Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Skeeyah!B.cl Trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 BullDog61

BullDog61

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 31 August 2016 - 09:00 AM

MSE notified me of this trolan. It seems to have been inserted into a download folder called onlinerecovery. MSE quaratined and removed it. I tried to remove it in startup tasks too. After that I ran checks using Malware Bytes, ESET, and TDSKiller, none of which found anything. I also took out and reinserted some RAM I had installed at that time too. I just want to be sure it is all gone before doing anything important on the laptop. Thanks.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Heza (administrator) on JELLYBELLY (31-08-2016 09:48:24)
Running from C:\Users\Heza\Desktop
Loaded Profiles: Heza (Available Profiles: Heza & AJ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
(HP) C:\Program Files (x86)\Hp\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-02-28] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
GroupPolicyUsers\S-1-5-21-3786442370-3606699375-2899197878-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA88EC7C-3B2A-4860-B53B-7A17D530736E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB318B8C-7FEF-48ED-A3C3-0D5A059893E6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo.com/
SearchScopes: HKLM -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000 -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL =
SearchScopes: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxps://www.startpage.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @research.microsoft.com/HDView -> C:\Program Files (x86)\Microsoft Research\HD View\nphdview.dll [2009-07-13] (Microsoft Research)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/O1DPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: (MaskMe) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\extensions\idme@abine.com [2015-06-24]
FF Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\2.0@disconnect.me.xpi [2016-04-29]
FF Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\https-everywhere-eff@eff.org.xpi [2016-08-26]
FF Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-26]
FF Extension: (Adblock Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: (Tab Mix Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-08]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (OneTab) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-07-22]
CHR Extension: (Google Search) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (MaskMe) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2016-07-22]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2016-08-26]
CHR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Disconnect) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-04-10]
CHR Extension: (HP Network Check Helper) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-08-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR Extension: (Privacy Badger) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-06-08]
OPR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-07-28]
OPR Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-12-18]
OPR Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-06]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-27] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-02] (GFI Software)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-28] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-27] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 09:48 - 2016-08-31 09:48 - 00032500 _____ C:\Users\Heza\Desktop\FRST.txt
2016-08-31 09:10 - 2016-08-31 09:10 - 02943992 _____ (Google) C:\Users\Heza\Downloads\chrome_cleanup_tool.exe
2016-08-29 08:37 - 2016-08-29 08:37 - 00123653 _____ C:\Users\Heza\Desktop\All in one printer & Reliability-REcommended.pdf
2016-08-28 09:09 - 2016-08-28 10:02 - 00000000 ____D C:\Users\Heza\Desktop\mbar
2016-08-28 09:07 - 2016-08-28 09:08 - 00221760 ____C C:\TDSSKiller.3.1.0.11_28.08.2016_09.07.48_log.txt
2016-08-27 21:20 - 2016-08-27 21:20 - 00092064 _____ C:\Users\Heza\Desktop\All in one printer & Reliability.pdf
2016-08-26 13:17 - 2016-08-26 13:17 - 00000000 ____D C:\Users\Heza\AppData\Local\HP_Development_Company,_L
2016-08-26 12:13 - 2016-08-26 12:13 - 00081447 _____ C:\Users\Heza\Downloads\40251 (2).pdf
2016-08-26 12:04 - 2016-08-26 12:04 - 00188946 _____ C:\Users\Heza\Downloads\44280 (1).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (3).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (2).pdf
2016-08-26 12:01 - 2016-08-26 12:01 - 00188946 _____ C:\Users\Heza\Downloads\44280.pdf
2016-08-26 11:33 - 2016-08-26 11:33 - 00001773 _____ C:\Users\Heza\Downloads\MakeItAheadABarefootContessaCookbook9780770434496.acsm
2016-08-25 20:50 - 2016-08-25 21:17 - 00000000 ____D C:\Users\Heza\Downloads\Photos (9)
2016-08-25 20:12 - 2016-08-25 20:12 - 03453831 _____ C:\Users\Heza\Downloads\Photos (9).zip
2016-08-24 19:12 - 2016-08-31 09:48 - 00000000 ___DC C:\FRST
2016-08-24 19:12 - 2016-08-24 19:12 - 00000000 _____ C:\Users\Heza\defogger_reenable
2016-08-24 19:10 - 2016-08-24 19:10 - 00050477 _____ C:\Users\Heza\Downloads\Defogger.exe
2016-08-24 19:01 - 2016-08-31 09:43 - 02397696 ____C (Farbar) C:\Users\Heza\Desktop\FRST64.exe
2016-08-24 12:43 - 2016-08-24 12:45 - 00223050 ____C C:\TDSSKiller.3.1.0.11_24.08.2016_12.43.31_log.txt
2016-08-24 12:42 - 2016-08-24 12:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heza\Downloads\tdsskiller.exe
2016-08-23 19:16 - 2016-08-23 19:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JELLYBELLY-Windows-7-Home-Premium-(64-bit).dat
2016-08-23 19:16 - 2016-08-23 19:16 - 00000000 ___DC C:\RegBackup
2016-08-23 11:32 - 2016-08-28 08:56 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-23 11:03 - 2016-08-23 11:03 - 00002231 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-08-23 10:55 - 2016-08-23 10:55 - 00000000 ____D C:\ProgramData\HP Inc
2016-08-23 10:23 - 2016-08-23 10:24 - 29014040 _____ (Tweaking.com) C:\Users\Heza\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-08-23 10:14 - 2016-08-23 10:14 - 04039392 _____ (Oleg N. Scherbakov) C:\Users\Heza\Downloads\HPSupportSolutionsFramework-12.5.26.37.exe
2016-08-23 10:05 - 2016-08-23 10:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heza\Downloads\mbar-1.09.3.1001 (1).exe
2016-08-21 17:08 - 2016-08-21 17:08 - 00000392 _____ C:\Users\AJ\Desktop\Drs.txt
2016-08-21 15:47 - 2016-08-24 12:45 - 00000000 ____D C:\Users\Heza\AppData\Local\ESET
2016-08-21 15:46 - 2016-08-21 15:46 - 03784256 _____ C:\Users\Heza\Downloads\AdwCleaner.exe
2016-08-21 15:44 - 2016-08-21 15:45 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Heza\Downloads\esetonlinescanner_enu.exe
2016-08-20 21:51 - 2016-08-20 21:51 - 00188946 _____ C:\Users\Heza\Documents\Hillsdale College Transcript - 2004.pdf
2016-08-20 21:45 - 2016-08-20 21:45 - 01887392 _____ C:\Users\Heza\Downloads\BJU Records Office_20140924_120537 (1).pdf
2016-08-20 21:44 - 2016-08-20 21:44 - 01066944 _____ C:\Users\Heza\Downloads\40252 (1).pdf
2016-08-20 21:43 - 2016-08-20 21:43 - 01066944 _____ C:\Users\Heza\Downloads\40252.pdf
2016-08-20 21:23 - 2016-08-20 21:23 - 00085081 _____ C:\Users\Heza\Downloads\40251 (1).pdf
2016-08-20 19:20 - 2016-08-20 19:20 - 04604101 _____ C:\Users\Heza\Downloads\BJU Press Footsteps for Fours VPK Overview, 03-22-12.pdf
2016-08-20 17:07 - 2016-08-20 17:08 - 01277828 _____ C:\Users\Heza\Downloads\email-890342951.zip
2016-08-20 10:19 - 2016-08-19 20:32 - 00073623 _____ C:\Users\Heza\Documents\Online Customer Service.pdf
2016-08-20 10:19 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Documents\Order Decline.pdf
2016-08-20 10:19 - 2016-08-12 13:35 - 00000715 _____ C:\Users\Heza\Documents\2.txt
2016-08-20 10:18 - 2016-08-20 10:20 - 00000000 ____D C:\Users\Heza\Documents\Med Re
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\REviews
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\Internet
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\CouponsReceipts
2016-08-19 22:10 - 2016-08-19 22:10 - 00000000 ____D C:\Users\Heza\AppData\Local\Intel
2016-08-19 22:10 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-19 22:08 - 2016-08-19 22:08 - 07491840 _____ (Intel) C:\Users\Heza\Downloads\Intel Driver Update Utility Installer.exe
2016-08-19 21:56 - 2016-08-23 10:25 - 00001048 _____ C:\Users\Heza\Desktop\Errors.txt
2016-08-19 17:30 - 2016-08-19 20:44 - 00099975 _____ C:\Users\Heza\Downloads\External Auth form May 2016.pdf
2016-08-17 16:25 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-08-17 16:25 - 2016-05-16 19:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-08-17 16:25 - 2016-05-16 19:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-08-17 16:25 - 2016-05-16 19:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-08-17 16:25 - 2016-05-16 19:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-08-17 16:25 - 2016-05-16 17:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-08-17 16:25 - 2016-05-16 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-08-17 16:25 - 2016-05-16 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 17:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-08-17 16:25 - 2016-05-16 17:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-17 16:25 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-08-17 16:25 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-08-17 16:25 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-08-17 16:25 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-17 16:25 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-17 16:25 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-17 16:25 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-17 10:16 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-08-17 10:16 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-08-17 10:16 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-08-17 10:16 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-08-17 08:33 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:33 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-15 16:44 - 2016-08-16 12:53 - 00000178 _____ C:\Users\Heza\Documents\Weeds.txt
2016-08-15 16:18 - 2016-08-15 16:18 - 04278000 _____ C:\Users\Heza\Downloads\mp521 (1).pdf
2016-08-15 16:06 - 2016-08-15 16:06 - 04278000 _____ C:\Users\Heza\Downloads\mp521.pdf
2016-08-15 15:41 - 2016-08-15 15:41 - 00762330 _____ C:\Users\Heza\Downloads\lambsquarter07-1jdcqvi.pdf
2016-08-14 21:36 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Desktop\Order Decline.pdf
2016-08-14 20:53 - 2016-08-14 20:53 - 01619612 _____ C:\Users\Heza\Downloads\browserSettings.pdf
2016-08-12 13:22 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-12 13:22 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-12 13:22 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-12 13:22 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-12 13:22 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 13:22 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-12 13:22 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 13:22 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-12 13:22 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-12 13:22 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-12 13:22 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 13:22 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-12 13:22 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-12 13:22 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-12 13:22 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-12 13:22 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-12 13:22 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 13:22 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 13:22 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 13:21 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-12 13:21 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-12 13:21 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-12 13:21 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 13:21 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-12 13:21 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-12 13:21 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-12 13:21 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 13:21 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-12 13:21 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 13:21 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-12 13:21 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 13:21 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-12 13:21 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 13:21 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 13:17 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-12 13:17 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-12 13:17 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-12 13:17 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-12 13:17 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-12 13:13 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-12 11:20 - 2016-08-31 09:05 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeza
2016-08-12 11:20 - 2016-08-31 09:05 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHeza.job
2016-08-09 11:19 - 2016-08-09 11:19 - 00002149 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-08-09 11:19 - 2016-08-09 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-08-08 10:03 - 2016-08-08 10:03 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-08-08 10:03 - 2016-08-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-08 10:02 - 2016-08-08 10:02 - 26870536 _____ (SUPERAntiSpyware) C:\Users\AJ\Downloads\SUPERAntiSpyware.exe
2016-08-08 08:48 - 2016-08-08 08:48 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2016-08-08 08:47 - 2016-08-08 08:47 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon3
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\8pecxstudios
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\Comodo
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\8pecxstudios
2016-08-08 08:19 - 2016-08-08 08:19 - 00000000 ____D C:\Users\Heza\AppData\Local\Comodo
2016-08-08 08:18 - 2016-08-12 13:39 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-08-08 08:18 - 2016-08-08 09:04 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-08-08 08:18 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon App Store
2016-08-08 08:18 - 2016-08-08 08:18 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2016-08-08 08:17 - 2016-08-08 18:57 - 00000000 ____D C:\Program Files (x86)\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 09:04 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 08:17 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-08-08 08:16 - 2016-08-08 08:48 - 00000000 ____D C:\Program Files\Cyberfox
2016-08-08 08:13 - 2016-08-08 08:14 - 51648752 _____ (8pecxstudios ) C:\Users\Heza\Downloads\Cyberfox-48.0.en-US.win64-x86_64.intel.exe
2016-08-08 08:12 - 2016-08-08 08:12 - 01558792 _____ (Maxthon International ltd.) C:\Users\Heza\Downloads\mxsetup.exe
2016-08-08 08:11 - 2016-08-08 08:11 - 56127856 _____ (Comodo) C:\Users\Heza\Downloads\dragonsetup.exe
2016-08-07 19:05 - 2016-08-08 15:06 - 00000285 _____ C:\Users\AJ\Desktop\Browser Speeds.txt
2016-08-07 18:46 - 2016-08-07 18:46 - 00242192 _____ C:\Users\AJ\Downloads\Firefox Setup Stub 48.0.exe
2016-08-06 20:45 - 2016-08-06 20:45 - 00002333 _____ C:\Users\AJ\Desktop\Vivaldi.lnk
2016-08-06 20:45 - 2016-08-06 20:45 - 00002260 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-08-06 20:44 - 2016-08-06 20:45 - 00000000 ____D C:\Users\AJ\AppData\Local\Vivaldi
2016-08-06 20:44 - 2016-08-06 20:44 - 44326520 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.x64.exe
2016-08-06 20:43 - 2016-08-06 20:44 - 38505080 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43 (1).exe
2016-08-06 20:36 - 2016-08-06 20:36 - 03096251 _____ C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.exe
2016-08-06 20:07 - 2016-08-06 20:07 - 00210661 _____ C:\Users\AJ\Downloads\pocket.crx
2016-08-06 16:18 - 2016-08-06 16:18 - 00002356 _____ C:\Users\AJ\Desktop\Epic Privacy Browser.lnk
2016-08-06 16:18 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Local\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:17 - 01832744 _____ (Epic Privacy Browser) C:\Users\AJ\Downloads\EpicSetup.exe
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\Heza\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\AJ\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
2016-08-06 16:15 - 2016-08-27 10:28 - 00000000 ____D C:\Program Files (x86)\Slimjet
2016-08-06 16:15 - 2016-08-06 16:15 - 00000995 _____ C:\Users\Public\Desktop\FlashPeak Slimjet.lnk
2016-08-06 16:15 - 2016-08-06 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2016-08-06 16:11 - 2016-08-06 16:11 - 00353336 _____ C:\Users\AJ\Downloads\sjtwebsetup_x86.exe
2016-08-05 09:49 - 2016-08-05 09:49 - 00058731 _____ C:\Users\Heza\Downloads\0013A820 (1).PDF
2016-08-05 09:44 - 2016-08-05 09:44 - 00303216 _____ C:\Users\Heza\Downloads\0017D473.PDF
2016-08-04 21:05 - 2016-08-04 21:05 - 00000000 ____D C:\Program Files (x86)\Ralink
2016-08-04 21:03 - 2016-08-28 08:57 - 00003122 _____ C:\Windows\System32\Tasks\{323544BA-C4EE-45DC-99E2-9496E8ECD6BF}
2016-08-03 21:26 - 2016-08-03 21:26 - 38084160 _____ (Hewlett-Packard Company ) C:\Users\Heza\Downloads\sp66089.exe
2016-08-03 21:26 - 2016-08-03 21:26 - 24670832 _____ (Mediatek) C:\Users\Heza\Downloads\IS_RT2860_W7-5.0.59.0_W8-5.0.59.0_W8Blue-5.0.59.0_W10-5.0.57.0_20150909_5.0.59.0_Free.exe
2016-08-03 15:49 - 2016-08-03 15:49 - 01007164 _____ C:\Users\Heza\Downloads\Six_Steps_to_Voc_Rehab_2013_418640_7.pdf
2016-08-03 15:15 - 2016-08-03 15:15 - 05915961 _____ C:\Users\Heza\Downloads\everyday_images.pdf
2016-08-03 15:15 - 2016-08-03 15:15 - 00158405 _____ C:\Users\Heza\Downloads\uber_images.pdf
2016-08-03 14:42 - 2016-08-03 14:42 - 32567462 _____ C:\Users\Heza\Downloads\catalog_complete.pdf
2016-08-03 14:42 - 2016-08-03 14:42 - 27503364 _____ C:\Users\Heza\Downloads\cards.pdf
2016-08-03 14:36 - 2016-08-03 14:36 - 00079745 _____ C:\Users\Heza\Downloads\Snf_writersGuidel.pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01.pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01 (2).pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01 (1).pdf
2016-08-02 12:09 - 2016-08-02 12:09 - 00183241 _____ C:\Users\Heza\Downloads\List_of_Contractors_485239_7 (1).pdf
2016-08-02 12:04 - 2016-08-02 12:04 - 00183241 _____ C:\Users\Heza\Downloads\List_of_Contractors_485239_7.pdf
2016-08-02 09:13 - 2016-08-02 09:13 - 00347440 _____ (Microsoft Corporation) C:\Users\Heza\Downloads\MicrosoftFixit-portable.exe
2016-08-02 09:10 - 2016-08-02 09:10 - 00000656 _____ C:\Users\Heza\Downloads\wu10 (1).diagcab
2016-08-02 09:07 - 2016-08-02 09:07 - 00000656 _____ C:\Users\Heza\Downloads\wu10.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000565 _____ C:\Users\Heza\Downloads\IESecurityDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000542 _____ C:\Users\Heza\Downloads\PerformanceDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000530 _____ C:\Users\Heza\Downloads\PowerDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10 (2).diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10 (1).diagcab
2016-08-01 19:04 - 2016-08-01 19:08 - 06871040 _____ C:\Program Files (x86)\GUT21DE.tmp
2016-08-01 19:04 - 2016-08-01 19:04 - 00000000 ____D C:\Program Files (x86)\GUM21DD.tmp
2016-08-01 19:02 - 2016-08-01 19:03 - 00987728 _____ (Google Inc.) C:\Users\Heza\Downloads\ChromeSetup.exe
2016-08-01 17:20 - 2016-08-01 17:20 - 00000252 _____ C:\Users\Heza\Documents\Bulgogi.txt
2016-08-01 16:14 - 2016-08-01 16:14 - 00070887 _____ C:\Users\Heza\Downloads\listverse-author-guide.pdf
2016-08-01 11:33 - 2016-08-01 15:32 - 00136028 _____ C:\Users\Heza\Documents\Medical Record - IGP Patient Portal.pdf
2016-08-01 09:24 - 2016-07-20 17:54 - 00015715 _____ C:\Users\AJ\Downloads\001EC389.PDF.pdf
2016-08-01 09:16 - 2016-08-31 09:48 - 00000000 ____D C:\Users\Heza\Desktop\Internet
2016-08-01 09:15 - 2016-04-12 10:38 - 00000266 _____ C:\Users\Heza\Documents\ESL Notes.txt
2016-08-01 09:14 - 2016-07-25 15:53 - 00030802 _____ C:\Users\Heza\Documents\Windows 7 Key.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 09:49 - 2013-10-22 10:39 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA.job
2016-08-31 09:49 - 2013-10-22 10:38 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core.job
2016-08-31 09:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-08-31 09:29 - 2014-09-28 07:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA.job
2016-08-31 09:21 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 09:21 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 09:09 - 2012-02-04 02:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-31 08:01 - 2014-09-28 07:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core.job
2016-08-28 18:17 - 2009-07-14 01:13 - 00821868 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-28 14:05 - 2012-02-04 03:00 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-08-28 14:05 - 2012-02-04 02:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-08-28 14:00 - 2016-06-29 09:58 - 00000000 ____D C:\ProgramData\Foxit Software
2016-08-28 13:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-28 10:12 - 2014-09-22 10:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-28 10:02 - 2013-07-17 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-28 09:10 - 2014-09-22 10:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-27 20:21 - 2016-04-08 19:09 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-27 10:15 - 2013-03-04 18:22 - 00112576 _____ C:\Users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-27 10:14 - 2015-12-26 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-26 19:52 - 2016-03-31 09:40 - 00000746 _____ C:\Users\Heza\Desktop\2.txt
2016-08-26 18:50 - 2016-07-25 21:49 - 00000000 ____D C:\Users\Heza\Desktop\Jobs
2016-08-26 11:34 - 2013-09-03 09:08 - 00000000 ____D C:\Users\Heza\Documents\My Digital Editions
2016-08-26 11:34 - 2013-02-28 14:59 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Adobe
2016-08-26 11:25 - 2012-02-04 03:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-26 11:13 - 2014-12-10 14:27 - 00000000 ___DC C:\Temp
2016-08-24 19:12 - 2013-02-28 12:38 - 00000000 ____D C:\Users\Heza
2016-08-24 18:34 - 2009-07-14 00:45 - 00438688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-24 13:26 - 2013-03-04 16:01 - 00790044 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-24 12:21 - 2013-02-28 13:50 - 00112576 _____ C:\Users\Heza\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-24 12:19 - 2013-09-02 20:45 - 00000000 ____D C:\AdwCleaner
2016-08-24 08:54 - 2014-01-11 17:07 - 00000000 ____D C:\Users\Heza\AppData\Roaming\vlc
2016-08-23 19:53 - 2009-07-13 22:34 - 00000439 _____ C:\Windows\win.ini
2016-08-23 17:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-08-23 11:56 - 2013-02-28 12:42 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C92E29A6-AD31-41C1-9B42-B5CAB1F2F196}
2016-08-23 11:03 - 2012-02-04 02:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-23 11:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-08-23 10:55 - 2012-02-04 02:33 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-08-23 10:54 - 2013-02-28 12:40 - 00000000 ____D C:\Users\Heza\AppData\Roaming\hpqlog
2016-08-23 10:53 - 2014-06-29 14:48 - 00000000 ____D C:\Program Files (x86)\Hp
2016-08-21 14:10 - 2014-09-27 20:09 - 01091280 _____ C:\Users\AJ\Downloads\Hillsdale College Transcript.pdf
2016-08-21 14:06 - 2014-06-25 10:52 - 00000000 ____D C:\Users\Heza\Downloads\OnLineRecovery_JF200_220_v1.17
2016-08-20 17:08 - 2016-02-17 17:08 - 00000000 ____D C:\Users\Heza\Desktop\Med Re
2016-08-20 16:09 - 2013-12-05 23:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-20 16:09 - 2012-12-13 02:40 - 00000000 ____D C:\Program Files\Intel
2016-08-20 16:08 - 2014-01-11 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-20 10:19 - 2014-08-23 06:53 - 00000000 ____D C:\Users\Heza\Documents\Jobs
2016-08-19 22:10 - 2012-12-13 02:40 - 00000000 ____D C:\ProgramData\Intel
2016-08-19 17:01 - 2013-02-28 16:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-18 21:34 - 2013-03-20 18:45 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Foxit Software
2016-08-18 20:34 - 2016-07-17 17:45 - 00482107 _____ C:\Users\Heza\Downloads\MRS-2910_498959_7.pdf
2016-08-17 13:08 - 2013-03-05 18:30 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 13:04 - 2013-03-10 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 10:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-14 17:15 - 2013-08-14 08:38 - 00001226 __RSH C:\Users\AJ\ntuser.pol
2016-08-14 17:15 - 2013-03-04 18:22 - 00000000 ____D C:\Users\AJ
2016-08-14 17:12 - 2009-07-14 01:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 10:50 - 2013-07-16 08:41 - 00000000 ____D C:\Windows\system32\MRT
2016-08-13 10:37 - 2013-02-28 16:56 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-12 13:19 - 2015-10-14 11:50 - 00000000 ____D C:\Users\Heza\Desktop\CouponsReceipts
2016-08-09 11:56 - 2013-04-22 10:17 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Foxit Software
2016-08-08 19:00 - 2013-08-14 08:38 - 00000632 __RSH C:\Users\Heza\ntuser.pol
2016-08-08 18:57 - 2015-05-14 09:15 - 00000000 ____D C:\Windows\Temp29A68CC6-7A4E-CE36-DAFD-27A8B9593282-Signatures
2016-08-08 18:57 - 2014-01-09 08:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-08 15:03 - 2013-03-06 10:32 - 00003250 _____ C:\Windows\Sandboxie.ini
2016-08-08 10:29 - 2013-06-23 18:06 - 00000000 ____D C:\Users\Heza\AppData\Local\ElevatedDiagnostics
2016-08-07 18:47 - 2015-02-27 21:08 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-07 18:47 - 2015-02-27 21:08 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-07 14:56 - 2014-09-11 14:05 - 00000000 ____D C:\Users\Heza\AppData\Local\Adobe
2016-08-06 20:01 - 2016-02-02 21:10 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ____D C:\ProgramData\Skype
2016-08-06 14:16 - 2012-02-04 02:37 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-06 14:16 - 2012-02-04 02:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-06 14:16 - 2012-02-04 02:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-06 13:09 - 2014-11-17 15:25 - 00000000 ____D C:\Users\AJ\Desktop\Medical Insurance
2016-08-05 17:47 - 2014-06-10 14:25 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1385439310
2016-08-05 17:47 - 2013-11-26 00:15 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 09:46 - 2013-09-08 20:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 09:46 - 2013-09-08 20:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 21:01 - 2011-02-10 15:23 - 00000000 ____D C:\SWSetup
2016-08-02 15:52 - 2015-09-01 16:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 09:44 - 2013-10-22 10:39 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA
2016-08-02 09:44 - 2013-10-22 10:38 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core
2016-08-02 09:41 - 2013-05-13 13:21 - 00000000 ____D C:\Users\AJ\AppData\Local\CrashDumps
2016-08-01 09:21 - 2013-05-14 17:20 - 00000000 ___DC C:\Users\AJ\Documents\REceipts
2016-08-01 09:21 - 2013-04-24 09:41 - 00000000 ___DC C:\Users\AJ\Documents\Recipes
2016-08-01 09:16 - 2015-10-14 11:48 - 00000000 ____D C:\Users\Heza\Desktop\REviews

