] \Device\Harddisk0\DR0\Partition1
08:52:02.0183 0x1d2c  \Device\Harddisk0\DR0\Partition1 - ok
08:52:02.0196 0x1d2c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
08:52:02.0196 0x1d2c  \Device\Harddisk0\DR0\Partition2 - ok
08:52:02.0213 0x1d2c  [ 0EB3E64C4504047314DF3FC269007ED5 ] \Device\Harddisk0\DR0\Partition3
08:52:02.0215 0x1d2c  \Device\Harddisk0\DR0\Partition3 - ok
08:52:02.0243 0x1d2c  [ 3A7EC54CD3B35607B09285DDA7212FD0 ] \Device\Harddisk0\DR0\Partition4
08:52:02.0245 0x1d2c  \Device\Harddisk0\DR0\Partition4 - ok
08:52:02.0256 0x1d2c  [ AFEA0744FA59BA18CE82617C5BCADB25 ] \Device\Harddisk0\DR0\Partition5
08:52:02.0258 0x1d2c  \Device\Harddisk0\DR0\Partition5 - ok
08:52:02.0258 0x1d2c  ================ Scan generic autorun ======================
08:52:02.0570 0x1d2c  [ BEF2C36A44611686775DC120D8C6D257, 7FF5203D9840C24E57BDAFBF7A94AEB58B1AF6A29F7F32FA56BCA382DEB9827A ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
08:52:02.0721 0x1d2c  RTHDVCPL - ok
08:52:02.0740 0x1d2c  SynTPEnh - ok
08:52:02.0779 0x1d2c  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
08:52:02.0785 0x1d2c  Classic Start Menu - ok
08:52:02.0898 0x1d2c  [ C970CFD10A0BC971305BD9D49FF042AE, 7E55402C793C69CF96C230A23AAF10C2F37215E6780DA0D56F56B805B84F11DD ] C:\Program Files\VoodooShield\VoodooShield.exe
08:52:02.0955 0x1d2c  VoodooShield - ok
08:52:02.0961 0x1d2c  WindowsDefender - ok
08:52:03.0004 0x1d2c  [ F4BC46AD4FC1F2F3372EBF8505D00436, 94F752406AC4968A917691A2E2A09C2EBAAA24E549E3BC0F5F256A8233DF86D5 ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
08:52:03.0008 0x1d2c  AccelerometerSysTrayApplet - ok
08:52:03.0063 0x1d2c  [ 90D6A3B9DD3F54A2ACEF8DF2AB001F0D, A7F411C6D0C1B00E9C462ABA13BB765FD2D3C3D49FE0663AABDC32A69835AC2F ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
08:52:03.0078 0x1d2c  HPMessageService - ok
08:52:03.0154 0x1d2c  [ CD0A2B077C6C991BAEA38FD1E5EE0446, 72DE9008C77AB9734D6D1D0A4B04BB9EAFE1CF4EFA7AC67EC73BD16A7A8CF3BA ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
08:52:03.0168 0x1d2c  StartCCC - ok
08:52:03.0528 0x1d2c  [ 02355D2979DC8B15FFC606236A438177, 55E0C74D8E01AA09FA96140814C37AF32B66CA9DA53A8C597AFD6860521C890B ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
08:52:03.0692 0x1d2c  AvastUI.exe - ok
08:52:03.0854 0x1d2c  [ 1A774CBE54318A3411539BA10D47BEF5, 99CDBD90429FCAFA1C814E49EFF1160E8DC7D43B8F82E8AC33116BE7D42DBA9B ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
08:52:03.0896 0x1d2c  Malwarebytes Anti-Exploit - ok
08:52:04.0220 0x1d2c  [ 9A29A8B8D6DC94CF326D2527A0F52D25, B3622AFCD3A043A8B6F40241517887182B4A08AA3F2AA8243A5B12606023A634 ] C:\Program Files (x86)\HostsMan\hm.exe
08:52:04.0409 0x1d2c  HostsMan - ok
08:52:04.0498 0x1d2c  [ A150E85CC5E7AD40A9050617F88BBE87, 74F8297788FBFCC885719A21D5E28DC62A3E5FAE4ACE0183A8D7DCDF8304D453 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
08:52:04.0509 0x1d2c  FUFAXRCV - ok
08:52:04.0552 0x1d2c  [ 068776D310B4830FF55903B3CAAA5FB9, 020679E5F9848BD68647781DA7A994E0249C538DB1293B948E38D532B1BD940D ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
08:52:04.0570 0x1d2c  FUFAXSTM - ok
08:52:04.0650 0x1d2c  [ F17FFAF69E1AF3D0A010FD4749148981, 7486A1EFE378BFCEE30D169BD0189CABD6935EBEE556BF0328330B120975EA03 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
08:52:04.0674 0x1d2c  EEventManager - ok
08:52:04.0730 0x1d2c  OneDriveSetup - ok
08:52:04.0733 0x1d2c  OneDriveSetup - ok
08:52:04.0807 0x1d2c  [ D572125A8FBBEBAC423A8917537DFB9F, 9AB39E41BB997C98183BA0C29B45F98B5AC97B3AAD42917C30CE7A3F66D39D85 ] C:\Program Files\Sandboxie\SbieCtrl.exe
08:52:04.0826 0x1d2c  SandboxieControl - ok
08:52:04.0986 0x1d2c  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Microsoft\OneDrive\OneDrive.exe
08:52:04.0999 0x1d2c  OneDrive - ok
08:52:05.0026 0x1d2c  [ D572125A8FBBEBAC423A8917537DFB9F, 9AB39E41BB997C98183BA0C29B45F98B5AC97B3AAD42917C30CE7A3F66D39D85 ] C:\Program Files\Sandboxie\SbieCtrl.exe
08:52:05.0042 0x1d2c  SandboxieControl - ok
08:52:05.0070 0x1d2c  Uninstall C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64 - ok
08:52:05.0084 0x1d2c  Uninstall C:\Users\Visitor.DESKTOP-LGVE44F\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1 - ok
08:52:05.0207 0x1d2c  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\RBC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
08:52:05.0218 0x1d2c  OneDrive - ok
08:52:05.0245 0x1d2c  [ D572125A8FBBEBAC423A8917537DFB9F, 9AB39E41BB997C98183BA0C29B45F98B5AC97B3AAD42917C30CE7A3F66D39D85 ] C:\Program Files\Sandboxie\SbieCtrl.exe
08:52:05.0260 0x1d2c  SandboxieControl - ok
08:52:05.0264 0x1d2c  Waiting for KSN requests completion. In queue: 65
08:52:06.0304 0x1d2c  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 11.10.0.6563 ), 0x40000 ( disabled : updated )
08:52:06.0306 0x1d2c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.0 ), 0x60100 ( disabled : updated )
08:52:06.0308 0x1d2c  AV detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 12.3.3154.0 ), 0x41000 ( enabled : updated )
08:52:06.0317 0x1d2c  Win FW state via NFP2: enabled ( trusted )
08:52:06.0622 0x1d2c  ============================================================
08:52:06.0622 0x1d2c  Scan finished
08:52:06.0622 0x1d2c  ============================================================
08:52:06.0640 0x2340  Detected object count: 0
08:52:06.0640 0x2340  Actual detected object count: 0
 