==================== Files in the root of some directories =======

2016-08-01 19:04 - 2016-08-01 19:08 - 6871040 _____ () C:\Program Files (x86)\GUT21DE.tmp
2014-07-21 07:26 - 2014-07-21 07:27 - 18144837 _____ () C:\Users\Heza\AppData\Roaming\Mozilla.zip
2014-07-21 07:25 - 2014-07-21 07:28 - 123174907 _____ () C:\Users\Heza\AppData\Local\Google.zip
2014-06-20 10:29 - 2014-06-20 22:18 - 0000705 _____ () C:\Users\Heza\AppData\Local\install_log.txt
2013-02-28 15:38 - 2014-11-19 14:39 - 0007599 _____ () C:\Users\Heza\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-28 14:45

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 01 September 2016 - 06:28 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The Addition.txt is missing. Please rerun a scan with FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 BullDog61

BullDog61
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 01 September 2016 - 06:46 PM

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Heza (administrator) on JELLYBELLY (01-09-2016 19:36:05)
Running from C:\Users\Heza\Desktop
Loaded Profiles: Heza & DefaultAppPool (Available Profiles: Heza & AJ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(HP) C:\Program Files (x86)\Hp\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-02-28] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
GroupPolicyUsers\S-1-5-21-3786442370-3606699375-2899197878-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA88EC7C-3B2A-4860-B53B-7A17D530736E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB318B8C-7FEF-48ED-A3C3-0D5A059893E6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo.com/
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxps://www.startpage.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @research.microsoft.com/HDView -> C:\Program Files (x86)\Microsoft Research\HD View\nphdview.dll [2009-07-13] (Microsoft Research)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/O1DPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\extensions\2.0@disconnect.me.xpi [2016-04-29]
FF Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\extensions\https-everywhere-eff@eff.org.xpi [2016-08-26]
FF Extension: (MaskMe) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\extensions\idme@abine.com [2016-09-01]
FF Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-26]
FF Extension: (Adblock Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: (Tab Mix Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-08]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (OneTab) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-07-22]
CHR Extension: (Google Search) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (MaskMe) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2016-07-22]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2016-08-26]
CHR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Disconnect) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-04-10]
CHR Extension: (HP Network Check Helper) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-08-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR Extension: (Privacy Badger) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-09-01]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-06-08]
OPR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-07-28]
OPR Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-12-18]
OPR Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-06]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-27] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-02] (GFI Software)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-27] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 19:36 - 2016-09-01 19:37 - 00033455 _____ C:\Users\Heza\Desktop\FRST.txt
2016-08-31 13:10 - 2016-08-31 13:10 - 01610560 _____ (Malwarebytes) C:\Users\Heza\Downloads\JRT(1).exe
2016-08-31 13:07 - 2016-08-31 13:10 - 248179136 _____ C:\Users\Heza\Downloads\EmsisoftEmergencyKit.exe
2016-08-28 09:07 - 2016-08-28 09:08 - 00221760 ____C C:\TDSSKiller.3.1.0.11_28.08.2016_09.07.48_log.txt
2016-08-26 13:17 - 2016-08-26 13:17 - 00000000 ____D C:\Users\Heza\AppData\Local\HP_Development_Company,_L
2016-08-26 12:13 - 2016-08-26 12:13 - 00081447 _____ C:\Users\Heza\Downloads\40251 (2).pdf
2016-08-26 12:04 - 2016-08-26 12:04 - 00188946 _____ C:\Users\Heza\Downloads\44280 (1).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (3).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (2).pdf
2016-08-26 12:01 - 2016-08-26 12:01 - 00188946 _____ C:\Users\Heza\Downloads\44280.pdf
2016-08-26 11:33 - 2016-08-26 11:33 - 00001773 _____ C:\Users\Heza\Downloads\MakeItAheadABarefootContessaCookbook9780770434496.acsm
2016-08-25 20:50 - 2016-08-25 21:17 - 00000000 ____D C:\Users\Heza\Downloads\Photos (9)
2016-08-25 20:12 - 2016-08-25 20:12 - 03453831 _____ C:\Users\Heza\Downloads\Photos (9).zip
2016-08-24 19:12 - 2016-09-01 19:36 - 00000000 ___DC C:\FRST
2016-08-24 19:12 - 2016-08-24 19:12 - 00000000 _____ C:\Users\Heza\defogger_reenable
2016-08-24 19:10 - 2016-08-24 19:10 - 00050477 _____ C:\Users\Heza\Downloads\Defogger.exe
2016-08-24 19:01 - 2016-08-31 09:43 - 02397696 ____C (Farbar) C:\Users\Heza\Desktop\FRST64.exe
2016-08-24 12:43 - 2016-08-24 12:45 - 00223050 ____C C:\TDSSKiller.3.1.0.11_24.08.2016_12.43.31_log.txt
2016-08-24 12:42 - 2016-08-24 12:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heza\Downloads\tdsskiller.exe
2016-08-23 19:16 - 2016-08-23 19:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JELLYBELLY-Windows-7-Home-Premium-(64-bit).dat
2016-08-23 19:16 - 2016-08-23 19:16 - 00000000 ___DC C:\RegBackup
2016-08-23 11:32 - 2016-08-28 08:56 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-23 11:03 - 2016-08-23 11:03 - 00002231 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-08-23 10:55 - 2016-08-23 10:55 - 00000000 ____D C:\ProgramData\HP Inc
2016-08-23 10:23 - 2016-08-23 10:24 - 29014040 _____ (Tweaking.com) C:\Users\Heza\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-08-23 10:14 - 2016-08-23 10:14 - 04039392 _____ (Oleg N. Scherbakov) C:\Users\Heza\Downloads\HPSupportSolutionsFramework-12.5.26.37.exe
2016-08-23 10:05 - 2016-08-23 10:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heza\Downloads\mbar-1.09.3.1001 (1).exe
2016-08-21 17:08 - 2016-08-21 17:08 - 00000392 _____ C:\Users\AJ\Desktop\Drs.txt
2016-08-21 15:47 - 2016-08-24 12:45 - 00000000 ____D C:\Users\Heza\AppData\Local\ESET
2016-08-21 15:46 - 2016-08-21 15:46 - 03784256 _____ C:\Users\Heza\Downloads\AdwCleaner.exe
2016-08-21 15:44 - 2016-08-21 15:45 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Heza\Downloads\esetonlinescanner_enu.exe
2016-08-20 21:51 - 2016-08-20 21:51 - 00188946 _____ C:\Users\Heza\Documents\Hillsdale College Transcript - 2004.pdf
2016-08-20 21:45 - 2016-08-20 21:45 - 01887392 _____ C:\Users\Heza\Downloads\BJU Records Office_20140924_120537 (1).pdf
2016-08-20 21:44 - 2016-08-20 21:44 - 01066944 _____ C:\Users\Heza\Downloads\40252 (1).pdf
2016-08-20 21:43 - 2016-08-20 21:43 - 01066944 _____ C:\Users\Heza\Downloads\40252.pdf
2016-08-20 21:23 - 2016-08-20 21:23 - 00085081 _____ C:\Users\Heza\Downloads\40251 (1).pdf
2016-08-20 19:20 - 2016-08-20 19:20 - 04604101 _____ C:\Users\Heza\Downloads\BJU Press Footsteps for Fours VPK Overview, 03-22-12.pdf
2016-08-20 17:07 - 2016-08-20 17:08 - 01277828 _____ C:\Users\Heza\Downloads\email-890342951.zip
2016-08-20 10:19 - 2016-08-19 20:32 - 00073623 _____ C:\Users\Heza\Documents\Online Customer Service.pdf
2016-08-20 10:19 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Documents\Order Decline.pdf
2016-08-20 10:19 - 2016-08-12 13:35 - 00000715 _____ C:\Users\Heza\Documents\2.txt
2016-08-20 10:18 - 2016-08-20 10:20 - 00000000 ____D C:\Users\Heza\Documents\Med Re
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\REviews
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\Internet
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\CouponsReceipts
2016-08-19 22:10 - 2016-08-19 22:10 - 00000000 ____D C:\Users\Heza\AppData\Local\Intel
2016-08-19 22:10 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-19 22:08 - 2016-08-19 22:08 - 07491840 _____ (Intel) C:\Users\Heza\Downloads\Intel Driver Update Utility Installer.exe
2016-08-19 17:30 - 2016-08-19 20:44 - 00099975 _____ C:\Users\Heza\Downloads\External Auth form May 2016.pdf
2016-08-17 16:25 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-08-17 16:25 - 2016-05-16 19:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-08-17 16:25 - 2016-05-16 19:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-08-17 16:25 - 2016-05-16 19:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-08-17 16:25 - 2016-05-16 19:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-08-17 16:25 - 2016-05-16 17:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-08-17 16:25 - 2016-05-16 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-08-17 16:25 - 2016-05-16 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 17:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-08-17 16:25 - 2016-05-16 17:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-17 16:25 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-08-17 16:25 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-08-17 16:25 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-08-17 16:25 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-17 16:25 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-17 16:25 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-17 16:25 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-17 10:16 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-08-17 10:16 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-08-17 10:16 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-08-17 10:16 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-08-17 08:33 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:33 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-15 16:44 - 2016-08-16 12:53 - 00000178 _____ C:\Users\Heza\Documents\Weeds.txt
2016-08-15 16:18 - 2016-08-15 16:18 - 04278000 _____ C:\Users\Heza\Downloads\mp521 (1).pdf
2016-08-15 16:06 - 2016-08-15 16:06 - 04278000 _____ C:\Users\Heza\Downloads\mp521.pdf
2016-08-15 15:41 - 2016-08-15 15:41 - 00762330 _____ C:\Users\Heza\Downloads\lambsquarter07-1jdcqvi.pdf
2016-08-14 21:36 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Desktop\Order Decline.pdf
2016-08-14 20:53 - 2016-08-14 20:53 - 01619612 _____ C:\Users\Heza\Downloads\browserSettings.pdf
2016-08-12 13:22 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-12 13:22 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-12 13:22 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-12 13:22 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-12 13:22 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 13:22 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-12 13:22 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 13:22 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-12 13:22 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-12 13:22 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-12 13:22 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 13:22 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-12 13:22 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-12 13:22 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-12 13:22 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-12 13:22 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-12 13:22 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 13:22 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 13:22 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 13:21 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-12 13:21 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-12 13:21 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-12 13:21 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 13:21 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-12 13:21 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-12 13:21 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-12 13:21 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 13:21 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-12 13:21 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 13:21 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-12 13:21 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 13:21 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-12 13:21 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 13:21 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 13:17 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-12 13:17 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-12 13:17 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-12 13:17 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-12 13:17 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-12 13:13 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-12 11:20 - 2016-08-31 09:05 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeza
2016-08-12 11:20 - 2016-08-31 09:05 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHeza.job
2016-08-09 11:19 - 2016-08-09 11:19 - 00002149 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-08-09 11:19 - 2016-08-09 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-08-08 10:03 - 2016-08-08 10:03 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-08-08 10:03 - 2016-08-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-08 10:02 - 2016-08-08 10:02 - 26870536 _____ (SUPERAntiSpyware) C:\Users\AJ\Downloads\SUPERAntiSpyware.exe
2016-08-08 08:48 - 2016-08-08 08:48 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2016-08-08 08:47 - 2016-08-08 08:47 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon3
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\8pecxstudios
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\Comodo
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\8pecxstudios
2016-08-08 08:19 - 2016-08-08 08:19 - 00000000 ____D C:\Users\Heza\AppData\Local\Comodo
2016-08-08 08:18 - 2016-08-12 13:39 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-08-08 08:18 - 2016-08-08 09:04 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-08-08 08:18 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon App Store
2016-08-08 08:18 - 2016-08-08 08:18 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2016-08-08 08:17 - 2016-08-08 18:57 - 00000000 ____D C:\Program Files (x86)\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 09:04 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 08:17 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-08-08 08:16 - 2016-08-08 08:48 - 00000000 ____D C:\Program Files\Cyberfox
2016-08-08 08:13 - 2016-08-08 08:14 - 51648752 _____ (8pecxstudios ) C:\Users\Heza\Downloads\Cyberfox-48.0.en-US.win64-x86_64.intel.exe
2016-08-08 08:12 - 2016-08-08 08:12 - 01558792 _____ (Maxthon International ltd.) C:\Users\Heza\Downloads\mxsetup.exe
2016-08-08 08:11 - 2016-08-08 08:11 - 56127856 _____ (Comodo) C:\Users\Heza\Downloads\dragonsetup.exe
2016-08-07 19:05 - 2016-08-08 15:06 - 00000285 _____ C:\Users\AJ\Desktop\Browser Speeds.txt
2016-08-07 18:46 - 2016-08-07 18:46 - 00242192 _____ C:\Users\AJ\Downloads\Firefox Setup Stub 48.0.exe
2016-08-06 20:45 - 2016-08-06 20:45 - 00002333 _____ C:\Users\AJ\Desktop\Vivaldi.lnk
2016-08-06 20:45 - 2016-08-06 20:45 - 00002260 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-08-06 20:44 - 2016-08-06 20:45 - 00000000 ____D C:\Users\AJ\AppData\Local\Vivaldi
2016-08-06 20:44 - 2016-08-06 20:44 - 44326520 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.x64.exe
2016-08-06 20:43 - 2016-08-06 20:44 - 38505080 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43 (1).exe
2016-08-06 20:36 - 2016-08-06 20:36 - 03096251 _____ C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.exe
2016-08-06 20:07 - 2016-08-06 20:07 - 00210661 _____ C:\Users\AJ\Downloads\pocket.crx
2016-08-06 16:18 - 2016-08-06 16:18 - 00002356 _____ C:\Users\AJ\Desktop\Epic Privacy Browser.lnk
2016-08-06 16:18 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Local\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:17 - 01832744 _____ (Epic Privacy Browser) C:\Users\AJ\Downloads\EpicSetup.exe
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\Heza\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\AJ\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
2016-08-06 16:15 - 2016-08-27 10:28 - 00000000 ____D C:\Program Files (x86)\Slimjet
2016-08-06 16:15 - 2016-08-06 16:15 - 00000995 _____ C:\Users\Public\Desktop\FlashPeak Slimjet.lnk
2016-08-06 16:15 - 2016-08-06 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2016-08-06 16:11 - 2016-08-06 16:11 - 00353336 _____ C:\Users\AJ\Downloads\sjtwebsetup_x86.exe
2016-08-05 09:49 - 2016-08-05 09:49 - 00058731 _____ C:\Users\Heza\Downloads\0013A820 (1).PDF
2016-08-05 09:44 - 2016-08-05 09:44 - 00303216 _____ C:\Users\Heza\Downloads\0017D473.PDF
2016-08-04 21:05 - 2016-08-04 21:05 - 00000000 ____D C:\Program Files (x86)\Ralink
2016-08-04 21:03 - 2016-08-28 08:57 - 00003122 _____ C:\Windows\System32\Tasks\{323544BA-C4EE-45DC-99E2-9496E8ECD6BF}
2016-08-03 21:26 - 2016-08-03 21:26 - 38084160 _____ (Hewlett-Packard Company ) C:\Users\Heza\Downloads\sp66089.exe
2016-08-03 21:26 - 2016-08-03 21:26 - 24670832 _____ (Mediatek) C:\Users\Heza\Downloads\IS_RT2860_W7-5.0.59.0_W8-5.0.59.0_W8Blue-5.0.59.0_W10-5.0.57.0_20150909_5.0.59.0_Free.exe
2016-08-03 15:49 - 2016-08-03 15:49 - 01007164 _____ C:\Users\Heza\Downloads\Six_Steps_to_Voc_Rehab_2013_418640_7.pdf
2016-08-03 15:15 - 2016-08-03 15:15 - 05915961 _____ C:\Users\Heza\Downloads\everyday_images.pdf
2016-08-03 15:15 - 2016-08-03 15:15 - 00158405 _____ C:\Users\Heza\Downloads\uber_images.pdf
2016-08-03 14:42 - 2016-08-03 14:42 - 32567462 _____ C:\Users\Heza\Downloads\catalog_complete.pdf
2016-08-03 14:42 - 2016-08-03 14:42 - 27503364 _____ C:\Users\Heza\Downloads\cards.pdf
2016-08-03 14:36 - 2016-08-03 14:36 - 00079745 _____ C:\Users\Heza\Downloads\Snf_writersGuidel.pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01.pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01 (2).pdf
2016-08-03 14:29 - 2016-08-03 14:29 - 00686617 _____ C:\Users\Heza\Downloads\circ01 (1).pdf
2016-08-02 12:09 - 2016-08-02 12:09 - 00183241 _____ C:\Users\Heza\Downloads\List_of_Contractors_485239_7 (1).pdf
2016-08-02 12:04 - 2016-08-02 12:04 - 00183241 _____ C:\Users\Heza\Downloads\List_of_Contractors_485239_7.pdf
2016-08-02 09:13 - 2016-08-02 09:13 - 00347440 _____ (Microsoft Corporation) C:\Users\Heza\Downloads\MicrosoftFixit-portable.exe
2016-08-02 09:10 - 2016-08-02 09:10 - 00000656 _____ C:\Users\Heza\Downloads\wu10 (1).diagcab
2016-08-02 09:07 - 2016-08-02 09:07 - 00000656 _____ C:\Users\Heza\Downloads\wu10.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000565 _____ C:\Users\Heza\Downloads\IESecurityDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000542 _____ C:\Users\Heza\Downloads\PerformanceDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000530 _____ C:\Users\Heza\Downloads\PowerDiagnostic.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10.diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10 (2).diagcab
2016-08-02 09:06 - 2016-08-02 09:06 - 00000366 _____ C:\Users\Heza\Downloads\network10 (1).diagcab
2016-08-01 19:04 - 2016-08-01 19:04 - 00000000 ____D C:\Program Files (x86)\GUM21DD.tmp
2016-08-01 19:02 - 2016-08-01 19:03 - 00987728 _____ (Google Inc.) C:\Users\Heza\Downloads\ChromeSetup.exe
2016-08-01 17:20 - 2016-08-01 17:20 - 00000252 _____ C:\Users\Heza\Documents\Bulgogi.txt
2016-08-01 16:14 - 2016-08-01 16:14 - 00070887 _____ C:\Users\Heza\Downloads\listverse-author-guide.pdf
2016-08-01 11:33 - 2016-08-01 15:32 - 00136028 _____ C:\Users\Heza\Documents\Medical Record - IGP Patient Portal.pdf
2016-08-01 09:24 - 2016-07-20 17:54 - 00015715 _____ C:\Users\AJ\Downloads\001EC389.PDF.pdf
2016-08-01 09:16 - 2016-09-01 19:20 - 00000000 ____D C:\Users\Heza\Desktop\Computer
2016-08-01 09:15 - 2016-04-12 10:38 - 00000266 _____ C:\Users\Heza\Documents\ESL Notes.txt
2016-08-01 09:14 - 2016-07-25 15:53 - 00030802 _____ C:\Users\Heza\Documents\Windows 7 Key.pdf
2016-07-29 13:21 - 2016-07-29 13:21 - 00026089 _____ C:\Users\Heza\Downloads\Bookmarks.html
2016-07-27 14:10 - 2016-07-27 14:10 - 00844734 _____ C:\Users\Heza\Downloads\213-nprm-side_impact.pdf
2016-07-25 21:49 - 2016-08-26 18:50 - 00000000 ____D C:\Users\Heza\Desktop\Jobs
2016-07-25 19:39 - 2016-07-25 19:39 - 00065438 _____ C:\Users\Heza\Documents\UMNeuroPsych.pdf
2016-07-25 19:02 - 2016-07-25 19:02 - 00356512 _____ C:\Users\Heza\Downloads\HealthSummary20160725.zip
2016-07-25 14:44 - 2016-07-25 14:44 - 00000000 __HDC C:\$Windows.~WS
2016-07-25 14:44 - 2016-07-25 14:44 - 00000000 ___DC C:\$WINDOWS.~BT
2016-07-24 13:59 - 2016-07-24 13:59 - 00085081 _____ C:\Users\Heza\Downloads\40251.pdf
2016-07-23 22:39 - 2016-07-24 13:30 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-23 22:39 - 2016-07-23 22:39 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-22 11:59 - 2016-07-22 11:59 - 00274852 _____ C:\Users\Heza\Documents\bookmarks_7_22_16.html
2016-07-22 11:36 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-22 11:36 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-22 11:36 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-22 11:36 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-22 11:36 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-22 11:36 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-22 11:36 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-22 11:36 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-22 11:36 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-22 11:36 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-22 11:35 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-22 11:35 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-22 11:35 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-22 11:35 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-22 08:32 - 2016-07-22 08:32 - 18447464 _____ (Microsoft Corporation) C:\Users\Heza\Downloads\MediaCreationTool.exe
2016-07-21 15:13 - 2016-07-21 15:13 - 00095983 _____ C:\Users\Heza\Downloads\guidelines.pdf
2016-07-21 13:25 - 2016-07-21 13:25 - 00209505 _____ C:\Users\Heza\Downloads\DisclosureAgreement.pdf
2016-07-21 13:14 - 2016-07-21 13:14 - 00261112 _____ C:\Users\Heza\Downloads\Phase 2 - Work Goals Worksheet_v508C.pdf
2016-07-21 12:58 - 2016-07-21 12:58 - 00472594 _____ C:\Users\Heza\Downloads\411_Disability_Disclosure_complete.pdf
2016-07-21 09:23 - 2016-07-21 09:25 - 00306516 ____H C:\Users\Heza\Downloads\PIP_Mayo.pdf
2016-07-20 17:51 - 2016-07-20 17:51 - 00842338 _____ C:\Users\Heza\Downloads\001EC389.PDF
2016-07-19 19:29 - 2016-07-19 19:29 - 00310152 _____ C:\Users\Heza\Downloads\GDLPageApplication-July 2015 (2).pdf
2016-07-19 19:22 - 2016-07-19 19:29 - 00299764 _____ C:\Users\Heza\Downloads\GDLPageApplication-July 2015 (1).pdf
2016-07-19 19:07 - 2016-07-19 19:07 - 00095023 _____ C:\Users\Heza\Downloads\LG-3S32-3XFB-BZ4W-B6X3.pdf
2016-07-17 17:45 - 2016-08-18 20:34 - 00482107 _____ C:\Users\Heza\Downloads\MRS-2910_498959_7.pdf
2016-07-16 18:52 - 2016-07-16 18:52 - 00124087 _____ C:\Users\Heza\Downloads\12-13 Substitute Appointment Information Sheet (UPDATED)_201302061514117968.pdf
2016-07-11 19:04 - 2016-07-11 19:04 - 00310152 _____ C:\Users\Heza\Downloads\GDLPageApplication-July 2015.pdf
2016-07-11 19:02 - 2016-07-11 19:02 - 00047196 _____ C:\Users\Heza\Downloads\Page-For-Hire-2014-2 (2).pdf
2016-07-11 19:01 - 2016-07-11 19:01 - 00047196 _____ C:\Users\Heza\Downloads\Page-For-Hire-2014-2.pdf
2016-07-11 19:01 - 2016-07-11 19:01 - 00047196 _____ C:\Users\Heza\Downloads\Page-For-Hire-2014-2 (1).pdf
2016-07-10 14:28 - 2016-07-10 14:28 - 00231760 _____ C:\Users\AJ\Downloads\CrucialScan.exe
2016-07-10 14:20 - 2016-07-10 14:20 - 00000000 ____D C:\Users\AJ\Downloads\cpu-z_1.76-en
2016-07-10 14:11 - 2016-07-10 14:11 - 02457291 _____ C:\Users\AJ\Downloads\cpu-z_1.76-en.zip
2016-07-09 21:46 - 2016-07-09 21:46 - 05792848 _____ (Microsoft Corporation) C:\Users\AJ\Downloads\Windows10Upgrade9194.exe
2016-07-09 21:46 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-09 21:46 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-09 21:46 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-09 21:46 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-09 21:46 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-09 21:46 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-09 21:46 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-09 21:46 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-09 21:46 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-09 21:46 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-09 21:46 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-09 21:46 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-09 21:46 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-09 21:46 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-09 21:46 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-09 21:46 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-09 21:46 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-09 21:46 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-09 21:46 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-09 21:46 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-09 21:46 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-09 21:46 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-09 21:46 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-09 21:46 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-09 21:46 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-09 21:46 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-09 21:46 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-09 21:46 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-09 21:46 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-09 21:46 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-09 21:46 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-09 21:46 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-09 21:46 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-09 21:46 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-09 21:46 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-09 21:46 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-09 21:46 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-09 21:46 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-09 21:46 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-09 21:46 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-09 21:46 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-09 21:45 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-09 21:45 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-09 21:42 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-09 21:42 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-09 21:39 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-09 21:39 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-29 10:16 - 2016-06-29 10:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heza\Downloads\mbar-1.09.3.1001.exe
2016-06-29 09:58 - 2016-08-31 13:56 - 00000000 ____D C:\ProgramData\Foxit Software
2016-06-27 19:11 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-27 19:11 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-27 19:11 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-27 19:11 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-27 19:11 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-27 19:11 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-27 15:43 - 2016-06-27 15:43 - 00000000 ____D C:\Users\Heza\AppData\Local\Microsoft Corporation
2016-06-27 15:42 - 2016-06-27 15:42 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2016-06-27 15:42 - 2016-06-27 15:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2016-06-27 15:33 - 2016-06-27 15:34 - 05788016 _____ (Microsoft Corporation) C:\Users\Heza\Downloads\Windows10Upgrade9194.exe
2016-06-27 15:25 - 2016-06-27 15:26 - 00313366 _____ C:\Users\Heza\Downloads\WindowsUpdateDiagnostic.diagcab
2016-06-14 11:51 - 2016-06-14 11:51 - 02476844 _____ C:\Users\Heza\Downloads\CM500_UM_Comcast_TWC_19May2015.pdf
2016-06-10 15:08 - 2016-06-11 16:11 - 00000000 ____D C:\Users\Heza\Documents\SleepyHeadData
2016-06-10 15:06 - 2016-06-10 15:06 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SleepyHead
2016-06-10 15:05 - 2016-06-10 15:06 - 00000000 ____D C:\Program Files (x86)\SleepyHead
2016-06-10 15:02 - 2016-06-10 15:03 - 50288871 _____ C:\Users\Heza\Downloads\SleepyHead-1.0.0-beta-2-Snapshot-Win32-OpenGL-20160422.exe
2016-06-10 09:32 - 2016-06-10 09:32 - 01610816 _____ (Malwarebytes) C:\Users\Heza\Downloads\JRT.exe
2016-06-10 09:27 - 2016-06-10 09:27 - 22851472 _____ (Malwarebytes ) C:\Users\Heza\Downloads\mbam-setup-2.2.1.1043.exe

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 19:29 - 2014-09-28 07:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA.job
2016-09-01 19:27 - 2015-12-26 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 19:27 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-01 19:27 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-01 19:21 - 2009-07-14 01:13 - 00821868 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-01 19:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-01 19:19 - 2014-09-28 07:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core.job
2016-09-01 19:19 - 2013-10-22 10:39 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA.job
2016-09-01 19:19 - 2013-10-22 10:38 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core.job
2016-09-01 19:19 - 2012-02-04 02:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-31 14:38 - 2014-09-22 10:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-31 10:39 - 2015-10-14 11:48 - 00000000 ____D C:\Users\Heza\Desktop\REviews
2016-08-28 14:05 - 2012-02-04 03:00 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-08-28 14:05 - 2012-02-04 02:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-08-28 13:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-28 10:02 - 2013-07-17 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-28 09:10 - 2014-09-22 10:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-27 20:21 - 2016-04-08 19:09 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-27 10:15 - 2013-03-04 18:22 - 00112576 _____ C:\Users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-26 19:52 - 2016-03-31 09:40 - 00000746 _____ C:\Users\Heza\Desktop\2.txt
2016-08-26 11:34 - 2013-09-03 09:08 - 00000000 ____D C:\Users\Heza\Documents\My Digital Editions
2016-08-26 11:34 - 2013-02-28 14:59 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Adobe
2016-08-26 11:25 - 2012-02-04 03:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-26 11:13 - 2014-12-10 14:27 - 00000000 ___DC C:\Temp
2016-08-24 19:12 - 2013-02-28 12:38 - 00000000 ____D C:\Users\Heza
2016-08-24 18:34 - 2009-07-14 00:45 - 00438688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-24 13:26 - 2013-03-04 16:01 - 00790044 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-24 12:21 - 2013-02-28 13:50 - 00112576 _____ C:\Users\Heza\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-24 12:19 - 2013-09-02 20:45 - 00000000 ____D C:\AdwCleaner
2016-08-24 08:54 - 2014-01-11 17:07 - 00000000 ____D C:\Users\Heza\AppData\Roaming\vlc
2016-08-23 19:53 - 2009-07-13 22:34 - 00000439 _____ C:\Windows\win.ini
2016-08-23 17:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-08-23 11:56 - 2013-02-28 12:42 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C92E29A6-AD31-41C1-9B42-B5CAB1F2F196}
2016-08-23 11:03 - 2012-02-04 02:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-23 11:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-08-23 10:55 - 2012-02-04 02:33 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-08-23 10:54 - 2013-02-28 12:40 - 00000000 ____D C:\Users\Heza\AppData\Roaming\hpqlog
2016-08-23 10:53 - 2014-06-29 14:48 - 00000000 ____D C:\Program Files (x86)\Hp
2016-08-21 14:10 - 2014-09-27 20:09 - 01091280 _____ C:\Users\AJ\Downloads\Hillsdale College Transcript.pdf
2016-08-20 17:08 - 2016-02-17 17:08 - 00000000 ____D C:\Users\Heza\Desktop\Med Re
2016-08-20 16:09 - 2013-12-05 23:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-20 16:09 - 2012-12-13 02:40 - 00000000 ____D C:\Program Files\Intel
2016-08-20 16:08 - 2014-01-11 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-20 10:19 - 2014-08-23 06:53 - 00000000 ____D C:\Users\Heza\Documents\Jobs
2016-08-19 22:10 - 2012-12-13 02:40 - 00000000 ____D C:\ProgramData\Intel
2016-08-19 17:01 - 2013-02-28 16:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-18 21:34 - 2013-03-20 18:45 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Foxit Software
2016-08-17 13:08 - 2013-03-05 18:30 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 13:04 - 2013-03-10 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 10:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-14 17:15 - 2013-08-14 08:38 - 00001226 __RSH C:\Users\AJ\ntuser.pol
2016-08-14 17:15 - 2013-03-04 18:22 - 00000000 ____D C:\Users\AJ
2016-08-14 17:12 - 2009-07-14 01:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 10:50 - 2013-07-16 08:41 - 00000000 ____D C:\Windows\system32\MRT
2016-08-13 10:37 - 2013-02-28 16:56 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-12 13:19 - 2015-10-14 11:50 - 00000000 ____D C:\Users\Heza\Desktop\CouponsReceipts
2016-08-09 11:56 - 2013-04-22 10:17 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Foxit Software
2016-08-08 19:00 - 2013-08-14 08:38 - 00000632 __RSH C:\Users\Heza\ntuser.pol
2016-08-08 18:57 - 2015-05-14 09:15 - 00000000 ____D C:\Windows\Temp29A68CC6-7A4E-CE36-DAFD-27A8B9593282-Signatures
2016-08-08 18:57 - 2014-01-09 08:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-08 15:03 - 2013-03-06 10:32 - 00003250 _____ C:\Windows\Sandboxie.ini
2016-08-08 10:29 - 2013-06-23 18:06 - 00000000 ____D C:\Users\Heza\AppData\Local\ElevatedDiagnostics
2016-08-07 18:47 - 2015-02-27 21:08 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-07 18:47 - 2015-02-27 21:08 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-07 14:56 - 2014-09-11 14:05 - 00000000 ____D C:\Users\Heza\AppData\Local\Adobe
2016-08-06 20:01 - 2016-02-02 21:10 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ____D C:\ProgramData\Skype
2016-08-06 14:16 - 2012-02-04 02:37 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-06 14:16 - 2012-02-04 02:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-06 14:16 - 2012-02-04 02:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-06 13:09 - 2014-11-17 15:25 - 00000000 ____D C:\Users\AJ\Desktop\Medical Insurance
2016-08-05 17:47 - 2014-06-10 14:25 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1385439310
2016-08-05 17:47 - 2013-11-26 00:15 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 09:46 - 2013-09-08 20:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 09:46 - 2013-09-08 20:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 21:01 - 2011-02-10 15:23 - 00000000 ____D C:\SWSetup
2016-08-02 15:52 - 2015-09-01 16:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 09:44 - 2013-10-22 10:39 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA
2016-08-02 09:44 - 2013-10-22 10:38 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core
2016-08-02 09:41 - 2013-05-13 13:21 - 00000000 ____D C:\Users\AJ\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2014-07-21 07:26 - 2014-07-21 07:27 - 18144837 _____ () C:\Users\Heza\AppData\Roaming\Mozilla.zip
2014-07-21 07:25 - 2014-07-21 07:28 - 123174907 _____ () C:\Users\Heza\AppData\Local\Google.zip
2014-06-20 10:29 - 2014-06-20 22:18 - 0000705 _____ () C:\Users\Heza\AppData\Local\install_log.txt
2013-02-28 15:38 - 2014-11-19 14:39 - 0007599 _____ () C:\Users\Heza\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-28 14:45

==================== End of FRST.txt ============================

 

 

Here is the additional log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Heza (31-08-2016 09:49:38)
Running from C:\Users\Heza\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-28 16:38:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3786442370-3606699375-2899197878-500 - Administrator - Disabled)
AJ (S-1-5-21-3786442370-3606699375-2899197878-1003 - Limited - Enabled) => C:\Users\AJ
Guest (S-1-5-21-3786442370-3606699375-2899197878-501 - Limited - Disabled)
Heza (S-1-5-21-3786442370-3606699375-2899197878-1000 - Administrator - Enabled) => C:\Users\Heza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998533681.48.56.35467074 - Audible, Inc.)
AzureTools.Notifications.VwdExpress (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 48.0.0.0 - 8pecxstudios)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Fast Duplicate File Finder 4.1.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.1.0.1 - MindGems, Inc.)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.8.0 - FlashPeak Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Garmin City Navigator North America NT 2015.40 (HKLM-x32\...\{FA3EB65C-FB8F-4C1D-BAC1-9EB29F537C56}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Analytics Opt-out Browser Add-on (HKLM\...\{82B280A2-521E-4D30-AF15-38CD6D5CB629}) (Version: 0.9.6.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
HD View (HKLM-x32\...\{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}) (Version: 3.3.0 - Microsoft Research)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Kenshoo Editor (HKLM\...\{66563492-1CC6-4DFB-80FF-788516E0284E}) (Version: 3.2.100 - Kenshoo)
Kenshoo Editor (HKLM-x32\...\{2A51139B-4779-4FEC-8F16-7DFBE8DCB88C}) (Version: 3.6.100 - Kenshoo)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio Express 2013 for Web (HKLM-x32\...\{650C1876-35BD-4D71-80F6-FBC7CA5F4B1C}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 48.0.1 (x86 en-US) (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Qualys BrowserCheck (HKLM-x32\...\{80112B33-B9C0-424C-8C9C-7684C238325E}) (Version: 1.1.1 - Qualys)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SleepyHead (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\{c6a15b5c-223f-4a42-9800-52e3eda4d0a5}) (Version: 1.0.0-1 - Jedimark)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.9 - Tweaking.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12F53B00-925C-425C-AD95-18D1A537ACD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {16586A15-3058-4F8A-8DB2-C58EC4B8ECD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {2871755E-6C1D-4E5F-8FDA-DE522678EE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {2BD9CA5F-9D7A-40B8-9019-05B6912E02FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {49C52653-9995-4609-AA8D-ADA17EF7EC54} - System32\Tasks\HPCeeScheduleForHeza => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {4D93867F-8F56-47A5-9A43-12D6D8A725BF} - System32\Tasks\{07693550-F0F7-4F8A-9D43-240A7C782E56} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.85.109/en/privacy
Task: {56529D77-3A4B-4815-94AB-09811CE0BB92} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {5DFA5025-2C43-470F-9575-865BFF58E011} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {5F1839CF-05F6-464B-BB8B-A7AAA181D1AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {60889A2E-636F-497F-94C4-ABAD7E3FEA78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {64F7ECCB-5421-4955-B962-F1B4CDC315BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {65511607-C7A1-4A45-AC0A-DAB4A8DEC7DC} - System32\Tasks\{323544BA-C4EE-45DC-99E2-9496E8ECD6BF} => pcalua.exe -a C:\Users\Heza\Downloads\sp66089.exe -d C:\Users\Heza\Downloads
Task: {65764FC0-1148-441B-8CED-E07BD30557BA} - System32\Tasks\{DA463DAF-EB52-4542-9FAC-3F84ED9D0209} => pcalua.exe -a C:\Users\Heza\Downloads\SUPERAntiSpyware.exe -d C:\Users\Heza\Downloads
Task: {65991DA3-561D-49AC-8302-7089008D59DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
Task: {6EE2D1B4-7D42-4CE0-AEF1-E25A1FB72EC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {74AF825D-F54A-409E-9B46-2CC586A01233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7CEB5F54-3258-477D-B486-D52B48F3EB75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {7F25EDF2-8F62-4657-8FB0-6AD58FDBEA2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {850DAB09-D6CE-48BF-A6AA-B856FBBBF119} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9B663958-9994-4808-BABB-2B0D986FA68E} - System32\Tasks\{F7509085-447B-448F-B10A-A5BE5CD7ED82} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.85.109/en/eula
Task: {9C2C1C33-BAF5-45E0-8B05-967A2B570FC2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {9E3632B8-5B9F-4758-95DA-00330BCF6D3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {A52B5159-81B6-486C-90AC-1EF9DA36AE92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {A75CAC43-7087-4CCA-AF51-E74BCE545E48} - System32\Tasks\Opera scheduled Autoupdate 1385439310 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {B47D76D1-D0BE-446C-8E35-7BD6EA2982E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {BCF40D04-99EA-4FBC-9BCA-AD6963D9BEAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D668E073-3AEA-49CF-94D9-7C8BD3C5E55D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E28C5615-6623-4402-A831-809C5DC9734E} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {E5078EDF-45CB-4663-86FB-A88EF4AC45CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E5F61E3E-44BE-4754-A8C6-586EE91856B6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {EEAF6ABF-F550-41C6-8A3A-83A6C030BD5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F84B9E9B-7112-4A19-9D27-14EF857E1270} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {FDEFA813-5C5A-4E82-8485-109F57FAC56B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {FE9DD9D1-A21B-4F60-9B19-CDB3C1A52A45} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core.job => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA.job => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core.job => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA.job => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeza.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 11:44 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-26 11:27 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-06-11 22:16 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2012-12-13 02:40 - 2011-12-16 16:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-01-05 21:24 - 2012-01-05 21:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-07-12 11:58 - 2016-07-12 11:58 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a8eeeddc97028a9f94d0518c22f4c2c\IsdiInterop.ni.dll
2012-12-13 02:40 - 2011-11-30 00:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-13 02:40 - 2011-12-16 14:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\AJ\Documents\Hillsdale Transcript.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\AJ\Documents\Hillsdale Transcript.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-23 19:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: DirMngr => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^Users^Heza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeyScrambler => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A947A1DB-F111-4BBD-B2F1-1515F6E019CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EEAFE27A-481D-43A9-8C2C-B4AC6784382A}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{B0C79ECC-44C3-400D-BD79-BB53759B8F0D}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{03892706-FEE1-4AD1-9F10-E9034CC41452}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{5D1A2BF8-9D6F-4529-A79A-C05F49A379FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{54DCE463-BAEA-4DB0-B5E7-07E6389983A3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{2B806167-24BC-432D-8785-2A57B95B6E18}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F7CEBD1D-DDBF-4680-A6A9-DC9F1268D9B4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A8BC71C7-A8C9-4620-9A64-201E2BC17E77}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{D17A1F62-4A96-484A-8CDF-F4D8C86E413D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{434F0D15-DEF0-4B01-9255-BADE2BC3A8C7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E48E2273-C1D7-4EEF-BFA8-809D5D68DEA9}] => (Allow) LPort=2869
FirewallRules: [{07AE2038-1D96-47C1-A561-2B005CEE83B5}] => (Allow) LPort=1900
FirewallRules: [{00231933-9EEC-4474-83E0-15DD9444D89D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{A46C612B-049B-4C7F-BFA5-B38244F983C1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{34E74EDC-D04C-44E0-B630-742CFC89DEF5}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8D8312CF-08D4-4E6B-AF4C-1AA74F77F8CE}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B00C2D67-DBD3-4294-93A6-700016FC7F2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA2126EC-F5F3-4FF1-AAF2-8302E76D15AA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A47BCBE0-3D24-46F6-8B7A-1969F96154BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D5037CE2-6735-45F1-8796-B80C95116396}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7225A0D3-A788-489E-A4DB-BB7842BB3BD4}] => (Allow) LPort=1900
FirewallRules: [{53FE9826-5676-4DC3-8C7E-9FFC7657AC97}] => (Allow) LPort=1900
FirewallRules: [{6C11DA9D-B60B-485F-8839-E2C2370AA78F}] => (Allow) LPort=2869
FirewallRules: [{2A680651-F97B-4693-A7FA-D805EF8CD72D}] => (Allow) LPort=2869
FirewallRules: [{05228670-A90E-403A-8DCF-D667EEE87C6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{226BBEB7-C019-494D-838D-9902090C6F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24114541-DA91-456A-9B64-D802AABF380C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4E57F24A-4688-4133-9526-48BF2A138B1A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D79939EF-A711-415C-BA84-5D5F82D77861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B012820-D716-47A4-B79B-C9149029773D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A01C1DFB-6D72-4215-B472-3D433CAF3FAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81A6AECD-2AA7-4F78-BF01-C360B16EB805}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBFBDA2B-F6D5-4564-A15E-D96C22BDE966}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46A7C03C-6AD5-411B-9A35-6FA240CF839A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D6BBAF4-9985-4FD7-90F5-D0F1E8D696E3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{187444E6-FCAD-428B-9239-D7DB75D5BD7E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{24A821C3-E0ED-454D-9AB5-C41B0BC6B3B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7DF76DEE-2E6E-4E76-894C-073180F924E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{805960D1-A685-4975-BB5B-60399C543C82}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{814C19AA-B1E8-43DA-B9A6-72A466EB6A5A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7AB828A1-23D7-4C72-BC4C-E5F4E1B5B966}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A30304C-AB1D-4460-A135-19966BF9A135}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{167667AF-8C62-451B-AC62-01373C7BECCF}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe

==================== Restore Points =========================

23-08-2016 10:17:12 Installed HP Support Solutions Framework
23-08-2016 10:30:39 Installed HP Support Assistant
23-08-2016 10:52:16 Installed HP Support Assistant
23-08-2016 10:58:18 Windows Modules Installer
23-08-2016 11:00:16 Windows Modules Installer
23-08-2016 19:16:48 Tweaking.com - Windows Repair
23-08-2016 19:18:34 Tweaking.com - Windows Repair
23-08-2016 19:19:10 Tweaking.com - Windows Repair
23-08-2016 22:58:11 Windows Update
26-08-2016 11:21:06 Revo Uninstaller's restore point - Motorola Device Manager
26-08-2016 11:21:50 Revo Uninstaller's restore point - Motorola Device Manager
26-08-2016 11:24:17 Revo Uninstaller's restore point - Google Sitemap Generator (Beta)
26-08-2016 11:24:37 Removed Google Sitemap Generator (Beta)
27-08-2016 10:33:05 Windows Update
31-08-2016 09:24:36 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2016 08:16:42 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/26/2016 02:07:04 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:07:03 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 13D2DBC

Error: (08/26/2016 02:06:34 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:06:33 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 122DBC

Error: (08/26/2016 02:06:04 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:06:03 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: D42DBC

Error: (08/26/2016 02:05:34 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:05:33 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: D42DBC

Error: (08/26/2016 02:05:04 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002


System errors:
=============
Error: (08/31/2016 09:04:59 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Error: (08/30/2016 11:16:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSupportSolutionsFrameworkService service.