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-08-27 09:21:52
-----------------------------
09:21:52.709    OS Version: Windows x64 6.2.9200
09:21:52.709    Number of processors: 4 586 0x6001
09:21:52.711    ComputerName: DESKTOP-LGVE44F  UserName: Richard
09:21:54.514    Initialize success
09:21:54.527    VM: initialized successfully
09:21:54.529    VM: Amd CPU BiosDisabled
09:22:03.040    AVAST engine defs: 16082700
09:22:36.838    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000027
09:22:36.842    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
09:22:36.956    Disk 0 MBR read successfully
09:22:36.960    Disk 0 MBR scan
09:22:36.965    Disk 0 unknown MBR code
09:22:36.970    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
09:22:36.995    Disk 0 scanning C:\WINDOWS\system32\drivers
09:22:47.105    Service scanning
09:23:03.463    Modules scanning
09:23:03.478    Disk 0 trace - called modules:
09:23:03.526    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys storahci.sys hal.dll
09:23:03.533    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffbe0434b5d060]
09:23:03.539    3 CLASSPNP.SYS[fffff806173a5eeb] -> nt!IofCallDriver -> [0xffffbe0434a7fb10]
09:23:03.543    5 hpdskflt.sys[fffff80617cf242b] -> nt!IofCallDriver -> \Device\00000027[0xffffbe0434ba1400]
09:23:04.638    AVAST engine scan C:\WINDOWS
09:23:07.389    AVAST engine scan C:\WINDOWS\system32
09:25:42.659    AVAST engine scan C:\WINDOWS\system32\drivers
09:25:56.659    AVAST engine scan C:\Users\Richard
09:28:37.083    AVAST engine scan C:\ProgramData
09:32:03.173    Disk 0 statistics 1350348/0/0 @ 1.72 MB/s
09:32:03.185    Scan finished successfully
09:34:04.613    Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
09:34:04.619    The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"
 

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:51 on 27/08/2016 (Richard)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...

-=E.O.F=-

 

 

 

 

 

Attached Files

  • Attached File  MBR.zip   143bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 28 August 2016 - 08:28 AM


Your logs are clean.

Overall occasionally I have a program which doesn't start when I boot up. It is random and usually it is fixed after a restart or two. Computer takes long time to boot up


Check the hardware on this Windows 10.
http://support.hp.com/us-en/document/c03467259

p.s.
Enable the defogger

#7 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 28 August 2016 - 02:06 PM

Thank you a lot Nasdaq,

 

So that means the GMER results were false positives indeed.

 

I have one more question I forgot to mention.

 

My Windows Defender gets disabled on almost every boot up. I have to manually turn it on. 

Is there any reason for that?

 

Thank you again.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 29 August 2016 - 08:47 AM

Your 3rd party Virus protection is disabling Windows Defender.

Your secured.
You should also enable your Firewall.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 29 August 2016 - 03:15 PM

I understand that my Avast is disabling Windows Defender antivirus function but with Windows 10 Anniversary update I got Windows Defender limited periodic scanning on which is a separate function. This gets randomly disabled.

 

My firewall is on.

 

Thank you Nasdaq for all the information.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 05 September 2016 - 08:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users