Error: (08/30/2016 01:52:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (08/29/2016 06:27:58 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.3 with the system
having network hardware address B0-79-94-3C-7B-00. Network operations on this system may
be disrupted as a result.

Error: (08/29/2016 06:27:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/29/2016 03:02:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.23.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.23.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (08/29/2016 03:02:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.931.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13000.0&avdelta=1.227.931.0&asdelta=1.227.931.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (08/29/2016 03:02:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.931.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13000.0&avdelta=1.227.931.0&asdelta=1.227.931.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (08/29/2016 03:02:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.931.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x8024402c

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/28/2016 06:25:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.


CodeIntegrity:
===================================
  Date: 2016-02-10 14:32:06.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 11:26:27.060
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.060
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.045
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.029
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.310
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.263
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.215
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.164
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:24.361
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3992.36 MB
Available physical RAM: 2569.82 MB
Total Virtual: 7982.9 MB
Available Virtual: 6180.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.57 GB) (Free:339.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.9 GB) (Free:1.52 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (DARK HORSE) (Removable) (Total:7.45 GB) (Free:2.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7066FE53)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 02 September 2016 - 04:03 AM

Hi,
please rerun TDSS-Killer as instructed below.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 BullDog61

BullDog61
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 02 September 2016 - 10:20 AM

Here is the TDSS report.

 

11:14:22.0837 0x18cc  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
11:14:29.0520 0x18cc  ============================================================
11:14:29.0520 0x18cc  Current date / time: 2016/09/02 11:14:29.0520
11:14:29.0520 0x18cc  SystemInfo:
11:14:29.0520 0x18cc  
11:14:29.0520 0x18cc  OS Version: 6.1.7601 ServicePack: 1.0
11:14:29.0520 0x18cc  Product type: Workstation
11:14:29.0521 0x18cc  ComputerName: JELLYBELLY
11:14:29.0521 0x18cc  UserName: Heza
11:14:29.0521 0x18cc  Windows directory: C:\Windows
11:14:29.0521 0x18cc  System windows directory: C:\Windows
11:14:29.0521 0x18cc  Running under WOW64
11:14:29.0521 0x18cc  Processor architecture: Intel x64
11:14:29.0521 0x18cc  Number of processors: 4
11:14:29.0521 0x18cc  Page size: 0x1000
11:14:29.0521 0x18cc  Boot type: Normal boot
11:14:29.0521 0x18cc  CodeIntegrityOptions = 0x00000001
11:14:29.0521 0x18cc  ============================================================
11:14:30.0239 0x18cc  KLMD registered as C:\Windows\system32\drivers\27139848.sys
11:14:30.0240 0x18cc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23455, osProperties = 0x1
11:14:32.0916 0x18cc  System UUID: {A83DE62B-C29D-7C14-A9B6-9A6B61606AE9}
11:14:34.0209 0x18cc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:14:34.0230 0x18cc  Drive \Device\Harddisk1\DR3 - Size: 0x1DD180000 ( 7.45 Gb ), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:14:34.0235 0x18cc  ============================================================
11:14:34.0235 0x18cc  \Device\Harddisk0\DR0:
11:14:34.0235 0x18cc  MBR partitions:
11:14:34.0235 0x18cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:14:34.0235 0x18cc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37923800
11:14:34.0235 0x18cc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37987800, BlocksNum 0x29CA800
11:14:34.0235 0x18cc  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33800
11:14:34.0235 0x18cc  \Device\Harddisk1\DR3:
11:14:34.0236 0x18cc  MBR partitions:
11:14:34.0236 0x18cc  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
11:14:34.0236 0x18cc  ============================================================
11:14:34.0557 0x18cc  C: <-> \Device\Harddisk0\DR0\Partition2
11:14:34.0706 0x18cc  D: <-> \Device\Harddisk0\DR0\Partition3
11:14:34.0713 0x18cc  F: <-> \Device\Harddisk0\DR0\Partition4
11:14:34.0714 0x18cc  ============================================================
11:14:34.0714 0x18cc  Initialize success
11:14:34.0714 0x18cc  ============================================================
11:15:13.0624 0x1b4c  ============================================================
11:15:13.0624 0x1b4c  Scan started
11:15:13.0624 0x1b4c  Mode: Manual; SigCheck; TDLFS;
11:15:13.0624 0x1b4c  ============================================================
11:15:13.0624 0x1b4c  KSN ping started
11:15:13.0951 0x1b4c  KSN ping finished: true
11:15:16.0198 0x1b4c  ================ Scan system memory ========================
11:15:16.0198 0x1b4c  System memory - ok
11:15:16.0198 0x1b4c  ================ Scan services =============================
11:15:16.0369 0x1b4c  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:15:16.0525 0x1b4c  !SASCORE - ok
11:15:17.0290 0x1b4c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:15:17.0493 0x1b4c  1394ohci - ok
11:15:17.0539 0x1b4c  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
11:15:17.0633 0x1b4c  Accelerometer - ok
11:15:17.0851 0x1b4c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:15:17.0929 0x1b4c  ACPI - ok
11:15:17.0992 0x1b4c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:15:18.0132 0x1b4c  AcpiPmi - ok
11:15:18.0304 0x1b4c  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:15:18.0335 0x1b4c  AdobeARMservice - ok
11:15:18.0663 0x1b4c  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:18.0709 0x1b4c  AdobeFlashPlayerUpdateSvc - ok
11:15:18.0803 0x1b4c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:15:18.0881 0x1b4c  adp94xx - ok
11:15:19.0006 0x1b4c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:15:19.0068 0x1b4c  adpahci - ok
11:15:19.0146 0x1b4c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:15:19.0193 0x1b4c  adpu320 - ok
11:15:19.0255 0x1b4c  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:15:19.0365 0x1b4c  AeLookupSvc - ok
11:15:19.0536 0x1b4c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
11:15:19.0770 0x1b4c  AFD - ok
11:15:19.0833 0x1b4c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:15:19.0864 0x1b4c  agp440 - ok
11:15:19.0926 0x1b4c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:15:20.0269 0x1b4c  ALG - ok
11:15:20.0347 0x1b4c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:15:20.0394 0x1b4c  aliide - ok
11:15:20.0472 0x1b4c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:15:20.0519 0x1b4c  amdide - ok
11:15:20.0581 0x1b4c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:15:20.0675 0x1b4c  AmdK8 - ok
11:15:20.0722 0x1b4c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:15:20.0847 0x1b4c  AmdPPM - ok
11:15:20.0909 0x1b4c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:15:20.0956 0x1b4c  amdsata - ok
11:15:21.0003 0x1b4c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:15:21.0049 0x1b4c  amdsbs - ok
11:15:21.0081 0x1b4c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:15:21.0112 0x1b4c  amdxata - ok
11:15:21.0330 0x1b4c  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
11:15:21.0580 0x1b4c  AppHostSvc - ok
11:15:21.0673 0x1b4c  [ 5F9389D9A2D5A2A7B03DC92914B43A88, CCF08F6BCF2479CA97055A88849CB2E1D7DD32DD87AC3833CB349E788F594AAF ] AppID           C:\Windows\system32\drivers\appid.sys
11:15:21.0923 0x1b4c  AppID - ok
11:15:21.0985 0x1b4c  [ 4EC449C6A6FE42F2E44F25C17D17C9F1, 24161794DEC599427F370970F7E03548F55BC8A4A58F3B667F565E571BCA0100 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:15:22.0063 0x1b4c  AppIDSvc - ok
11:15:22.0110 0x1b4c  [ B46099A534B7989D80330EA82D9092D6, 0CAC09732FAFAE805E55428B6BE001DCC39EBC599539FADE7AA68571A8A554E5 ] Appinfo         C:\Windows\System32\appinfo.dll
11:15:22.0235 0x1b4c  Appinfo - ok
11:15:22.0407 0x1b4c  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:15:22.0485 0x1b4c  Apple Mobile Device Service - ok
11:15:22.0531 0x1b4c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
11:15:22.0578 0x1b4c  arc - ok
11:15:22.0609 0x1b4c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:15:22.0656 0x1b4c  arcsas - ok
11:15:23.0031 0x1b4c  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:15:23.0093 0x1b4c  aspnet_state - ok
11:15:23.0124 0x1b4c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:15:23.0265 0x1b4c  AsyncMac - ok
11:15:23.0311 0x1b4c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:15:23.0358 0x1b4c  atapi - ok
11:15:23.0499 0x1b4c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:15:23.0717 0x1b4c  AudioEndpointBuilder - ok
11:15:23.0857 0x1b4c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:15:23.0951 0x1b4c  AudioSrv - ok
11:15:24.0060 0x1b4c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:15:24.0201 0x1b4c  AxInstSV - ok
11:15:24.0325 0x1b4c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:15:24.0513 0x1b4c  b06bdrv - ok
11:15:24.0622 0x1b4c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:15:24.0778 0x1b4c  b57nd60a - ok
11:15:24.0981 0x1b4c  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
11:15:25.0183 0x1b4c  BCM43XX - ok
11:15:25.0246 0x1b4c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:15:25.0433 0x1b4c  BDESVC - ok
11:15:25.0480 0x1b4c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:15:25.0620 0x1b4c  Beep - ok
11:15:25.0776 0x1b4c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:15:26.0010 0x1b4c  BFE - ok
11:15:26.0244 0x1b4c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
11:15:26.0619 0x1b4c  BITS - ok
11:15:26.0712 0x1b4c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:15:26.0806 0x1b4c  blbdrive - ok
11:15:26.0915 0x1b4c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:15:26.0993 0x1b4c  Bonjour Service - ok
11:15:27.0055 0x1b4c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:15:27.0180 0x1b4c  bowser - ok
11:15:27.0227 0x1b4c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:15:27.0305 0x1b4c  BrFiltLo - ok
11:15:27.0367 0x1b4c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:15:27.0461 0x1b4c  BrFiltUp - ok
11:15:27.0539 0x1b4c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:15:27.0679 0x1b4c  Browser - ok
11:15:27.0742 0x1b4c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:15:27.0913 0x1b4c  Brserid - ok
11:15:27.0945 0x1b4c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:15:28.0023 0x1b4c  BrSerWdm - ok
11:15:28.0069 0x1b4c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:15:28.0132 0x1b4c  BrUsbMdm - ok
11:15:28.0194 0x1b4c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:15:28.0288 0x1b4c  BrUsbSer - ok
11:15:28.0397 0x1b4c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:15:28.0475 0x1b4c  BTHMODEM - ok
11:15:28.0553 0x1b4c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:15:28.0756 0x1b4c  bthserv - ok
11:15:28.0881 0x1b4c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:15:29.0115 0x1b4c  cdfs - ok
11:15:29.0208 0x1b4c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:15:29.0349 0x1b4c  cdrom - ok
11:15:29.0395 0x1b4c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:15:29.0567 0x1b4c  CertPropSvc - ok
11:15:29.0754 0x1b4c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:15:29.0863 0x1b4c  circlass - ok
11:15:29.0926 0x1b4c  [ FF60401F1C659CA2ED4BAE85D3FD14DA, 71EEA0078E1545A2F80B0020BE7113843B713DE1A5CC20D9810BD9F3889A4DB0 ] CISVC           C:\Windows\system32\CISVC.EXE
11:15:30.0144 0x1b4c  CISVC - ok
11:15:30.0331 0x1b4c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
11:15:30.0409 0x1b4c  CLFS - ok
11:15:31.0657 0x1b4c  [ 5A2EF42528D1D2D3C8732FC1A7CDD16D, B961D2F4B7DA5FF68AFCD10FDAC545442FEC8CF05D7D6BB4A00E2F5A2F2950F0 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:15:31.0938 0x1b4c  ClickToRunSvc - ok
11:15:32.0141 0x1b4c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:32.0172 0x1b4c  clr_optimization_v2.0.50727_32 - ok
11:15:32.0281 0x1b4c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:15:32.0313 0x1b4c  clr_optimization_v2.0.50727_64 - ok
11:15:32.0671 0x1b4c  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:15:32.0718 0x1b4c  clr_optimization_v4.0.30319_32 - ok
11:15:32.0827 0x1b4c  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:15:32.0874 0x1b4c  clr_optimization_v4.0.30319_64 - ok
11:15:32.0905 0x1b4c  clwvd - ok
11:15:32.0952 0x1b4c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:15:33.0015 0x1b4c  CmBatt - ok
11:15:33.0108 0x1b4c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:15:33.0171 0x1b4c  cmdide - ok
11:15:33.0373 0x1b4c  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:15:33.0451 0x1b4c  CNG - ok
11:15:33.0514 0x1b4c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:15:33.0561 0x1b4c  Compbatt - ok
11:15:33.0623 0x1b4c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:15:33.0919 0x1b4c  CompositeBus - ok
11:15:33.0951 0x1b4c  COMSysApp - ok
11:15:35.0167 0x1b4c  [ FC5C8393880F46457DD9F001F83F79AF, D70373B26434DF5535E5903BC6525E1649190BBF31E53B2E63C9A8B34919BBC8 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:15:35.0245 0x1b4c  cphs - ok
11:15:35.0355 0x1b4c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:15:35.0386 0x1b4c  crcdisk - ok
11:15:35.0713 0x1b4c  [ B1962E21F74697AB442FA4432B970E85, DADE4C90624EC928699246785E3DF73D795B5C68834FCD99D3063AD647423D12 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:15:35.0901 0x1b4c  CryptSvc - ok
11:15:35.0994 0x1b4c  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:15:36.0135 0x1b4c  DcomLaunch - ok
11:15:36.0369 0x1b4c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:15:36.0556 0x1b4c  defragsvc - ok
11:15:36.0618 0x1b4c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:15:36.0759 0x1b4c  DfsC - ok
11:15:36.0837 0x1b4c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:15:37.0008 0x1b4c  Dhcp - ok
11:15:37.0164 0x1b4c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
11:15:37.0445 0x1b4c  DiagTrack - ok
11:15:38.0131 0x1b4c  [ 05F99DFF3A8D705F9AA6B87224F7BEB1, DDE133A44A330A07A0EB961559C840BBFC9D9E0CCA27DE0B4284C76BCAD31EDE ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
11:15:38.0287 0x1b4c  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
11:15:38.0475 0x1b4c  Detect skipped due to KSN trusted
11:15:38.0475 0x1b4c  DirMngr - ok
11:15:38.0506 0x1b4c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:15:38.0662 0x1b4c  discache - ok
11:15:38.0709 0x1b4c  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
11:15:38.0755 0x1b4c  Disk - ok
11:15:38.0927 0x1b4c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:15:39.0067 0x1b4c  Dnscache - ok
11:15:39.0161 0x1b4c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:15:39.0348 0x1b4c  dot3svc - ok
11:15:39.0442 0x1b4c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:15:39.0551 0x1b4c  DPS - ok
11:15:39.0629 0x1b4c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:15:39.0723 0x1b4c  drmkaud - ok
11:15:39.0988 0x1b4c  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:15:40.0097 0x1b4c  DXGKrnl - ok
11:15:40.0175 0x1b4c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:15:40.0456 0x1b4c  EapHost - ok
11:15:40.0908 0x1b4c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:15:41.0407 0x1b4c  ebdrv - ok
11:15:41.0532 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] EFS             C:\Windows\System32\lsass.exe
11:15:41.0704 0x1b4c  EFS - ok
11:15:41.0782 0x1b4c  [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
11:15:41.0829 0x1b4c  ElbyCDIO - ok
11:15:41.0953 0x1b4c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:15:42.0047 0x1b4c  elxstor - ok
11:15:42.0141 0x1b4c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:15:42.0219 0x1b4c  ErrDev - ok
11:15:42.0359 0x1b4c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:15:42.0499 0x1b4c  EventSystem - ok
11:15:42.0593 0x1b4c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:15:42.0749 0x1b4c  exfat - ok
11:15:42.0811 0x1b4c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:15:43.0077 0x1b4c  fastfat - ok
11:15:43.0233 0x1b4c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:15:43.0420 0x1b4c  Fax - ok
11:15:43.0451 0x1b4c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
11:15:43.0545 0x1b4c  fdc - ok
11:15:43.0591 0x1b4c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:15:43.0701 0x1b4c  fdPHost - ok
11:15:43.0763 0x1b4c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:15:43.0888 0x1b4c  FDResPub - ok
11:15:43.0981 0x1b4c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:15:44.0013 0x1b4c  FileInfo - ok
11:15:44.0044 0x1b4c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:15:44.0169 0x1b4c  Filetrace - ok
11:15:44.0231 0x1b4c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:15:44.0309 0x1b4c  flpydisk - ok
11:15:44.0356 0x1b4c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:15:44.0418 0x1b4c  FltMgr - ok
11:15:44.0699 0x1b4c  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
11:15:44.0964 0x1b4c  FontCache - ok
11:15:45.0073 0x1b4c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:15:45.0120 0x1b4c  FontCache3.0.0.0 - ok
11:15:45.0807 0x1b4c  [ C13043DD1AACD759A36BA31CF084D38F, 93FE2E26EA517B3F87CC06F32A1ABA92082237F8A16FB0745955F6F76A217154 ] FoxitReaderService C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
11:15:46.0524 0x1b4c  FoxitReaderService - ok
11:15:46.0633 0x1b4c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:15:46.0680 0x1b4c  FsDepends - ok
11:15:46.0727 0x1b4c  [ B3EB502D2C3F47C47415F85387DFAEF1, 5240D4281BB9FBFBFEB98522D12F0C006BE063C084C2E6E23DACB6606CDC25AE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
11:15:46.0774 0x1b4c  fssfltr - ok
11:15:47.0101 0x1b4c  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:15:47.0273 0x1b4c  fsssvc - ok
11:15:47.0335 0x1b4c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:15:47.0367 0x1b4c  Fs_Rec - ok
11:15:47.0413 0x1b4c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:15:47.0476 0x1b4c  fvevol - ok
11:15:47.0538 0x1b4c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:15:47.0569 0x1b4c  gagp30kx - ok
11:15:48.0006 0x1b4c  [ 8C0A6229A1256930DEF4D79B2C0BA25C, 2C4EA836494F148E7C83FC81593305E986C8E2D801A35903CF603FC86D925DCE ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
11:15:48.0115 0x1b4c  Garmin Device Interaction Service - ok
11:15:48.0225 0x1b4c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:15:48.0256 0x1b4c  GEARAspiWDM - ok
11:15:48.0303 0x1b4c  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
11:15:48.0349 0x1b4c  gfibto - ok
11:15:48.0599 0x1b4c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
11:15:48.0802 0x1b4c  gpsvc - ok
11:15:48.0880 0x1b4c  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
11:15:48.0911 0x1b4c  grmnusb - ok
11:15:49.0083 0x1b4c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:15:49.0129 0x1b4c  gupdate - ok
11:15:49.0192 0x1b4c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:15:49.0223 0x1b4c  gupdatem - ok
11:15:49.0285 0x1b4c  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:15:49.0582 0x1b4c  gusvc - ok
11:15:49.0691 0x1b4c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:15:49.0785 0x1b4c  hcw85cir - ok
11:15:49.0863 0x1b4c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:15:49.0972 0x1b4c  HdAudAddService - ok
11:15:50.0050 0x1b4c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:15:50.0143 0x1b4c  HDAudBus - ok
11:15:50.0221 0x1b4c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:15:50.0299 0x1b4c  HidBatt - ok
11:15:50.0331 0x1b4c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:15:50.0424 0x1b4c  HidBth - ok
11:15:50.0518 0x1b4c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:15:50.0627 0x1b4c  HidIr - ok
11:15:50.0736 0x1b4c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
11:15:50.0908 0x1b4c  hidserv - ok
11:15:51.0001 0x1b4c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:15:51.0126 0x1b4c  HidUsb - ok
11:15:51.0189 0x1b4c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:15:51.0376 0x1b4c  hkmsvc - ok
11:15:51.0594 0x1b4c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:15:51.0703 0x1b4c  HomeGroupListener - ok
11:15:51.0891 0x1b4c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:15:52.0015 0x1b4c  HomeGroupProvider - ok
11:15:52.0281 0x1b4c  [ 7B8C1B09C11E8DB7C4480ABD7D17E821, 0E35FD439B24CEAD623A5D7319B865A6BCE6F1F3057671F62B4F844D8EC3D206 ] HPAuto          C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:15:52.0374 0x1b4c  HPAuto - ok
11:15:52.0499 0x1b4c  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:15:52.0546 0x1b4c  HPClientSvc - ok
11:15:52.0639 0x1b4c  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\drivers\hpdskflt.sys
11:15:52.0671 0x1b4c  hpdskflt - ok
11:15:53.0170 0x1b4c  [ 0E0E87820BB4431B176A00FB95B5503F, 91D35BEDEAEFA32F8B6A31318E70B954CFA1AFA74D02E3918FEF8135C82C57B3 ] hpqcaslwmiex    C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
11:15:53.0794 0x1b4c  hpqcaslwmiex - ok
11:15:54.0121 0x1b4c  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:15:54.0277 0x1b4c  hpqwmiex - ok
11:15:54.0324 0x1b4c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:15:54.0371 0x1b4c  HpSAMD - ok
11:15:54.0402 0x1b4c  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
11:15:54.0433 0x1b4c  hpsrv - ok
11:15:54.0543 0x1b4c  [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
11:15:54.0683 0x1b4c  HPSupportSolutionsFrameworkService - ok
11:15:54.0823 0x1b4c  [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:15:54.0870 0x1b4c  HPWMISVC - ok
11:15:55.0057 0x1b4c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:15:55.0338 0x1b4c  HTTP - ok
11:15:55.0369 0x1b4c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:15:55.0416 0x1b4c  hwpolicy - ok
11:15:55.0447 0x1b4c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:15:55.0525 0x1b4c  i8042prt - ok
11:15:55.0635 0x1b4c  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\drivers\iaStor.sys
11:15:55.0697 0x1b4c  iaStor - ok
11:15:55.0853 0x1b4c  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:15:55.0884 0x1b4c  IAStorDataMgrSvc - ok
11:15:55.0993 0x1b4c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:15:56.0071 0x1b4c  iaStorV - ok
11:15:56.0321 0x1b4c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:15:56.0415 0x1b4c  idsvc - ok
11:15:56.0446 0x1b4c  IEEtwCollectorService - ok
11:15:58.0458 0x1b4c  [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:16:00.0205 0x1b4c  igfx - ok
11:16:00.0283 0x1b4c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:16:00.0330 0x1b4c  iirsp - ok
11:16:00.0424 0x1b4c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:16:00.0580 0x1b4c  IKEEXT - ok
11:16:00.0673 0x1b4c  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:16:00.0814 0x1b4c  IntcDAud - ok
11:16:01.0079 0x1b4c  [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:16:01.0141 0x1b4c  Intel® Capability Licensing Service Interface - ok
11:16:01.0204 0x1b4c  [ C9DCE1CB628AEED3C0C30ABBF4F1E718, 794E6BE05010E315C321DA75ED8FF427CAF3C2AA7C723B267CB22A5D9FC8C4C8 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
11:16:01.0266 0x1b4c  Intel® ME Service - ok
11:16:01.0282 0x1b4c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:16:01.0313 0x1b4c  intelide - ok
11:16:01.0360 0x1b4c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:16:01.0469 0x1b4c  intelppm - ok
11:16:01.0500 0x1b4c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:16:01.0703 0x1b4c  IPBusEnum - ok
11:16:01.0750 0x1b4c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:16:01.0906 0x1b4c  IpFilterDriver - ok
11:16:02.0031 0x1b4c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:16:02.0327 0x1b4c  iphlpsvc - ok
11:16:02.0374 0x1b4c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:16:02.0467 0x1b4c  IPMIDRV - ok
11:16:02.0514 0x1b4c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:16:02.0655 0x1b4c  IPNAT - ok
11:16:02.0764 0x1b4c  [ F96B9EDC032E61EB87652896E92ED526, F9E3CD2FA2D963C56034A4F606869467FDC6647B916CF457249270E6C337A8A5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:16:02.0842 0x1b4c  iPod Service - ok
11:16:02.0904 0x1b4c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:16:02.0967 0x1b4c  IRENUM - ok
11:16:03.0045 0x1b4c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:16:03.0091 0x1b4c  isapnp - ok
11:16:03.0201 0x1b4c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:16:03.0247 0x1b4c  iScsiPrt - ok
11:16:03.0310 0x1b4c  [ 8E4577C6E0D3114170509159DE658907, 2FC7F96766537716503AB1BAD7EBDB2F16F3CE1584AF4261D57C6A4E00E1A417 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
11:16:03.0341 0x1b4c  iusb3hcs - ok
11:16:03.0388 0x1b4c  [ FE76346E9B57DA575BD1B3BD0CCAD7FF, 8961A08326F66E9FDF63912797C605FEEC23F9B0453D132AB6897DA98BC9AEAB ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
11:16:03.0466 0x1b4c  iusb3hub - ok
11:16:03.0528 0x1b4c  [ 1008CD90DA2198FFD250298DEB9DF160, 2CBA5FF2369861E8F8A55799AFFFC8E5B331A8BD17B559641E87A4C6C0D70206 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
11:16:03.0606 0x1b4c  iusb3xhc - ok
11:16:03.0653 0x1b4c  [ 3628933AF5305EAB8173949BFF912F04, 8609C196B8D5D941CE7181E849A7C44E658BD66995D1405B80D42F1C029B09EB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
11:16:03.0684 0x1b4c  jhi_service - ok
11:16:03.0762 0x1b4c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:16:03.0825 0x1b4c  kbdclass - ok
11:16:03.0949 0x1b4c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:16:04.0152 0x1b4c  kbdhid - ok
11:16:04.0183 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] KeyIso          C:\Windows\system32\lsass.exe
11:16:04.0199 0x1b4c  KeyIso - ok
11:16:04.0308 0x1b4c  [ 783BEB99743BACB9586CCB70356449C5, CEE63FC2E7937B181743D4CFE837FFB29E3BF94BBA5394A3B5FFAF5142EF0D48 ] KeyScrambler    C:\Windows\system32\drivers\keyscrambler.sys
11:16:04.0495 0x1b4c  KeyScrambler - ok
11:16:04.0558 0x1b4c  [ CFBA6BCBBDC7E33813D92FFB3460FA07, 4BE0DF9AC976A991731C784CD3F32C4CED67AD58267658F046798E84BA1BF78C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:16:04.0605 0x1b4c  KSecDD - ok
11:16:04.0667 0x1b4c  [ CE66825289EE8326CB52C4E9E785ACB0, 41113B55F891A300C7967F585F59921917EC0718C26798946056B1DE534EE0E3 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:16:04.0729 0x1b4c  KSecPkg - ok
11:16:04.0839 0x1b4c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:16:04.0979 0x1b4c  ksthunk - ok
11:16:05.0151 0x1b4c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:16:05.0447 0x1b4c  KtmRm - ok
11:16:05.0572 0x1b4c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:16:05.0993 0x1b4c  LanmanServer - ok
11:16:06.0118 0x1b4c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:16:06.0399 0x1b4c  LanmanWorkstation - ok
11:16:06.0586 0x1b4c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:16:07.0101 0x1b4c  lltdio - ok
11:16:07.0147 0x1b4c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:16:07.0288 0x1b4c  lltdsvc - ok
11:16:07.0381 0x1b4c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:16:07.0522 0x1b4c  lmhosts - ok
11:16:07.0662 0x1b4c  [ BF22ACF4CF3734D61357E67F0521BC03, EDDFBDC4BE29BF26904B2DF7074F471711238469CDDBED1CA253A49B993F53DF ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:16:07.0709 0x1b4c  LMS - ok
11:16:07.0787 0x1b4c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:16:07.0865 0x1b4c  LSI_FC - ok
11:16:07.0912 0x1b4c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:16:07.0959 0x1b4c  LSI_SAS - ok
11:16:08.0021 0x1b4c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:16:08.0068 0x1b4c  LSI_SAS2 - ok
11:16:08.0146 0x1b4c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:16:08.0193 0x1b4c  LSI_SCSI - ok
11:16:08.0255 0x1b4c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:16:08.0395 0x1b4c  luafv - ok
11:16:08.0458 0x1b4c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:16:08.0520 0x1b4c  megasas - ok
11:16:08.0645 0x1b4c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:16:08.0707 0x1b4c  MegaSR - ok
11:16:08.0770 0x1b4c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:16:08.0817 0x1b4c  MEIx64 - ok
11:16:08.0879 0x1b4c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:16:09.0066 0x1b4c  MMCSS - ok
11:16:09.0175 0x1b4c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:16:09.0378 0x1b4c  Modem - ok
11:16:09.0441 0x1b4c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:16:09.0487 0x1b4c  monitor - ok
11:16:09.0581 0x1b4c  Motorola Device Manager - ok
11:16:09.0643 0x1b4c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:16:09.0690 0x1b4c  mouclass - ok
11:16:09.0706 0x1b4c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
11:16:09.0784 0x1b4c  mouhid - ok
11:16:09.0846 0x1b4c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:16:09.0893 0x1b4c  mountmgr - ok
11:16:09.0971 0x1b4c  [ D6F67A73E6557578B755F7B534E00F47, 769F3D6CB86B2DC4065BDE4CE39139879B7D96F455A3BE80C7ECEAD5494E8B79 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:16:10.0018 0x1b4c  MozillaMaintenance - ok
11:16:10.0096 0x1b4c  [ DA0FAEE45D6F03D7647851A20977A7D0, AFB1EA053CD4BCA903868896D020205D4C207C85314E6C56C4663922A3F9BD6A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:16:10.0158 0x1b4c  MpFilter - ok
11:16:10.0236 0x1b4c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:16:10.0314 0x1b4c  mpio - ok
11:16:10.0501 0x1b4c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:16:10.0689 0x1b4c  mpsdrv - ok
11:16:10.0969 0x1b4c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:16:11.0141 0x1b4c  MpsSvc - ok
11:16:11.0266 0x1b4c  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:16:11.0406 0x1b4c  MRxDAV - ok
11:16:11.0469 0x1b4c  [ B7FADA5E1E55BB63F90EB9F8F016113B, 33C2C898E4AD0CBD34D9A6CF51987A4703009E23CD9D4F4294BF444C4D3D5A60 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:16:11.0609 0x1b4c  mrxsmb - ok
11:16:11.0859 0x1b4c  [ 34AFF1849B3EC042C40C5EEC9D78562A, E3378A9977B429812C38529C562FE27945706ADB5E9E877C4A90B0285631A501 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:16:11.0999 0x1b4c  mrxsmb10 - ok
11:16:12.0061 0x1b4c  [ 058CE7A55E140EB0C72FBA6FD2FA72DE, B1D89E524A621BDCC464882EF621BDC7779BFCBCC9FD923D70DE130C41D0DB4C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:16:12.0171 0x1b4c  mrxsmb20 - ok
11:16:12.0217 0x1b4c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:16:12.0249 0x1b4c  msahci - ok
11:16:12.0342 0x1b4c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:16:12.0373 0x1b4c  msdsm - ok
11:16:12.0436 0x1b4c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:16:12.0576 0x1b4c  MSDTC - ok
11:16:12.0623 0x1b4c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:16:12.0779 0x1b4c  Msfs - ok
11:16:12.0826 0x1b4c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:16:12.0982 0x1b4c  mshidkmdf - ok
11:16:13.0029 0x1b4c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:16:13.0075 0x1b4c  msisadrv - ok
11:16:13.0122 0x1b4c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:16:13.0278 0x1b4c  MSiSCSI - ok
11:16:13.0294 0x1b4c  msiserver - ok
11:16:13.0356 0x1b4c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:16:13.0512 0x1b4c  MSKSSRV - ok
11:16:13.0668 0x1b4c  [ C66FE30BBA4604A06EE9E4180ABE4BD9, 43E60C15C05FF19082142BB9D1F29D1B3269AD4A7FB32AF109AE63FE5A6AA0A9 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:16:13.0715 0x1b4c  MsMpSvc - ok
11:16:13.0762 0x1b4c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:16:13.0887 0x1b4c  MSPCLOCK - ok
11:16:13.0918 0x1b4c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:16:14.0043 0x1b4c  MSPQM - ok
11:16:14.0121 0x1b4c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:16:14.0183 0x1b4c  MsRPC - ok
11:16:14.0214 0x1b4c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:16:14.0277 0x1b4c  mssmbios - ok
11:16:14.0323 0x1b4c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:16:14.0448 0x1b4c  MSTEE - ok
11:16:14.0495 0x1b4c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:16:14.0604 0x1b4c  MTConfig - ok
11:16:14.0651 0x1b4c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:16:14.0698 0x1b4c  Mup - ok
11:16:14.0823 0x1b4c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:16:15.0010 0x1b4c  napagent - ok
11:16:15.0088 0x1b4c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:16:15.0181 0x1b4c  NativeWifiP - ok
11:16:15.0603 0x1b4c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:16:15.0727 0x1b4c  NDIS - ok
11:16:15.0805 0x1b4c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:16:16.0008 0x1b4c  NdisCap - ok
11:16:16.0055 0x1b4c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:16:16.0180 0x1b4c  NdisTapi - ok
11:16:16.0258 0x1b4c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:16:16.0429 0x1b4c  Ndisuio - ok
11:16:16.0539 0x1b4c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:16:16.0741 0x1b4c  NdisWan - ok
11:16:16.0804 0x1b4c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:16:16.0960 0x1b4c  NDProxy - ok
11:16:17.0069 0x1b4c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:16:17.0287 0x1b4c  NetBIOS - ok
11:16:17.0506 0x1b4c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:16:17.0677 0x1b4c  NetBT - ok
11:16:17.0771 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] Netlogon        C:\Windows\system32\lsass.exe
11:16:17.0818 0x1b4c  Netlogon - ok
11:16:18.0005 0x1b4c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:16:18.0161 0x1b4c  Netman - ok
11:16:18.0333 0x1b4c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:16:18.0379 0x1b4c  NetMsmqActivator - ok
11:16:18.0411 0x1b4c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:16:18.0442 0x1b4c  NetPipeActivator - ok
11:16:18.0660 0x1b4c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:16:18.0801 0x1b4c  netprofm - ok
11:16:19.0456 0x1b4c  [ 4AC74EC2FE4F59A1D347AD4B4366CB87, 734B8BC9D90397454CA3A2BE709E1A13C93FC1F9C8A6A61BBEA8F32E569CE2A7 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
11:16:19.0861 0x1b4c  netr28x - ok
11:16:20.0002 0x1b4c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:16:20.0049 0x1b4c  NetTcpActivator - ok
11:16:20.0064 0x1b4c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:16:20.0095 0x1b4c  NetTcpPortSharing - ok
11:16:20.0220 0x1b4c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:16:20.0267 0x1b4c  nfrd960 - ok
11:16:20.0345 0x1b4c  [ 6D79C8CB73187FBEAAD1F680FADF98D3, 0075B2CCC4FFF929023F95686D7BBE32C0FCE05DEB2159C0784AF85D64E1B66E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:16:20.0407 0x1b4c  NisDrv - ok
11:16:20.0517 0x1b4c  [ B8F4F580638373FBF72F2B572446D294, A5CD9ABCA5CDC335D2C6FDCB81327B600150E45BB867B88859A00AF974B42F85 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:16:20.0579 0x1b4c  NisSrv - ok
11:16:20.0782 0x1b4c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:16:20.0938 0x1b4c  NlaSvc - ok
11:16:21.0000 0x1b4c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:16:21.0172 0x1b4c  Npfs - ok
11:16:21.0328 0x1b4c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:16:21.0546 0x1b4c  nsi - ok
11:16:21.0624 0x1b4c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:16:21.0765 0x1b4c  nsiproxy - ok
11:16:22.0311 0x1b4c  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:16:22.0529 0x1b4c  Ntfs - ok
11:16:22.0654 0x1b4c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:16:22.0794 0x1b4c  Null - ok
11:16:22.0888 0x1b4c  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
11:16:22.0997 0x1b4c  NVENETFD - ok
11:16:23.0106 0x1b4c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:16:23.0137 0x1b4c  nvraid - ok
11:16:23.0184 0x1b4c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:16:23.0247 0x1b4c  nvstor - ok
11:16:23.0309 0x1b4c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:16:23.0356 0x1b4c  nv_agp - ok
11:16:23.0418 0x1b4c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:16:23.0543 0x1b4c  ohci1394 - ok
11:16:23.0683 0x1b4c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:23.0746 0x1b4c  ose - ok
11:16:23.0902 0x1b4c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:23.0949 0x1b4c  ose64 - ok
11:16:25.0462 0x1b4c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:16:25.0977 0x1b4c  osppsvc - ok
11:16:26.0133 0x1b4c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:16:26.0335 0x1b4c  p2pimsvc - ok
11:16:26.0445 0x1b4c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:16:26.0632 0x1b4c  p2psvc - ok
11:16:26.0663 0x1b4c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
11:16:26.0725 0x1b4c  Parport - ok
11:16:26.0803 0x1b4c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:16:26.0850 0x1b4c  partmgr - ok
11:16:26.0928 0x1b4c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:16:27.0037 0x1b4c  PcaSvc - ok
11:16:27.0100 0x1b4c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:16:27.0147 0x1b4c  pci - ok
11:16:27.0209 0x1b4c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:16:27.0271 0x1b4c  pciide - ok
11:16:27.0349 0x1b4c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:16:27.0427 0x1b4c  pcmcia - ok
11:16:27.0474 0x1b4c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:16:27.0537 0x1b4c  pcw - ok
11:16:27.0864 0x1b4c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:16:28.0051 0x1b4c  PEAUTH - ok
11:16:32.0388 0x1b4c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:16:32.0544 0x1b4c  PerfHost - ok
11:16:32.0809 0x1b4c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:16:33.0106 0x1b4c  pla - ok
11:16:33.0340 0x1b4c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:16:33.0511 0x1b4c  PlugPlay - ok
11:16:33.0558 0x1b4c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:16:33.0636 0x1b4c  PNRPAutoReg - ok
11:16:33.0761 0x1b4c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:16:33.0823 0x1b4c  PNRPsvc - ok
11:16:34.0089 0x1b4c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:16:34.0291 0x1b4c  PolicyAgent - ok
11:16:34.0354 0x1b4c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:16:34.0541 0x1b4c  Power - ok
11:16:34.0635 0x1b4c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:16:34.0775 0x1b4c  PptpMiniport - ok
11:16:34.0822 0x1b4c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
11:16:34.0962 0x1b4c  Processor - ok
11:16:35.0103 0x1b4c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:16:35.0212 0x1b4c  ProfSvc - ok
11:16:35.0227 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:16:35.0259 0x1b4c  ProtectedStorage - ok
11:16:35.0337 0x1b4c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:16:35.0477 0x1b4c  Psched - ok
11:16:35.0571 0x1b4c  [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
11:16:41.0436 0x1b4c  PST Service - detected UnsignedFile.Multi.Generic ( 1 )
11:16:41.0608 0x1b4c  Detect skipped due to KSN trusted
11:16:41.0608 0x1b4c  PST Service - ok
11:16:42.0045 0x1b4c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:16:42.0216 0x1b4c  ql2300 - ok
11:16:42.0325 0x1b4c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:16:42.0372 0x1b4c  ql40xx - ok
11:16:42.0450 0x1b4c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:16:42.0591 0x1b4c  QWAVE - ok
11:16:42.0653 0x1b4c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:16:42.0747 0x1b4c  QWAVEdrv - ok
11:16:42.0778 0x1b4c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:16:42.0981 0x1b4c  RasAcd - ok
11:16:43.0059 0x1b4c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:16:43.0215 0x1b4c  RasAgileVpn - ok
11:16:43.0277 0x1b4c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:16:43.0433 0x1b4c  RasAuto - ok
11:16:43.0480 0x1b4c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:16:43.0605 0x1b4c  Rasl2tp - ok
11:16:43.0683 0x1b4c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:16:43.0963 0x1b4c  RasMan - ok
11:16:44.0026 0x1b4c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:16:44.0213 0x1b4c  RasPppoe - ok
11:16:44.0275 0x1b4c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:16:44.0431 0x1b4c  RasSstp - ok
11:16:44.0603 0x1b4c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:16:44.0790 0x1b4c  rdbss - ok
11:16:44.0868 0x1b4c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:16:44.0977 0x1b4c  rdpbus - ok
11:16:45.0009 0x1b4c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:16:45.0133 0x1b4c  RDPCDD - ok
11:16:45.0211 0x1b4c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:16:45.0274 0x1b4c  RDPENCDD - ok
11:16:45.0336 0x1b4c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:16:45.0445 0x1b4c  RDPREFMP - ok
11:16:45.0555 0x1b4c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:16:45.0991 0x1b4c  RdpVideoMiniport - ok
11:16:46.0132 0x1b4c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:16:46.0428 0x1b4c  RDPWD - ok
11:16:46.0537 0x1b4c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:16:46.0600 0x1b4c  rdyboost - ok
11:16:46.0647 0x1b4c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:16:46.0834 0x1b4c  RemoteAccess - ok
11:16:46.0881 0x1b4c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:16:47.0052 0x1b4c  RemoteRegistry - ok
11:16:47.0099 0x1b4c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:16:47.0255 0x1b4c  RpcEptMapper - ok
11:16:47.0302 0x1b4c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:16:47.0411 0x1b4c  RpcLocator - ok
11:16:47.0505 0x1b4c  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
11:16:47.0583 0x1b4c  RpcSs - ok
11:16:47.0629 0x1b4c  [ 1BDF0DFB56603888E7BA07A99BFF3C97, 45E84E79EF3E3757CB98F7B1956190E681D697581D3AC6E6315724190634B022 ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
11:16:47.0676 0x1b4c  RSP2STOR - ok
11:16:47.0723 0x1b4c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:16:47.0832 0x1b4c  rspndr - ok
11:16:48.0051 0x1b4c  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:16:48.0144 0x1b4c  RTL8167 - ok
11:16:48.0175 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] SamSs           C:\Windows\system32\lsass.exe
11:16:48.0222 0x1b4c  SamSs - ok
11:16:48.0316 0x1b4c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:16:48.0347 0x1b4c  SASDIFSV - ok
11:16:48.0441 0x1b4c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:16:48.0503 0x1b4c  SASKUTIL - ok
11:16:48.0628 0x1b4c  [ 94F796EFADEBE7C7D01B2107E05AADBD, E837078E7FC8CDCB6078FD8AA4E9B6782E983F960F8A3D757E8BD2B41C587672 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
11:16:48.0690 0x1b4c  SbieDrv - ok
11:16:48.0721 0x1b4c  [ F667F09DBC444EB572A231BF9AA3821E, 4F31763C6D0878950333E6AFE77497CD51C000ED597A44CE46E351F6883383E4 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
11:16:48.0768 0x1b4c  SbieSvc - ok
11:16:48.0846 0x1b4c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:16:48.0893 0x1b4c  sbp2port - ok
11:16:49.0018 0x1b4c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:16:49.0189 0x1b4c  SCardSvr - ok
11:16:49.0377 0x1b4c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:16:49.0501 0x1b4c  scfilter - ok
11:16:49.0626 0x1b4c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
11:16:49.0969 0x1b4c  Schedule - ok
11:16:50.0032 0x1b4c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:16:50.0125 0x1b4c  SCPolicySvc - ok
11:16:50.0250 0x1b4c  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:16:50.0344 0x1b4c  sdbus - ok
11:16:50.0437 0x1b4c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:16:50.0531 0x1b4c  SDRSVC - ok
11:16:50.0547 0x1b4c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:16:50.0656 0x1b4c  secdrv - ok
11:16:50.0765 0x1b4c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
11:16:50.0905 0x1b4c  seclogon - ok
11:16:50.0999 0x1b4c  [ 07F83829E7429E60298440CD1E601A6A, 9F1229CD8DD9092C27A01F5D56E3C0D59C2BB9F0139ABF042E56F343637FDA33 ] semav6msr64     C:\Windows\system32\drivers\semav6msr64.sys
11:16:51.0093 0x1b4c  semav6msr64 - ok
11:16:51.0217 0x1b4c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
11:16:51.0342 0x1b4c  SENS - ok
11:16:51.0405 0x1b4c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:16:51.0514 0x1b4c  SensrSvc - ok
11:16:51.0545 0x1b4c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:16:51.0607 0x1b4c  Serenum - ok
11:16:51.0685 0x1b4c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
11:16:51.0779 0x1b4c  Serial - ok
11:16:51.0841 0x1b4c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:16:51.0951 0x1b4c  sermouse - ok
11:16:51.0997 0x1b4c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:16:52.0153 0x1b4c  SessionEnv - ok
11:16:52.0231 0x1b4c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:16:52.0309 0x1b4c  sffdisk - ok
11:16:52.0341 0x1b4c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:16:52.0434 0x1b4c  sffp_mmc - ok
11:16:52.0543 0x1b4c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:16:52.0621 0x1b4c  sffp_sd - ok
11:16:52.0746 0x1b4c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:16:52.0824 0x1b4c  sfloppy - ok
11:16:52.0980 0x1b4c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:16:53.0261 0x1b4c  SharedAccess - ok
11:16:53.0557 0x1b4c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:16:53.0791 0x1b4c  ShellHWDetection - ok
11:16:53.0901 0x1b4c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:16:53.0947 0x1b4c  SiSRaid2 - ok
11:16:54.0041 0x1b4c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:16:54.0103 0x1b4c  SiSRaid4 - ok
11:16:54.0275 0x1b4c  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:16:54.0353 0x1b4c  SkypeUpdate - ok
11:16:54.0431 0x1b4c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:16:54.0587 0x1b4c  Smb - ok
11:16:54.0712 0x1b4c  [ AA17A14DA3B572C886D8064C72E9CC50, B0283DE568FDDEF96280FB403C31A804A935CFA099E7694BC00D700F4565E7FB ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver.sys
11:16:54.0743 0x1b4c  SmbDrv - ok
11:16:54.0805 0x1b4c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:16:54.0915 0x1b4c  SNMPTRAP - ok
11:16:54.0977 0x1b4c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:16:55.0008 0x1b4c  spldr - ok
11:16:55.0305 0x1b4c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
11:16:55.0492 0x1b4c  Spooler - ok
11:16:56.0521 0x1b4c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:16:56.0927 0x1b4c  sppsvc - ok
11:16:57.0021 0x1b4c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:16:57.0223 0x1b4c  sppuinotify - ok
11:16:57.0442 0x1b4c  [ 055B0DE7BCDB14FB18279F09DCA07954, 94944F996F2F73233A96F8E766606EA5CCC7142EA2AF4BCEFD2603578F2B4A4A ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:16:57.0504 0x1b4c  SQLWriter - ok
11:16:57.0613 0x1b4c  [ 16897B0322DD56621DF5978131130AF2, C5A211F69C83B42909A24A52D9E3E49DA71EB966ACD435AF8DFFC6787DC41749 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:16:57.0816 0x1b4c  srv - ok
11:16:57.0910 0x1b4c  [ 978423DEC32318FFBCD76D01232AC0FF, 23193895107D2DDA0EA5199CB717ABC5BA0EAC1BC39DB08DE182869FF5AB627D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:16:58.0003 0x1b4c  srv2 - ok
11:16:58.0175 0x1b4c  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:16:58.0331 0x1b4c  SrvHsfHDA - ok
11:16:58.0830 0x1b4c  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:16:59.0080 0x1b4c  SrvHsfV92 - ok
11:16:59.0329 0x1b4c  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:16:59.0454 0x1b4c  SrvHsfWinac - ok
11:16:59.0610 0x1b4c  [ CB06B3D4659D744131E691B7B4CE6B2D, C27219DAC5E60716F8F34DCE1832C2CEF34FF47346F231EFE6AC346DF80C9E5A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:16:59.0813 0x1b4c  srvnet - ok
11:16:59.0844 0x1b4c  [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
11:16:59.0891 0x1b4c  sscdbus - ok
11:16:59.0938 0x1b4c  [ 4CB09E77593DBD8D7AF33B37375CA715, 7B14851A8EDAA996D28335FD4DA812C6114DD5012E1E929F4813797CDC77E5BC ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:16:59.0969 0x1b4c  sscdmdfl - ok
11:17:00.0063 0x1b4c  [ C7B4CF53497A6E5363F3439427663882, 993278ADAAC18F12FE00CCF76681461451DA335F67BB581FC7326045048EC085 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
11:17:00.0094 0x1b4c  sscdmdm - ok
11:17:00.0203 0x1b4c  [ 05FFA552F578E27AB2D41B6828DB477F, F3292A431D656C039F4300AA584FA13F26A69B351C2F903B3E47CEF464A6233A ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
11:17:00.0234 0x1b4c  sscdserd - ok
11:17:00.0328 0x1b4c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:17:00.0531 0x1b4c  SSDPSRV - ok
11:17:00.0687 0x1b4c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:17:00.0931 0x1b4c  SstpSvc - ok
11:17:01.0479 0x1b4c  [ 78AA0311C611F2537ACD4DD3C839E83D, 2E597D2F507AAA398AD0AE5D9A34794249DCBA00E391284F89BA91A16C82F957 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
11:17:01.0789 0x1b4c  STacSV - ok
11:17:01.0825 0x1b4c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:17:01.0865 0x1b4c  stexstor - ok
11:17:02.0088 0x1b4c  [ 9F21BBDA0227A08C86175C2AB5F17F70, 0077CD130DFB69C236823EFED495E1D74D8368DD34C5EE6A8435FEADA4F9EB94 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
11:17:02.0183 0x1b4c  STHDA - ok
11:17:02.0267 0x1b4c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:17:02.0413 0x1b4c  stisvc - ok
11:17:02.0429 0x1b4c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:17:02.0477 0x1b4c  swenum - ok
11:17:02.0626 0x1b4c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:17:02.0841 0x1b4c  swprv - ok
11:17:03.0036 0x1b4c  [ 321EA1320771419C0956DE50F270C3E5, A69B0DE540E9433E81245A50BC021FC1AF95E2D1EEE26B6A3C027FBC025A0F5E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:17:03.0092 0x1b4c  SynTP - ok
11:17:03.0507 0x1b4c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
11:17:03.0637 0x1b4c  SysMain - ok
11:17:03.0712 0x1b4c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:17:03.0814 0x1b4c  TabletInputService - ok
11:17:04.0017 0x1b4c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:17:04.0261 0x1b4c  TapiSrv - ok
11:17:04.0462 0x1b4c  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:17:04.0681 0x1b4c  Tcpip - ok
11:17:04.0888 0x1b4c  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:17:05.0064 0x1b4c  TCPIP6 - ok
11:17:05.0120 0x1b4c  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:17:05.0226 0x1b4c  tcpipreg - ok
11:17:05.0321 0x1b4c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:17:05.0438 0x1b4c  TDPIPE - ok
11:17:05.0481 0x1b4c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:17:05.0555 0x1b4c  TDTCP - ok
11:17:05.0618 0x1b4c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:17:05.0775 0x1b4c  tdx - ok
11:17:05.0808 0x1b4c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:17:05.0852 0x1b4c  TermDD - ok
11:17:05.0972 0x1b4c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
11:17:06.0122 0x1b4c  TermService - ok
11:17:06.0184 0x1b4c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:17:06.0340 0x1b4c  Themes - ok
11:17:06.0418 0x1b4c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:17:06.0543 0x1b4c  THREADORDER - ok
11:17:06.0621 0x1b4c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:17:06.0793 0x1b4c  TrkWks - ok
11:17:06.0949 0x1b4c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:17:07.0136 0x1b4c  TrustedInstaller - ok
11:17:07.0214 0x1b4c  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:07.0432 0x1b4c  tssecsrv - ok
11:17:07.0479 0x1b4c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:17:07.0588 0x1b4c  TsUsbFlt - ok
11:17:07.0666 0x1b4c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:17:07.0820 0x1b4c  TsUsbGD - ok
11:17:07.0897 0x1b4c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:17:07.0998 0x1b4c  tunnel - ok
11:17:08.0139 0x1b4c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:17:08.0198 0x1b4c  uagp35 - ok
11:17:08.0234 0x1b4c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:17:08.0382 0x1b4c  udfs - ok
11:17:08.0458 0x1b4c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:17:08.0569 0x1b4c  UI0Detect - ok
11:17:08.0622 0x1b4c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:17:08.0655 0x1b4c  uliagpkx - ok
11:17:08.0729 0x1b4c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:17:08.0800 0x1b4c  umbus - ok
11:17:08.0901 0x1b4c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:17:08.0980 0x1b4c  UmPass - ok
11:17:09.0257 0x1b4c  [ B097EBA0E3FEB020BB65FE43AF5ECCFF, B8FE680EE49B633F3FAFD81E8CE5063397774F63636C9F3C280815114A0ABD0F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:17:09.0368 0x1b4c  UNS - ok
11:17:09.0600 0x1b4c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:17:09.0842 0x1b4c  upnphost - ok
11:17:09.0893 0x1b4c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:17:09.0991 0x1b4c  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
11:17:10.0205 0x1b4c  Detect skipped due to KSN trusted
11:17:10.0205 0x1b4c  USBAAPL64 - ok
11:17:10.0258 0x1b4c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:10.0407 0x1b4c  usbccgp - ok
11:17:10.0473 0x1b4c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:17:10.0592 0x1b4c  usbcir - ok
11:17:10.0668 0x1b4c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:17:10.0738 0x1b4c  usbehci - ok
11:17:10.0822 0x1b4c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:17:10.0863 0x1b4c  usbhub - ok
11:17:10.0882 0x1b4c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:17:10.0960 0x1b4c  usbohci - ok
11:17:11.0022 0x1b4c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:17:11.0081 0x1b4c  usbprint - ok
11:17:11.0128 0x1b4c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
11:17:11.0242 0x1b4c  usbscan - ok
11:17:11.0283 0x1b4c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
11:17:11.0375 0x1b4c  USBSTOR - ok
11:17:11.0417 0x1b4c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:17:11.0501 0x1b4c  usbuhci - ok
11:17:11.0612 0x1b4c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:17:11.0729 0x1b4c  usbvideo - ok
11:17:11.0761 0x1b4c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:17:11.0900 0x1b4c  UxSms - ok
11:17:11.0929 0x1b4c  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] VaultSvc        C:\Windows\system32\lsass.exe
11:17:11.0953 0x1b4c  VaultSvc - ok
11:17:12.0239 0x1b4c  [ 3EEBF3C348C3DEB4CF6F10F2E6E222CD, 5D85364945ABF28965C7AD75A0EAD54EDBC8C72D64BB3E82D7FDAAD63BDB564E ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
11:17:12.0292 0x1b4c  VClone - ok
11:17:12.0333 0x1b4c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:17:12.0381 0x1b4c  vdrvroot - ok
11:17:12.0536 0x1b4c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:17:12.0792 0x1b4c  vds - ok
11:17:12.0868 0x1b4c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:12.0929 0x1b4c  vga - ok
11:17:12.0975 0x1b4c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:17:13.0147 0x1b4c  VgaSave - ok
11:17:13.0178 0x1b4c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:17:13.0256 0x1b4c  vhdmp - ok
11:17:13.0303 0x1b4c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:17:13.0350 0x1b4c  viaide - ok
11:17:13.0397 0x1b4c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:17:13.0443 0x1b4c  volmgr - ok
11:17:13.0553 0x1b4c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:17:13.0615 0x1b4c  volmgrx - ok
11:17:13.0740 0x1b4c  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:17:13.0818 0x1b4c  volsnap - ok
11:17:14.0052 0x1b4c  [ 9B4F6978628D07FAEBF77FF6F8F2960D, FC36FE6BE77445D55E4E92CE3EAF172E253EC8CF8D2EBCA204969CF21FFA5600 ] VsEtwService120 C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
11:17:14.0099 0x1b4c  VsEtwService120 - ok
11:17:14.0161 0x1b4c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:17:14.0208 0x1b4c  vsmraid - ok
11:17:14.0645 0x1b4c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:17:14.0925 0x1b4c  VSS - ok
11:17:15.0003 0x1b4c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:17:15.0081 0x1b4c  vwifibus - ok
11:17:15.0128 0x1b4c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:17:15.0191 0x1b4c  vwififlt - ok
11:17:15.0347 0x1b4c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:17:15.0674 0x1b4c  W32Time - ok
11:17:15.0893 0x1b4c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
11:17:16.0002 0x1b4c  W3SVC - ok
11:17:16.0049 0x1b4c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:17:16.0111 0x1b4c  WacomPen - ok
11:17:16.0158 0x1b4c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:17:16.0283 0x1b4c  WANARP - ok
11:17:16.0329 0x1b4c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:17:16.0407 0x1b4c  Wanarpv6 - ok
11:17:16.0501 0x1b4c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
11:17:16.0548 0x1b4c  WAS - ok
11:17:16.0862 0x1b4c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:17:17.0085 0x1b4c  WatAdminSvc - ok
11:17:17.0285 0x1b4c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:17:17.0692 0x1b4c  wbengine - ok
11:17:17.0749 0x1b4c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:17:17.0957 0x1b4c  WbioSrvc - ok
11:17:18.0180 0x1b4c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:17:18.0279 0x1b4c  wcncsvc - ok
11:17:18.0325 0x1b4c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:17:18.0613 0x1b4c  WcsPlugInService - ok
11:17:18.0640 0x1b4c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
11:17:18.0676 0x1b4c  Wd - ok
11:17:18.0856 0x1b4c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:17:18.0941 0x1b4c  Wdf01000 - ok
11:17:19.0025 0x1b4c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:17:19.0227 0x1b4c  WdiServiceHost - ok
11:17:19.0240 0x1b4c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:17:19.0281 0x1b4c  WdiSystemHost - ok
11:17:19.0414 0x1b4c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
11:17:19.0602 0x1b4c  WebClient - ok
11:17:19.0722 0x1b4c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:17:19.0977 0x1b4c  Wecsvc - ok
11:17:20.0012 0x1b4c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:17:20.0221 0x1b4c  wercplsupport - ok
11:17:20.0334 0x1b4c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:17:20.0487 0x1b4c  WerSvc - ok
11:17:20.0549 0x1b4c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:20.0635 0x1b4c  WfpLwf - ok
11:17:20.0674 0x1b4c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:17:20.0701 0x1b4c  WIMMount - ok
11:17:20.0724 0x1b4c  WinDefend - ok
11:17:20.0756 0x1b4c  WinHttpAutoProxySvc - ok
11:17:21.0193 0x1b4c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:17:21.0367 0x1b4c  Winmgmt - ok
11:17:21.0884 0x1b4c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
11:17:22.0274 0x1b4c  WinRM - ok
11:17:22.0368 0x1b4c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
11:17:22.0430 0x1b4c  WinUsb - ok
11:17:22.0695 0x1b4c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:17:22.0805 0x1b4c  Wlansvc - ok
11:17:23.0756 0x1b4c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:17:24.0037 0x1b4c  wlidsvc - ok
11:17:24.0162 0x1b4c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:17:24.0224 0x1b4c  WmiAcpi - ok
11:17:24.0349 0x1b4c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:17:24.0489 0x1b4c  wmiApSrv - ok
11:17:24.0521 0x1b4c  WMPNetworkSvc - ok
11:17:24.0567 0x1b4c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:17:24.0739 0x1b4c  WPCSvc - ok
11:17:24.0770 0x1b4c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:17:24.0817 0x1b4c  WPDBusEnum - ok
11:17:24.0879 0x1b4c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:17:25.0129 0x1b4c  ws2ifsl - ok
11:17:25.0441 0x1b4c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
11:17:25.0659 0x1b4c  wscsvc - ok
11:17:25.0675 0x1b4c  WSearch - ok
11:17:26.0174 0x1b4c  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:17:26.0642 0x1b4c  wuauserv - ok
11:17:26.0689 0x1b4c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:17:26.0767 0x1b4c  WudfPf - ok
11:17:26.0907 0x1b4c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:17:26.0985 0x1b4c  WUDFRd - ok
11:17:27.0079 0x1b4c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:17:27.0251 0x1b4c  wudfsvc - ok
11:17:27.0407 0x1b4c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:17:27.0609 0x1b4c  WwanSvc - ok
11:17:27.0625 0x1b4c  ================ Scan global ===============================
11:17:27.0672 0x1b4c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
11:17:27.0875 0x1b4c  [ 9A4F78635634A939EF3B02003E44657B, F24359B8ECB3EF506C190928B81830CCE0D8C3C4B420A8149379DC6F03042A4C ] C:\Windows\system32\winsrv.dll
11:17:28.0015 0x1b4c  [ 9A4F78635634A939EF3B02003E44657B, F24359B8ECB3EF506C190928B81830CCE0D8C3C4B420A8149379DC6F03042A4C ] C:\Windows\system32\winsrv.dll
11:17:28.0077 0x1b4c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:17:28.0280 0x1b4c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
11:17:28.0327 0x1b4c  [ Global ] - ok
11:17:28.0327 0x1b4c  ================ Scan MBR ==================================
11:17:28.0343 0x1b4c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:17:30.0199 0x1b4c  \Device\Harddisk0\DR0 - ok
11:17:30.0199 0x1b4c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
11:17:30.0324 0x1b4c  \Device\Harddisk1\DR3 - ok
11:17:30.0339 0x1b4c  ================ Scan VBR ==================================
11:17:30.0355 0x1b4c  [ DDC7E5F058114471926EFC75E50E4905 ] \Device\Harddisk0\DR0\Partition1
11:17:30.0402 0x1b4c  \Device\Harddisk0\DR0\Partition1 - ok
11:17:30.0433 0x1b4c  [ 43391C896959D85162FA7B1EC05773BF ] \Device\Harddisk0\DR0\Partition2
11:17:30.0495 0x1b4c  \Device\Harddisk0\DR0\Partition2 - ok
11:17:30.0542 0x1b4c  [ DC03AFEED05C1B7A7F23D95A0DC0026B ] \Device\Harddisk0\DR0\Partition3
11:17:30.0620 0x1b4c  \Device\Harddisk0\DR0\Partition3 - ok
11:17:30.0667 0x1b4c  [ B5B6BF595DFA7B67925C1B6FC9564129 ] \Device\Harddisk0\DR0\Partition4
11:17:30.0698 0x1b4c  \Device\Harddisk0\DR0\Partition4 - ok
11:17:30.0698 0x1b4c  [ 88876D73F75170D56FEF5852B74ACCEC ] \Device\Harddisk1\DR3\Partition1
11:17:30.0698 0x1b4c  \Device\Harddisk1\DR3\Partition1 - ok
11:17:30.0714 0x1b4c  ================ Scan generic autorun ======================
11:17:30.0714 0x1b4c  SynTPEnh - ok
11:17:30.0870 0x1b4c  [ DD7B4F9E6B71A599FEF4BD9DA0AE57C2, 6B22356F74F7ED069A3FC39C62326AA98A70D0E860A2EB29A6C46F4077FB567A ] c:\Program Files\Microsoft Security Client\msseces.exe
11:17:30.0963 0x1b4c  MSC - ok
11:17:31.0353 0x1b4c  [ B2C7F6295BBCA3DB364B9C858E131872, 1C2C22F2FA391D6CDD2BFFA7E25C9E0D54E0A6B76560F294767BF644FFC4B229 ] C:\Program Files\IDT\WDM\sttray64.exe
11:17:31.0603 0x1b4c  SysTrayApp - ok
11:17:31.0681 0x1b4c  [ 6BDA266E7B0748676137DA7199EFA433, 24EAEB9DBC457BF40F0135662CAAFF4FC6012566CD7FE32A3B740BA1ABAB34CF ] C:\Windows\system32\igfxtray.exe
11:17:31.0728 0x1b4c  IgfxTray - ok
11:17:31.0884 0x1b4c  [ 53D3BAE80B8E7979F24E1F7057FCA124, 84877265383DBA29F1F520CEA992522F0A13BA769E9DFACCF1EA7470605EE0CC ] C:\Windows\system32\hkcmd.exe
11:17:31.0946 0x1b4c  HotKeysCmds - ok
11:17:32.0087 0x1b4c  [ F1327AE7746727C5B0F977714DF137C5, EA230BA5FC47E58DB9C2721F8596A60232CB38DEA1B33968E17CE4F2F38E2774 ] C:\Windows\system32\igfxpers.exe
11:17:32.0165 0x1b4c  Persistence - ok
11:17:32.0321 0x1b4c  [ 6364FA7D825B600251A4D1DE7D6FF695, 1BEDD2E9DCE4C50FE7FE644D5DDD447DF79975D666CE128F945DD776E46AFC60 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
11:17:32.0399 0x1b4c  USB3MON - ok
11:17:32.0539 0x1b4c  [ 8A3B69683E63808719D24E1C68C21CC7, C27B2F3996B55619B45BDB332B0F3262A68CE7EEC78730C6D96B752D086C8B1D ] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
11:17:32.0648 0x1b4c  HPOSD - ok
11:17:32.0929 0x1b4c  [ D1C8B0DC04347B6B9B5B3B9204DF6756, DA4D1CC98DCDFDF674F83164843A6B4E8830232700BE13CC755F94638351DA8B ] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
11:17:33.0069 0x1b4c  HP CoolSense - ok
11:17:33.0459 0x1b4c  [ 6198A9BC15ED77F318D5DDD1918CF1D1, 6C7E619BB053F09021F5867E3A70A3A2890E2318CF1A5CE294A5F894CB3A4890 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
11:17:33.0553 0x1b4c  HP Quick Launch - ok
11:17:34.0005 0x1b4c  [ 163E43BC69AE78F468024EC2133C94A8, 782C79FA3A841FDC4F549A212E07C3B8397E1FBEE44833C0662FC7E43EA24997 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
11:17:34.0146 0x1b4c  SunJavaUpdateSched - ok
11:17:34.0146 0x1b4c  Sidebar - ok
11:17:34.0177 0x1b4c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:17:34.0364 0x1b4c  mctadmin - ok
11:17:34.0364 0x1b4c  Sidebar - ok
11:17:34.0380 0x1b4c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:17:34.0427 0x1b4c  mctadmin - ok
11:17:36.0470 0x1b4c  [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe
11:17:37.0250 0x1b4c  CCleaner Monitoring - ok
11:17:37.0437 0x1b4c  [ 671881F0428E460845D620C485527303, 66F3582C53FC66CBDC44D8113C2EB535B2DDCE0619C479B507CCE92515AE0E3C ] C:\Program Files\Sandboxie\SbieCtrl.exe
11:17:37.0500 0x1b4c  SandboxieControl - ok
11:17:38.0030 0x1b4c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe
11:17:38.0061 0x1b4c  Google Update - ok
11:17:39.0840 0x1b4c  [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe
11:17:40.0464 0x1b4c  CCleaner Monitoring - ok
11:17:41.0977 0x1b4c  [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe
11:17:42.0539 0x1b4c  CCleaner - ok
11:17:43.0116 0x1b4c  [ E4042BBEB0814CD5487CC65DAC5421E5, 3FD501AC7D59D7BA7E72544E122726CB944A91FBBBBECFFE8DC4D2C913894984 ] C:\Users\AJ\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
11:17:43.0225 0x1b4c  Epic Privacy Browser Installer - detected UnsignedFile.Multi.Generic ( 1 )
11:17:43.0397 0x1b4c  Detect skipped due to KSN trusted
11:17:43.0397 0x1b4c  Epic Privacy Browser Installer - ok
11:17:44.0787 0x1b4c  [ A84BB2D34EA36F5262D18CBE4C9DF574, 6E7DCEEBC0EA83F5FB372401AE32A605BFB4689C6E90904F35DA0A8A78FDD40C ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
11:17:46.0404 0x1b4c  SUPERAntiSpyware - ok
11:17:46.0416 0x1b4c  Sidebar - ok
11:17:46.0447 0x1b4c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:17:46.0480 0x1b4c  mctadmin - ok
11:17:46.0481 0x1b4c  Waiting for KSN requests completion. In queue: 1
11:17:48.0265 0x1b4c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.9.218.0 ), 0x61000 ( enabled : updated )
11:17:48.0333 0x1b4c  Win FW state via NFP2: enabled ( trusted )
11:17:48.0606 0x1b4c  ============================================================
11:17:48.0606 0x1b4c  Scan finished
11:17:48.0606 0x1b4c  ============================================================
11:17:48.0626 0x13d4  Detected object count: 0
11:17:48.0626 0x13d4  Actual detected object count: 0
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 02 September 2016 - 10:37 AM

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 BullDog61

BullDog61
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 02 September 2016 - 12:51 PM

Here is the Hitman info:

 

HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : JELLYBELLY
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : JellyBelly\Heza
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-09-02 12:49:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 20m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 16

   Objects scanned . . . : 2,477,274
   Files scanned . . . . : 82,506
   Remnants scanned  . . : 498,711 files / 1,896,057 keys

Suspicious files ____________________________________________________________

   C:\Users\Heza\Desktop\FRST64.exe
      Size . . . . . . . : 2,397,696 bytes
      Age  . . . . . . . : 8.7 days (2016-08-24 19:01:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EFF67DD0CB40498753A49A710C08A3A6376C7DE296D23B8AEF5D4221A6017692
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\AJ\AppData\Roaming\Google\Chrome\User Data\Default\Web Data

   C:\Windows\couponprinter_x64.ocx (CouponBar)
      Size . . . . . . . : 659,440 bytes
      Age  . . . . . . . : 701.8 days (2014-10-01 18:34:54)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 16F113CEDC474A35CB01584C45DCFC0988EFD6CB2D11472681CBCA2D2776ABA1
      Product  . . . . . : Coupons, Inc. Coupon Printer
      Description  . . . : Coupons, Inc. Coupon Printer 5.0.2.8
      Version  . . . . . : 5.0.2.8
      Copyright  . . . . : Copyright (C) 2015
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0

   HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKLM\SOFTWARE\Classes\coupons.couponprinter_x64.1\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
 

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 03 September 2016 - 10:35 AM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 BullDog61

BullDog61
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 04 September 2016 - 07:18 PM

Here is the first one:

 

# AdwCleaner v6.010 - Logfile created 04/09/2016 at 15:50:25
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-03.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Heza - JELLYBELLY
# Running from : C:\Users\Heza\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4530 Bytes] - [21/08/2016 19:32:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [997 Bytes] - [04/09/2016 15:50:25]
C:\AdwCleaner\AdwCleaner[R10].txt - [1969 Bytes] - [12/05/2014 10:38:01]
C:\AdwCleaner\AdwCleaner[R11].txt - [2204 Bytes] - [21/07/2014 07:18:05]
C:\AdwCleaner\AdwCleaner[R12].txt - [1998 Bytes] - [05/08/2014 20:37:58]
C:\AdwCleaner\AdwCleaner[R13].txt - [2438 Bytes] - [15/09/2014 09:33:38]
C:\AdwCleaner\AdwCleaner[R14].txt - [2738 Bytes] - [11/11/2014 10:17:14]
C:\AdwCleaner\AdwCleaner[R15].txt - [2581 Bytes] - [19/11/2014 14:29:49]
C:\AdwCleaner\AdwCleaner[R16].txt - [2317 Bytes] - [25/11/2014 17:17:40]
C:\AdwCleaner\AdwCleaner[R17].txt - [2273 Bytes] - [02/02/2015 18:17:22]
C:\AdwCleaner\AdwCleaner[R18].txt - [2334 Bytes] - [02/02/2015 18:22:21]
C:\AdwCleaner\AdwCleaner[R19].txt - [2718 Bytes] - [25/02/2015 12:10:21]
C:\AdwCleaner\AdwCleaner[R1].txt - [876 Bytes] - [10/09/2013 11:40:51]
C:\AdwCleaner\AdwCleaner[R20].txt - [2568 Bytes] - [03/03/2015 18:03:21]
C:\AdwCleaner\AdwCleaner[R21].txt - [2918 Bytes] - [08/04/2015 19:42:44]
C:\AdwCleaner\AdwCleaner[R22].txt - [24032 Bytes] - [23/04/2015 14:42:18]
C:\AdwCleaner\AdwCleaner[R23].txt - [2785 Bytes] - [11/08/2015 22:59:34]
C:\AdwCleaner\AdwCleaner[R24].txt - [2842 Bytes] - [12/08/2015 10:28:32]
C:\AdwCleaner\AdwCleaner[R25].txt - [3880 Bytes] - [14/10/2015 11:24:28]
C:\AdwCleaner\AdwCleaner[R26].txt - [3086 Bytes] - [02/11/2015 23:00:46]
C:\AdwCleaner\AdwCleaner[R27].txt - [3201 Bytes] - [19/11/2015 10:28:22]
C:\AdwCleaner\AdwCleaner[R2].txt - [1448 Bytes] - [21/09/2013 08:56:31]
C:\AdwCleaner\AdwCleaner[R3].txt - [1508 Bytes] - [23/09/2013 14:37:36]
C:\AdwCleaner\AdwCleaner[R4].txt - [1566 Bytes] - [30/09/2013 14:56:36]
C:\AdwCleaner\AdwCleaner[R5].txt - [1325 Bytes] - [10/11/2013 08:18:51]
C:\AdwCleaner\AdwCleaner[R6].txt - [1386 Bytes] - [27/11/2013 19:24:47]
C:\AdwCleaner\AdwCleaner[R7].txt - [2043 Bytes] - [29/04/2014 09:47:41]
C:\AdwCleaner\AdwCleaner[R8].txt - [1961 Bytes] - [29/04/2014 10:54:01]
C:\AdwCleaner\AdwCleaner[R9].txt - [2021 Bytes] - [29/04/2014 10:55:14]
C:\AdwCleaner\AdwCleaner[S10].txt - [2909 Bytes] - [12/08/2015 10:30:35]
C:\AdwCleaner\AdwCleaner[S11].txt - [3739 Bytes] - [14/10/2015 11:29:28]
C:\AdwCleaner\AdwCleaner[S12].txt - [3153 Bytes] - [02/11/2015 23:02:58]
C:\AdwCleaner\AdwCleaner[S13].txt - [3268 Bytes] - [19/11/2015 10:30:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [4822 Bytes] - [21/08/2016 15:52:02]
C:\AdwCleaner\AdwCleaner[S15].txt - [4896 Bytes] - [21/08/2016 19:31:48]
C:\AdwCleaner\AdwCleaner[S16].txt - [4310 Bytes] - [24/08/2016 12:19:01]
C:\AdwCleaner\AdwCleaner[S17].txt - [4512 Bytes] - [04/09/2016 15:40:51]
C:\AdwCleaner\AdwCleaner[S18].txt - [4586 Bytes] - [04/09/2016 15:46:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [2037 Bytes] - [12/05/2014 10:42:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [2303 Bytes] - [21/07/2014 07:32:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [2508 Bytes] - [15/09/2014 09:52:44]
C:\AdwCleaner\AdwCleaner[S4].txt - [3394 Bytes] - [11/11/2014 10:19:19]
C:\AdwCleaner\AdwCleaner[S5].txt - [2945 Bytes] - [19/11/2014 14:33:46]
C:\AdwCleaner\AdwCleaner[S6].txt - [2669 Bytes] - [25/11/2014 17:20:07]
C:\AdwCleaner\AdwCleaner[S7].txt - [2396 Bytes] - [02/02/2015 19:00:48]
C:\AdwCleaner\AdwCleaner[S8].txt - [6002 Bytes] - [25/02/2015 12:15:03]
C:\AdwCleaner\AdwCleaner[S9].txt - [3452 Bytes] - [23/04/2015 14:44:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4381 Bytes] ##########

 

And the final  FRSTAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Heza (04-09-2016 16:09:44)
Running from C:\Users\Heza\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-28 16:38:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3786442370-3606699375-2899197878-500 - Administrator - Disabled)
AJ (S-1-5-21-3786442370-3606699375-2899197878-1003 - Limited - Enabled) => C:\Users\AJ
Guest (S-1-5-21-3786442370-3606699375-2899197878-501 - Limited - Disabled)
Heza (S-1-5-21-3786442370-3606699375-2899197878-1000 - Administrator - Enabled) => C:\Users\Heza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998533681.48.56.35467074 - Audible, Inc.)
AzureTools.Notifications.VwdExpress (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 48.0.0.0 - 8pecxstudios)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Fast Duplicate File Finder 4.1.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.1.0.1 - MindGems, Inc.)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.8.0 - FlashPeak Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Garmin City Navigator North America NT 2015.40 (HKLM-x32\...\{FA3EB65C-FB8F-4C1D-BAC1-9EB29F537C56}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Analytics Opt-out Browser Add-on (HKLM\...\{82B280A2-521E-4D30-AF15-38CD6D5CB629}) (Version: 0.9.6.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
HD View (HKLM-x32\...\{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}) (Version: 3.3.0 - Microsoft Research)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Kenshoo Editor (HKLM\...\{66563492-1CC6-4DFB-80FF-788516E0284E}) (Version: 3.2.100 - Kenshoo)
Kenshoo Editor (HKLM-x32\...\{2A51139B-4779-4FEC-8F16-7DFBE8DCB88C}) (Version: 3.6.100 - Kenshoo)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio Express 2013 for Web (HKLM-x32\...\{650C1876-35BD-4D71-80F6-FBC7CA5F4B1C}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 48.0.2 (x86 en-US) (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Qualys BrowserCheck (HKLM-x32\...\{80112B33-B9C0-424C-8C9C-7684C238325E}) (Version: 1.1.1 - Qualys)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SleepyHead (HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\{c6a15b5c-223f-4a42-9800-52e3eda4d0a5}) (Version: 1.0.0-1 - Jedimark)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.9 - Tweaking.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3786442370-3606699375-2899197878-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12F53B00-925C-425C-AD95-18D1A537ACD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {16586A15-3058-4F8A-8DB2-C58EC4B8ECD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {2871755E-6C1D-4E5F-8FDA-DE522678EE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {2BD9CA5F-9D7A-40B8-9019-05B6912E02FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {402BBA9F-28BF-4332-BFCC-1A83646C4644} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {4D93867F-8F56-47A5-9A43-12D6D8A725BF} - System32\Tasks\{07693550-F0F7-4F8A-9D43-240A7C782E56} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.85.109/en/privacy
Task: {56529D77-3A4B-4815-94AB-09811CE0BB92} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {5DFA5025-2C43-470F-9575-865BFF58E011} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {5F1839CF-05F6-464B-BB8B-A7AAA181D1AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {60889A2E-636F-497F-94C4-ABAD7E3FEA78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {64F7ECCB-5421-4955-B962-F1B4CDC315BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {65511607-C7A1-4A45-AC0A-DAB4A8DEC7DC} - System32\Tasks\{323544BA-C4EE-45DC-99E2-9496E8ECD6BF} => pcalua.exe -a C:\Users\Heza\Downloads\sp66089.exe -d C:\Users\Heza\Downloads
Task: {65764FC0-1148-441B-8CED-E07BD30557BA} - System32\Tasks\{DA463DAF-EB52-4542-9FAC-3F84ED9D0209} => pcalua.exe -a C:\Users\Heza\Downloads\SUPERAntiSpyware.exe -d C:\Users\Heza\Downloads
Task: {65991DA3-561D-49AC-8302-7089008D59DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
Task: {74AF825D-F54A-409E-9B46-2CC586A01233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7CEB5F54-3258-477D-B486-D52B48F3EB75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {7F25EDF2-8F62-4657-8FB0-6AD58FDBEA2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {850DAB09-D6CE-48BF-A6AA-B856FBBBF119} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9B663958-9994-4808-BABB-2B0D986FA68E} - System32\Tasks\{F7509085-447B-448F-B10A-A5BE5CD7ED82} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.85.109/en/eula
Task: {9E3632B8-5B9F-4758-95DA-00330BCF6D3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {A52B5159-81B6-486C-90AC-1EF9DA36AE92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {A75CAC43-7087-4CCA-AF51-E74BCE545E48} - System32\Tasks\Opera scheduled Autoupdate 1385439310 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {AF567550-B6C8-4078-B7A1-076F9F661266} - System32\Tasks\HPCeeScheduleForHeza => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {B47D76D1-D0BE-446C-8E35-7BD6EA2982E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {BCF40D04-99EA-4FBC-9BCA-AD6963D9BEAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D668E073-3AEA-49CF-94D9-7C8BD3C5E55D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E28C5615-6623-4402-A831-809C5DC9734E} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {E5078EDF-45CB-4663-86FB-A88EF4AC45CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E5F61E3E-44BE-4754-A8C6-586EE91856B6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {EEAF6ABF-F550-41C6-8A3A-83A6C030BD5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F84B9E9B-7112-4A19-9D27-14EF857E1270} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {FDEFA813-5C5A-4E82-8485-109F57FAC56B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {FE9DD9D1-A21B-4F60-9B19-CDB3C1A52A45} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core.job => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA.job => C:\Users\Heza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core.job => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA.job => C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeza.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 11:44 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-26 11:27 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-12-13 02:40 - 2011-12-16 16:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-01-05 21:24 - 2012-01-05 21:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-11 07:08 - 2013-01-11 07:08 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2016-07-12 11:58 - 2016-07-12 11:58 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a8eeeddc97028a9f94d0518c22f4c2c\IsdiInterop.ni.dll
2012-12-13 02:40 - 2011-11-30 00:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-08-09 11:18 - 2016-08-05 11:51 - 00193224 _____ () C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\CPDFOCLink.fpi
2012-12-13 02:40 - 2011-12-16 14:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-23 19:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: DirMngr => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^Users^Heza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeyScrambler => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A947A1DB-F111-4BBD-B2F1-1515F6E019CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EEAFE27A-481D-43A9-8C2C-B4AC6784382A}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{B0C79ECC-44C3-400D-BD79-BB53759B8F0D}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{03892706-FEE1-4AD1-9F10-E9034CC41452}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{5D1A2BF8-9D6F-4529-A79A-C05F49A379FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{54DCE463-BAEA-4DB0-B5E7-07E6389983A3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{2B806167-24BC-432D-8785-2A57B95B6E18}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F7CEBD1D-DDBF-4680-A6A9-DC9F1268D9B4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A8BC71C7-A8C9-4620-9A64-201E2BC17E77}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{D17A1F62-4A96-484A-8CDF-F4D8C86E413D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{434F0D15-DEF0-4B01-9255-BADE2BC3A8C7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E48E2273-C1D7-4EEF-BFA8-809D5D68DEA9}] => (Allow) LPort=2869
FirewallRules: [{07AE2038-1D96-47C1-A561-2B005CEE83B5}] => (Allow) LPort=1900
FirewallRules: [{00231933-9EEC-4474-83E0-15DD9444D89D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{A46C612B-049B-4C7F-BFA5-B38244F983C1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{34E74EDC-D04C-44E0-B630-742CFC89DEF5}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8D8312CF-08D4-4E6B-AF4C-1AA74F77F8CE}] => (Allow) C:\Users\Heza\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B00C2D67-DBD3-4294-93A6-700016FC7F2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA2126EC-F5F3-4FF1-AAF2-8302E76D15AA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A47BCBE0-3D24-46F6-8B7A-1969F96154BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D5037CE2-6735-45F1-8796-B80C95116396}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7225A0D3-A788-489E-A4DB-BB7842BB3BD4}] => (Allow) LPort=1900
FirewallRules: [{53FE9826-5676-4DC3-8C7E-9FFC7657AC97}] => (Allow) LPort=1900
FirewallRules: [{6C11DA9D-B60B-485F-8839-E2C2370AA78F}] => (Allow) LPort=2869
FirewallRules: [{2A680651-F97B-4693-A7FA-D805EF8CD72D}] => (Allow) LPort=2869
FirewallRules: [{05228670-A90E-403A-8DCF-D667EEE87C6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{226BBEB7-C019-494D-838D-9902090C6F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24114541-DA91-456A-9B64-D802AABF380C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4E57F24A-4688-4133-9526-48BF2A138B1A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D79939EF-A711-415C-BA84-5D5F82D77861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B012820-D716-47A4-B79B-C9149029773D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A01C1DFB-6D72-4215-B472-3D433CAF3FAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81A6AECD-2AA7-4F78-BF01-C360B16EB805}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBFBDA2B-F6D5-4564-A15E-D96C22BDE966}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46A7C03C-6AD5-411B-9A35-6FA240CF839A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D6BBAF4-9985-4FD7-90F5-D0F1E8D696E3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{187444E6-FCAD-428B-9239-D7DB75D5BD7E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{24A821C3-E0ED-454D-9AB5-C41B0BC6B3B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7DF76DEE-2E6E-4E76-894C-073180F924E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{805960D1-A685-4975-BB5B-60399C543C82}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{814C19AA-B1E8-43DA-B9A6-72A466EB6A5A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7AB828A1-23D7-4C72-BC4C-E5F4E1B5B966}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A30304C-AB1D-4460-A135-19966BF9A135}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{167667AF-8C62-451B-AC62-01373C7BECCF}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe

==================== Restore Points =========================

23-08-2016 22:58:11 Windows Update
26-08-2016 11:21:06 Revo Uninstaller's restore point - Motorola Device Manager
26-08-2016 11:21:50 Revo Uninstaller's restore point - Motorola Device Manager
26-08-2016 11:24:17 Revo Uninstaller's restore point - Google Sitemap Generator (Beta)
26-08-2016 11:24:37 Removed Google Sitemap Generator (Beta)
27-08-2016 10:33:05 Windows Update
31-08-2016 09:24:36 Windows Update
31-08-2016 13:11:55 JRT Pre-Junkware Removal
31-08-2016 16:08:27 Windows Backup
03-09-2016 12:11:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2016 08:00:18 PM) (Source: Google Sitemap) (EventID: 1) (User: )
Description: Event-ID 1

Error: (09/01/2016 08:00:18 PM) (Source: Google Sitemap) (EventID: 1) (User: )
Description: Event-ID 1

Error: (09/01/2016 07:33:51 PM) (Source: Google Sitemap) (EventID: 1) (User: )
Description: Event-ID 1

Error: (09/01/2016 07:33:51 PM) (Source: Google Sitemap) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/31/2016 05:40:54 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while trying to read from the shadow copy on one of the volumes being backed up. Please check in the event logs for any relevant errors. (0x81000037).

Error: (08/29/2016 08:16:42 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/26/2016 02:07:04 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:07:03 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 13D2DBC

Error: (08/26/2016 02:06:34 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002

Error: (08/26/2016 02:06:33 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 122DBC


System errors:
=============
Error: (09/04/2016 03:56:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (09/04/2016 03:52:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Motorola Device Manager Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/04/2016 03:50:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/04/2016 03:50:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/04/2016 03:50:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/04/2016 03:50:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/04/2016 03:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/04/2016 03:50:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2016 03:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CASL Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2016 03:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-02-10 14:32:06.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 11:26:27.060
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.060
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.045
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:27.029
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.310
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.263
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.215
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:26.164
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-31 11:26:24.361
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3992.36 MB
Available physical RAM: 2290.98 MB
Total Virtual: 7982.9 MB
Available Virtual: 6358.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.57 GB) (Free:337.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.9 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (DARK HORSE) (Removable) (Total:7.45 GB) (Free:2.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7066FE53)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

There were two files in the orignal FRST scan under the Alternate Data Stream heading, but I deleted them; so, that section is clear now in the second scan.

 

Is there anything else I should do, or is everything good and set now? Thanks.

 

 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 05 September 2016 - 11:03 AM

Please post the FRST.txt as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 BullDog61

BullDog61
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 06 September 2016 - 11:30 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Heza (administrator) on JELLYBELLY (04-09-2016 16:08:48)
Running from C:\Users\Heza\Desktop
Loaded Profiles: Heza (Available Profiles: Heza & AJ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitReader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-02-28] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
GroupPolicyUsers\S-1-5-21-3786442370-3606699375-2899197878-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA88EC7C-3B2A-4860-B53B-7A17D530736E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB318B8C-7FEF-48ED-A3C3-0D5A059893E6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo.com/
SearchScopes: HKLM -> {5BB086CE-4194-4545-8DAA-06328E2E52A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxps://www.startpage.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @research.microsoft.com/HDView -> C:\Program Files (x86)\Microsoft Research\HD View\nphdview.dll [2009-07-13] (Microsoft Research)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @talk.google.com/O1DPlugin -> C:\Users\Heza\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3786442370-3606699375-2899197878-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heza\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Heza\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: (MaskMe) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\extensions\idme@abine.com [2016-09-01]
FF Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\2.0@disconnect.me.xpi [2016-04-29]
FF Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\https-everywhere-eff@eff.org.xpi [2016-09-02]
FF Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-26]
FF Extension: (Adblock Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: (Tab Mix Plus) - C:\Users\Heza\AppData\Roaming\Mozilla\Firefox\Profiles\g8v5g28t.default-1378828721964\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-08]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (OneTab) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-07-22]
CHR Extension: (Google Search) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (MaskMe) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2016-07-22]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2016-09-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Disconnect) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-04-10]
CHR Extension: (HP Network Check Helper) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-08-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]
CHR Extension: (Privacy Badger) - C:\Users\Heza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-09-01]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-06-08]
OPR Extension: (HTTPS Everywhere) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-07-28]
OPR Extension: (WOT) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-12-18]
OPR Extension: (Disconnect) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-06]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Heza\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-27] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-02] (GFI Software)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-27] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 16:08 - 2016-09-04 16:09 - 00031827 _____ C:\Users\Heza\Desktop\FRST.txt
2016-09-04 13:55 - 2016-09-04 13:55 - 00149340 _____ C:\Users\Heza\Desktop\www.meijermadness.com_wp-content_plugins_printable-lists_includes_printer.pdf
2016-09-04 13:21 - 2016-09-04 13:21 - 03826240 _____ C:\Users\Heza\Desktop\AdwCleaner.exe
2016-09-02 16:08 - 2016-09-02 16:08 - 00155187 _____ C:\Users\Heza\Desktop\Print.pdf
2016-09-02 12:49 - 2016-09-02 13:50 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-02 12:49 - 2016-09-02 12:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-02 12:46 - 2016-09-02 12:47 - 11438608 _____ (SurfRight B.V.) C:\Users\Heza\Desktop\HitmanPro_x64.exe
2016-09-02 11:14 - 2016-09-02 11:26 - 00223044 ____C C:\TDSSKiller.3.1.0.11_02.09.2016_11.14.22_log.txt
2016-09-02 11:13 - 2016-09-02 11:13 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heza\Desktop\tdsskiller(1).exe
2016-09-01 19:58 - 2016-09-03 18:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 13:10 - 2016-08-31 13:10 - 01610560 _____ (Malwarebytes) C:\Users\Heza\Downloads\JRT(1).exe
2016-08-31 13:07 - 2016-08-31 13:10 - 248179136 _____ C:\Users\Heza\Downloads\EmsisoftEmergencyKit.exe
2016-08-28 09:07 - 2016-08-28 09:08 - 00221760 ____C C:\TDSSKiller.3.1.0.11_28.08.2016_09.07.48_log.txt
2016-08-26 13:17 - 2016-08-26 13:17 - 00000000 ____D C:\Users\Heza\AppData\Local\HP_Development_Company,_L
2016-08-26 12:13 - 2016-08-26 12:13 - 00081447 _____ C:\Users\Heza\Downloads\40251 (2).pdf
2016-08-26 12:04 - 2016-08-26 12:04 - 00188946 _____ C:\Users\Heza\Downloads\44280 (1).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (3).pdf
2016-08-26 12:03 - 2016-08-26 12:03 - 01887392 _____ C:\Users\Heza\Downloads\40252 (2).pdf
2016-08-26 12:01 - 2016-08-26 12:01 - 00188946 _____ C:\Users\Heza\Downloads\44280.pdf
2016-08-26 11:33 - 2016-08-26 11:33 - 00001773 _____ C:\Users\Heza\Downloads\MakeItAheadABarefootContessaCookbook9780770434496.acsm
2016-08-25 20:50 - 2016-08-25 21:17 - 00000000 ____D C:\Users\Heza\Downloads\Photos (9)
2016-08-25 20:12 - 2016-08-25 20:12 - 03453831 _____ C:\Users\Heza\Downloads\Photos (9).zip
2016-08-24 19:12 - 2016-09-04 16:08 - 00000000 ___DC C:\FRST
2016-08-24 19:12 - 2016-08-24 19:12 - 00000000 _____ C:\Users\Heza\defogger_reenable
2016-08-24 19:10 - 2016-08-24 19:10 - 00050477 _____ C:\Users\Heza\Downloads\Defogger.exe
2016-08-24 19:01 - 2016-08-31 09:43 - 02397696 ____C (Farbar) C:\Users\Heza\Desktop\FRST64.exe
2016-08-24 12:43 - 2016-08-24 12:45 - 00223050 ____C C:\TDSSKiller.3.1.0.11_24.08.2016_12.43.31_log.txt
2016-08-24 12:42 - 2016-08-24 12:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heza\Downloads\tdsskiller.exe
2016-08-23 19:16 - 2016-08-23 19:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JELLYBELLY-Windows-7-Home-Premium-(64-bit).dat
2016-08-23 19:16 - 2016-08-23 19:16 - 00000000 ___DC C:\RegBackup
2016-08-23 11:32 - 2016-08-28 08:56 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-23 11:32 - 2016-08-23 11:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-23 11:03 - 2016-08-23 11:03 - 00002231 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-08-23 10:55 - 2016-08-23 10:55 - 00000000 ____D C:\ProgramData\HP Inc
2016-08-23 10:23 - 2016-08-23 10:24 - 29014040 _____ (Tweaking.com) C:\Users\Heza\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-08-23 10:14 - 2016-08-23 10:14 - 04039392 _____ (Oleg N. Scherbakov) C:\Users\Heza\Downloads\HPSupportSolutionsFramework-12.5.26.37.exe
2016-08-23 10:05 - 2016-08-23 10:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heza\Downloads\mbar-1.09.3.1001 (1).exe
2016-08-21 17:08 - 2016-08-21 17:08 - 00000392 _____ C:\Users\AJ\Desktop\Drs.txt
2016-08-21 15:47 - 2016-08-24 12:45 - 00000000 ____D C:\Users\Heza\AppData\Local\ESET
2016-08-21 15:44 - 2016-08-21 15:45 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Heza\Downloads\esetonlinescanner_enu.exe
2016-08-20 21:51 - 2016-08-20 21:51 - 00188946 _____ C:\Users\Heza\Documents\Hillsdale College Transcript - 2004.pdf
2016-08-20 21:45 - 2016-08-20 21:45 - 01887392 _____ C:\Users\Heza\Downloads\BJU Records Office_20140924_120537 (1).pdf
2016-08-20 21:44 - 2016-08-20 21:44 - 01066944 _____ C:\Users\Heza\Downloads\40252 (1).pdf
2016-08-20 21:43 - 2016-08-20 21:43 - 01066944 _____ C:\Users\Heza\Downloads\40252.pdf
2016-08-20 21:23 - 2016-08-20 21:23 - 00085081 _____ C:\Users\Heza\Downloads\40251 (1).pdf
2016-08-20 19:20 - 2016-08-20 19:20 - 04604101 _____ C:\Users\Heza\Downloads\BJU Press Footsteps for Fours VPK Overview, 03-22-12.pdf
2016-08-20 17:07 - 2016-08-20 17:08 - 01277828 _____ C:\Users\Heza\Downloads\email-890342951.zip
2016-08-20 10:19 - 2016-08-19 20:32 - 00073623 _____ C:\Users\Heza\Documents\Online Customer Service.pdf
2016-08-20 10:19 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Documents\Order Decline.pdf
2016-08-20 10:19 - 2016-08-12 13:35 - 00000715 _____ C:\Users\Heza\Documents\2.txt
2016-08-20 10:18 - 2016-08-20 10:20 - 00000000 ____D C:\Users\Heza\Documents\Med Re
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\REviews
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\Internet
2016-08-20 10:18 - 2016-08-20 10:18 - 00000000 ____D C:\Users\Heza\Documents\CouponsReceipts
2016-08-19 22:10 - 2016-08-19 22:10 - 00000000 ____D C:\Users\Heza\AppData\Local\Intel
2016-08-19 22:10 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-19 22:08 - 2016-08-19 22:08 - 07491840 _____ (Intel) C:\Users\Heza\Downloads\Intel Driver Update Utility Installer.exe
2016-08-19 17:30 - 2016-08-19 20:44 - 00099975 _____ C:\Users\Heza\Downloads\External Auth form May 2016.pdf
2016-08-17 16:25 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-08-17 16:25 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-08-17 16:25 - 2016-05-16 19:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-08-17 16:25 - 2016-05-16 19:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-08-17 16:25 - 2016-05-16 19:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-08-17 16:25 - 2016-05-16 19:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-08-17 16:25 - 2016-05-16 19:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-08-17 16:25 - 2016-05-16 17:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-08-17 16:25 - 2016-05-16 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-08-17 16:25 - 2016-05-16 17:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-08-17 16:25 - 2016-05-16 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-08-17 16:25 - 2016-05-16 17:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-08-17 16:25 - 2016-05-16 17:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-08-17 16:25 - 2016-05-16 17:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-17 16:25 - 2016-05-16 17:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-17 16:25 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-08-17 16:25 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-17 16:25 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-17 16:25 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-08-17 16:25 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-17 16:25 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-17 16:25 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-17 16:25 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-08-17 16:25 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-17 16:25 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-17 16:25 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-17 16:25 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-17 16:25 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-17 10:16 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-08-17 10:16 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-08-17 10:16 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-08-17 10:16 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-17 10:16 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-08-17 10:16 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-08-17 10:16 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-08-17 08:33 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:33 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-15 16:44 - 2016-08-16 12:53 - 00000178 _____ C:\Users\Heza\Documents\Weeds.txt
2016-08-15 16:18 - 2016-08-15 16:18 - 04278000 _____ C:\Users\Heza\Downloads\mp521 (1).pdf
2016-08-15 16:06 - 2016-08-15 16:06 - 04278000 _____ C:\Users\Heza\Downloads\mp521.pdf
2016-08-15 15:41 - 2016-08-15 15:41 - 00762330 _____ C:\Users\Heza\Downloads\lambsquarter07-1jdcqvi.pdf
2016-08-14 21:36 - 2016-08-14 21:36 - 00153629 _____ C:\Users\Heza\Desktop\Order Decline.pdf
2016-08-14 20:53 - 2016-08-14 20:53 - 01619612 _____ C:\Users\Heza\Downloads\browserSettings.pdf
2016-08-12 13:22 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 13:22 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 13:22 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-12 13:22 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-12 13:22 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-12 13:22 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-12 13:22 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-12 13:22 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 13:22 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-12 13:22 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-12 13:22 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-12 13:22 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 13:22 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-12 13:22 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-12 13:22 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-12 13:22 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-12 13:22 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 13:22 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-12 13:22 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-12 13:22 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-12 13:22 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-12 13:22 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-12 13:22 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-12 13:22 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-12 13:22 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 13:22 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 13:22 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-12 13:22 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 13:22 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 13:22 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 13:22 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 13:21 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 13:21 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-12 13:21 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-12 13:21 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-12 13:21 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 13:21 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-12 13:21 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 13:21 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-12 13:21 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-12 13:21 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 13:21 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-12 13:21 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 13:21 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-12 13:21 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 13:21 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-12 13:21 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-12 13:21 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 13:21 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 13:17 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-12 13:17 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-12 13:17 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-12 13:17 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-12 13:17 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-12 13:17 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-12 13:17 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-12 13:17 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-12 13:17 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-12 13:17 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-12 13:13 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-12 11:20 - 2016-09-04 15:52 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHeza.job
2016-08-12 11:20 - 2016-09-02 11:33 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeza
2016-08-09 11:19 - 2016-08-09 11:19 - 00002149 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-08-09 11:19 - 2016-08-09 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-08-08 10:03 - 2016-08-08 10:03 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-08-08 10:03 - 2016-08-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-08 10:02 - 2016-08-08 10:02 - 26870536 _____ (SUPERAntiSpyware) C:\Users\AJ\Downloads\SUPERAntiSpyware.exe
2016-08-08 08:48 - 2016-08-08 08:48 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2016-08-08 08:47 - 2016-08-08 08:47 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon3
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\8pecxstudios
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\Comodo
2016-08-08 08:38 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Local\8pecxstudios
2016-08-08 08:19 - 2016-08-08 08:19 - 00000000 ____D C:\Users\Heza\AppData\Local\Comodo
2016-08-08 08:18 - 2016-08-12 13:39 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-08-08 08:18 - 2016-08-08 09:04 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-08-08 08:18 - 2016-08-08 08:38 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Maxthon App Store
2016-08-08 08:18 - 2016-08-08 08:18 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2016-08-08 08:17 - 2016-08-08 18:57 - 00000000 ____D C:\Program Files (x86)\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 09:04 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Maxthon App Store
2016-08-08 08:17 - 2016-08-08 08:17 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-08-08 08:16 - 2016-08-08 08:48 - 00000000 ____D C:\Program Files\Cyberfox
2016-08-08 08:13 - 2016-08-08 08:14 - 51648752 _____ (8pecxstudios ) C:\Users\Heza\Downloads\Cyberfox-48.0.en-US.win64-x86_64.intel.exe
2016-08-08 08:12 - 2016-08-08 08:12 - 01558792 _____ (Maxthon International ltd.) C:\Users\Heza\Downloads\mxsetup.exe
2016-08-08 08:11 - 2016-08-08 08:11 - 56127856 _____ (Comodo) C:\Users\Heza\Downloads\dragonsetup.exe
2016-08-07 19:05 - 2016-08-08 15:06 - 00000285 _____ C:\Users\AJ\Desktop\Browser Speeds.txt
2016-08-07 18:46 - 2016-08-07 18:46 - 00242192 _____ C:\Users\AJ\Downloads\Firefox Setup Stub 48.0.exe
2016-08-06 20:45 - 2016-08-06 20:45 - 00002333 _____ C:\Users\AJ\Desktop\Vivaldi.lnk
2016-08-06 20:45 - 2016-08-06 20:45 - 00002260 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-08-06 20:44 - 2016-08-06 20:45 - 00000000 ____D C:\Users\AJ\AppData\Local\Vivaldi
2016-08-06 20:44 - 2016-08-06 20:44 - 44326520 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.x64.exe
2016-08-06 20:43 - 2016-08-06 20:44 - 38505080 _____ (Vivaldi Technologies AS) C:\Users\AJ\Downloads\Vivaldi.1.2.490.43 (1).exe
2016-08-06 20:36 - 2016-08-06 20:36 - 03096251 _____ C:\Users\AJ\Downloads\Vivaldi.1.2.490.43.exe
2016-08-06 20:07 - 2016-08-06 20:07 - 00210661 _____ C:\Users\AJ\Downloads\pocket.crx
2016-08-06 16:18 - 2016-08-06 16:18 - 00002356 _____ C:\Users\AJ\Desktop\Epic Privacy Browser.lnk
2016-08-06 16:18 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:18 - 00000000 ____D C:\Users\AJ\AppData\Local\Epic Privacy Browser
2016-08-06 16:17 - 2016-08-06 16:17 - 01832744 _____ (Epic Privacy Browser) C:\Users\AJ\Downloads\EpicSetup.exe
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\Heza\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\Users\AJ\AppData\Local\Slimjet
2016-08-06 16:17 - 2016-08-06 16:17 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
2016-08-06 16:15 - 2016-08-27 10:28 - 00000000 ____D C:\Program Files (x86)\Slimjet
2016-08-06 16:15 - 2016-08-06 16:15 - 00000995 _____ C:\Users\Public\Desktop\FlashPeak Slimjet.lnk
2016-08-06 16:15 - 2016-08-06 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2016-08-06 16:11 - 2016-08-06 16:11 - 00353336 _____ C:\Users\AJ\Downloads\sjtwebsetup_x86.exe
2016-08-05 09:49 - 2016-08-05 09:49 - 00058731 _____ C:\Users\Heza\Downloads\0013A820 (1).PDF
2016-08-05 09:44 - 2016-08-05 09:44 - 00303216 _____ C:\Users\Heza\Downloads\0017D473.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 16:09 - 2012-02-04 02:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-04 16:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-04 16:05 - 2014-04-06 08:22 - 00000000 ___DC C:\Users\AJ\Documents\ESL
2016-09-04 16:02 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-04 16:02 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-04 15:58 - 2009-07-14 01:13 - 00821868 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-04 15:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 15:50 - 2016-03-31 09:40 - 00000785 _____ C:\Users\Heza\Desktop\2.txt
2016-09-04 15:50 - 2014-09-28 07:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000Core.job
2016-09-04 15:50 - 2013-09-02 20:45 - 00000000 ____D C:\AdwCleaner
2016-09-04 15:49 - 2013-10-22 10:39 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003UA.job
2016-09-04 15:32 - 2014-09-28 07:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1000UA.job
2016-09-04 13:57 - 2016-06-29 09:58 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-04 13:15 - 2016-04-08 19:09 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-04 13:13 - 2013-10-22 10:38 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786442370-3606699375-2899197878-1003Core.job
2016-09-02 15:06 - 2014-01-11 17:07 - 00000000 ____D C:\Users\Heza\AppData\Roaming\vlc
2016-09-01 19:20 - 2016-08-01 09:16 - 00000000 ____D C:\Users\Heza\Desktop\Computer
2016-08-31 14:38 - 2014-09-22 10:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-31 10:39 - 2015-10-14 11:48 - 00000000 ____D C:\Users\Heza\Desktop\REviews
2016-08-28 14:05 - 2012-02-04 03:00 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-08-28 14:05 - 2012-02-04 02:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-08-28 10:02 - 2013-07-17 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-28 09:10 - 2014-09-22 10:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-28 08:57 - 2016-08-04 21:03 - 00003122 _____ C:\Windows\System32\Tasks\{323544BA-C4EE-45DC-99E2-9496E8ECD6BF}
2016-08-27 10:15 - 2013-03-04 18:22 - 00112576 _____ C:\Users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-26 18:50 - 2016-07-25 21:49 - 00000000 ____D C:\Users\Heza\Desktop\Jobs
2016-08-26 11:34 - 2013-09-03 09:08 - 00000000 ____D C:\Users\Heza\Documents\My Digital Editions
2016-08-26 11:34 - 2013-02-28 14:59 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Adobe
2016-08-26 11:25 - 2012-02-04 03:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-26 11:13 - 2014-12-10 14:27 - 00000000 ___DC C:\Temp
2016-08-24 19:12 - 2013-02-28 12:38 - 00000000 ____D C:\Users\Heza
2016-08-24 18:34 - 2009-07-14 00:45 - 00438688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-24 13:26 - 2013-03-04 16:01 - 00790044 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-24 12:21 - 2013-02-28 13:50 - 00112576 _____ C:\Users\Heza\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-23 19:53 - 2009-07-13 22:34 - 00000439 _____ C:\Windows\win.ini
2016-08-23 17:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-08-23 11:56 - 2013-02-28 12:42 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C92E29A6-AD31-41C1-9B42-B5CAB1F2F196}
2016-08-23 11:03 - 2012-02-04 02:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-23 11:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-08-23 10:55 - 2012-02-04 02:33 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-08-23 10:54 - 2013-02-28 12:40 - 00000000 ____D C:\Users\Heza\AppData\Roaming\hpqlog
2016-08-23 10:53 - 2014-06-29 14:48 - 00000000 ____D C:\Program Files (x86)\Hp
2016-08-21 14:10 - 2014-09-27 20:09 - 01091280 _____ C:\Users\AJ\Downloads\Hillsdale College Transcript.pdf
2016-08-20 17:08 - 2016-02-17 17:08 - 00000000 ____D C:\Users\Heza\Desktop\Med Re
2016-08-20 16:09 - 2013-12-05 23:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-20 16:09 - 2012-12-13 02:40 - 00000000 ____D C:\Program Files\Intel
2016-08-20 16:08 - 2014-01-11 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-20 10:19 - 2014-08-23 06:53 - 00000000 ____D C:\Users\Heza\Documents\Jobs
2016-08-19 22:10 - 2012-12-13 02:40 - 00000000 ____D C:\ProgramData\Intel
2016-08-19 17:01 - 2013-02-28 16:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-18 21:34 - 2013-03-20 18:45 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Foxit Software
2016-08-18 20:34 - 2016-07-17 17:45 - 00482107 _____ C:\Users\Heza\Downloads\MRS-2910_498959_7.pdf
2016-08-17 13:08 - 2013-03-05 18:30 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 13:04 - 2013-03-10 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 10:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-14 17:15 - 2013-08-14 08:38 - 00001226 __RSH C:\Users\AJ\ntuser.pol
2016-08-14 17:15 - 2013-03-04 18:22 - 00000000 ____D C:\Users\AJ
2016-08-14 17:12 - 2009-07-14 01:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 10:50 - 2013-07-16 08:41 - 00000000 ____D C:\Windows\system32\MRT
2016-08-13 10:37 - 2013-02-28 16:56 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-12 13:19 - 2015-10-14 11:50 - 00000000 ____D C:\Users\Heza\Desktop\CouponsReceipts
2016-08-09 11:56 - 2013-04-22 10:17 - 00000000 ____D C:\Users\Heza\AppData\Roaming\Foxit Software
2016-08-08 19:00 - 2013-08-14 08:38 - 00000632 __RSH C:\Users\Heza\ntuser.pol
2016-08-08 18:57 - 2015-05-14 09:15 - 00000000 ____D C:\Windows\Temp29A68CC6-7A4E-CE36-DAFD-27A8B9593282-Signatures
2016-08-08 18:57 - 2014-01-09 08:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-08 15:03 - 2013-03-06 10:32 - 00003250 _____ C:\Windows\Sandboxie.ini
2016-08-08 10:29 - 2013-06-23 18:06 - 00000000 ____D C:\Users\Heza\AppData\Local\ElevatedDiagnostics
2016-08-07 18:47 - 2015-02-27 21:08 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-07 18:47 - 2015-02-27 21:08 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-07 14:56 - 2014-09-11 14:05 - 00000000 ____D C:\Users\Heza\AppData\Local\Adobe
2016-08-06 20:01 - 2016-02-02 21:10 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-06 19:01 - 2012-02-04 02:50 - 00000000 ____D C:\ProgramData\Skype
2016-08-06 14:16 - 2012-02-04 02:37 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-06 14:16 - 2012-02-04 02:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-06 14:16 - 2012-02-04 02:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-06 13:09 - 2014-11-17 15:25 - 00000000 ____D C:\Users\AJ\Desktop\Medical Insurance
2016-08-05 17:47 - 2014-06-10 14:25 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1385439310
2016-08-05 17:47 - 2013-11-26 00:15 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 09:46 - 2013-09-08 20:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 09:46 - 2013-09-08 20:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-07-21 07:26 - 2014-07-21 07:27 - 18144837 _____ () C:\Users\Heza\AppData\Roaming\Mozilla.zip
2014-07-21 07:25 - 2014-07-21 07:28 - 123174907 _____ () C:\Users\Heza\AppData\Local\Google.zip
2014-06-20 10:29 - 2014-06-20 22:18 - 0000705 _____ () C:\Users\Heza\AppData\Local\install_log.txt
2013-02-28 15:38 - 2014-11-19 14:39 - 0007599 _____ () C:\Users\Heza\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Heza\AppData\Local\Temp\libeay32.dll
C:\Users\Heza\AppData\Local\Temp\msvcr120.dll
C:\Users\Heza\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-28 14:45

==================== End of FRST.txt ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 06 September 2016 - 12:06 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
    ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
    ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
    ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
    ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
    ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-3786442370-3606699375-2899197878-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    BHO: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
    BHO-x32: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

No need to post the log.

 


cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Java 8 Update 73



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 AM

Posted 07 September 2016 - 11:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users